{"id":16193,"date":"2022-11-17T05:35:28","date_gmt":"2022-11-17T05:35:28","guid":{"rendered":"https:\/\/theemailshop.co.uk\/?p=16193"},"modified":"2022-11-22T10:26:12","modified_gmt":"2022-11-22T10:26:12","slug":"how-to-configure-l2tp-vpn-on-linux-ubuntu","status":"publish","type":"post","link":"https:\/\/theemailshop.co.uk\/how-to-configure-l2tp-vpn-on-linux-ubuntu\/","title":{"rendered":"How to Configure l2tp VPN on Linux Ubuntu"},"content":{"rendered":"

L2TP is a tunneling protocol that was developed to facilitate connections to virtual private networks (VPNs) via the internet. Its full name is Layer 2 Tunneling Protocol, and its acronym is L2TP. It is included in the majority of current operating systems, if not all of them, including Linux<\/a> <\/strong>and devices that can connect to VPNs.\u00a0<\/span><\/p>\n

L2TP does not offer any authentication or encryption procedures directly to the traffic that flows through it. Most of the time, encryption for the L2TP tunnel is provided by using L2TP with the IPsec authentication suite (L2TP\/IPsec).<\/span><\/p>\n

In this post, we’ll show you how to set up Ubuntu, Ubuntu’s forks, and Fedora Linux so that they can connect to an L2TP\/IPSec virtual private network.<\/span><\/p>\n

This article will assume that the L2TP\/IPsec VPN server has already been set up and that the system administrator at your company or organization has given you the following VPN connection information.\u00a0<\/span><\/p>\n

Keep in mind that the L2TP VPN we’re configuring here is far more secure than the PPTP VPN server. OpenVPN is an alternate VPN protocol to L2TP, but it needs the user to install OpenVPN client software on their end device.<\/span><\/p>\n

However, L2TP VPNs have native compatibility across a wider range of platforms, including desktop and mobile versions of Windows, macOS, Ubuntu, RHEL, and CentOS (iOS [iPhones, iPads], Android, and Windows Phone).<\/span><\/p>\n

Since Precise, Ubuntu no longer includes built-in support for L2TP over IPSec. Fortunately, network-manager-l2tp provides a fix for this. To avoid eavesdropping, an IPsec VPN encrypts all data sent between your device and the VPN server.<\/span><\/p>\n

If you often use public Wi-Fi hotspots, such as those found in airports, coffee shops, hotel rooms, etc., you should consider setting up anything like this:<\/strong><\/p>\n

    \n
  1. On your device running Debian, go to the Terminal application and log in using the root user. If you are not already logged in as the root user, run the following command and enter the root password.\u00a0<\/span><\/li>\n<\/ol>\n

    Sudo-S<\/i><\/strong><\/p>\n

    \"\"<\/p>\n

      \n
    1. Simply execute the following command and then hit the Enter key to begin the installation of the required packages.\u00a0<\/span><\/li>\n<\/ol>\n

      apt-get -y install xl2tpd<\/strong><\/p>\n

      \"\"<\/p>\n

        \n
      1. In order to set up StrongSwan, an open-source IPSec-based VPN solution for Linux, type the following command into the terminal. To begin, press the Enter key.<\/span><\/li>\n<\/ol>\n

        apt-get -y install strongswan<\/strong><\/p>\n

        \"\"<\/p>\n

          \n
        1. Use the appropriate editor to make changes to the file \/etc\/ipsec.conf.\u00a0<\/span><\/li>\n<\/ol>\n

          Vim was the text editor that was used for this (for more information, see https:\/\/help.ubuntu.com\/community\/VimHowto). You may save yourself some trouble by using the Nano tool instead (https:\/\/help.ubuntu.com\/community\/Nano), which is available to you if you so want. Simply run the following command into vim and hit the Enter key to begin editing.\u00a0<\/span><\/p>\n

          vim \/etc\/ipsec.conf<\/strong><\/span><\/p>\n

          \"\"<\/p>\n

            \n
          1. In order to proceed with this step, you will also need to be familiar with the default gateway that the Ubuntu computer uses. To locate that information, open a new terminal window and put the term “route” into it.<\/span><\/li>\n<\/ol>\n

            Route<\/strong><\/p>\n

            \u00a0Find a passage that says anything along these lines:\u00a0<\/span><\/p>\n

            default \u00a0 \u00a0 10.63.3.254 \u00a0 \u00a0 0.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 UG\u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 0 eth0\u00a0<\/span><\/p>\n

            The default gateway is located in the second column, while interface information may be found in the last column.\u00a0<\/span><\/p>\n

            In addition to this, you may use the ip command:\u00a0<\/span><\/p>\n

            ip route<\/strong><\/p>\n

            which will give you something like\u00a0<\/span><\/p>\n

            default via 10.63.3.254 dev eth0<\/span><\/p>\n

            After you have determined which network interface is the machine’s default gateway, open the \/etc\/ipsec.conf configuration file in Vim or Nano in one of the other terminal windows, and then enter the appropriate information.\u00a0<\/span><\/p>\n

            You May Also Like To Read: <\/strong>How to Find the Best Linux Hosting? A Comprehensive Guide to the Journey<\/a><\/strong><\/p>\n

            vim \/etc\/ipsec.conf contents:<\/strong><\/p>\n

            configure setup\u00a0<\/span><\/i><\/p>\n

            conn L1TP-PSK\u00a0<\/span><\/i><\/p>\n

            authb=secret\u00a0<\/span><\/i><\/p>\n

            auto=ad\u00a0<\/span><\/i><\/p>\n

            keyingtriesy=2\u00a0<\/span><\/i><\/p>\n

            dpddelay=35\u00a0<\/span><\/i><\/p>\n

            dpdtimeouty=122\u00a0<\/span><\/i><\/p>\n

            dpdactional=clearer\u00a0<\/span><\/i><\/p>\n

            rekeyies=yes\u00a0<\/span><\/i><\/p>\n

            ikelifetimy=8h\u00a0<\/span><\/i><\/p>\n

            keylifr=1h<\/span><\/i><\/p>\n

            type = transportation<\/span><\/i><\/p>\n

            \u00a0# Replace IP address with your current default gateway IP\u00a0<\/span><\/i><\/p>\n

            left= <IP ADDRESS GATEWAY>\u00a0<\/span><\/i><\/p>\n

            leftprotoport=17\/1703\u00a0<\/span><\/i><\/p>\n

            # Replace IP address with your VPN server’s IP\u00a0<\/span><\/i><\/p>\n

            right=< SERVER VPN\u00a0 ADDRESS>\u00a0<\/span><\/i><\/p>\n

            rightprotoport=17\/1701<\/span><\/i><\/p>\n

            \"\"<\/p>\n

              \n
            1. Type vim \/ipsec.secrets for the\u00a0 modification of ipsec secrets.
              \n\"\"
              \n<\/span><\/li>\n
            2. Replace the first IP with your own, the second with that of your VPN server, and the which was before key between the quotes with the one that applies to your network (shown in the customer area). Gaco here for additional information):<\/span><\/li>\n<\/ol>\n

              < SERVER VPN\u00a0 ADDRESS > <ADDRSS SERVER> : PSK <PER=SHARED KEYS> obtained from Client Area.<\/span><\/p>\n

              \"\"<\/p>\n

                \n
              1. Modify \/etc\/xl2t\/xl2t.configure as follows:<\/span>
                \n\"\"
                \n<\/span><\/li>\n
              2. After clearing off the contents of configuration file, add the lines below.\u00a0<\/span><\/li>\n<\/ol>\n

                [lac strong-vpn]\u00a0<\/span><\/i><\/p>\n

                lns = <VPN IP\u00a0 SERVER ADDRESS>\u00a0<\/span><\/i><\/p>\n

                ppp debuging = yes\u00a0<\/span><\/i><\/p>\n

                pppoptfile = \/etc\/ppp\/options.l2tpd.client\u00a0<\/span><\/i><\/p>\n

                length bit = yes<\/span><\/i><\/p>\n

                \"\"<\/p>\n

                  \n
                1. Replace the VPN password and the username in the following code when creating \/etc\/ppp\/options.l2tpd.client:
                  \n\"\"
                  \n<\/span><\/li>\n
                2. The below lines should be added to \/etc\/ppp\/options.l2tpd.client file, it will be a new file. ipc-accept-localization\u00a0<\/span><\/li>\n<\/ol>\n

                  Ipcp-accepted-remot<\/span><\/i><\/p>\n

                  efuse-eap\u00a0<\/span><\/i><\/p>\n

                  require-mschaption-v2\u00a0<\/span><\/i><\/p>\n

                  idle 1801\u00a0<\/span><\/i><\/p>\n

                  mtu 1415<\/span><\/i><\/p>\n

                  mru 1416\u00a0<\/span><\/i><\/p>\n

                  defaulting replace defaultation troute\u00a0<\/span><\/i><\/p>\n

                  use peer dnsation\u00a0<\/span><\/i><\/p>\n

                  debuging\u00a0<\/span><\/i><\/p>\n

                  locking\u00a0<\/span><\/i><\/p>\n

                  connect-delay 5012\u00a0<\/span><\/i><\/p>\n

                  name <USER NAME>\u00a0<\/span><\/i><\/p>\n

                  password <TYPE PASSWORD><\/span><\/i><\/p>\n

                  \"\"<\/p>\n

                  For Discount and Offers, Visit our Official\u00a0Twitter<\/a>\u00a0<\/strong>Page<\/p>\n","protected":false},"excerpt":{"rendered":"

                  L2TP is a tunneling protocol that was developed to facilitate connections to virtual private networks (VPNs) via the internet. Its full name is Layer 2 Tunneling Protocol, and its acronym is L2TP. It is included in the majority of current operating systems, if not all of them, including Linux and devices that can connect to […]<\/p>\n","protected":false},"author":14,"featured_media":16240,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1280,1151],"tags":[2937,2935,2936,2939,2938],"class_list":["post-16193","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-linux-hosting","tag-fedora-linux","tag-l2tp","tag-linux-ubuntu","tag-ubuntu","tag-ubuntus-forks"],"_links":{"self":[{"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/posts\/16193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/comments?post=16193"}],"version-history":[{"count":8,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/posts\/16193\/revisions"}],"predecessor-version":[{"id":16376,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/posts\/16193\/revisions\/16376"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/media\/16240"}],"wp:attachment":[{"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/media?parent=16193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/categories?post=16193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/theemailshop.co.uk\/wp-json\/wp\/v2\/tags?post=16193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}