Usefull docs:
Install:
sudo apt-get -y install ipsec xl2tpd
Bash
xl2tpd can be also downloaded here. Compile and install with dependency lib:
sudo apt install libpcap0.8-dev
make && make install
Bash
Create /etc/systemd/system/xl2tpd.service
[Unit]
Description=Level 2 Tunnel Protocol Daemon (L2TP)
After=syslog.target network.target strongswan.service ipsec.service
[Service]
Type=simple
PIDFile=/var/run/xl2tpd/xl2tpd.pid
ExecStartPre=-/bin/mkdir /var/run/xl2tpd/
ExecStartPre=-/usr/bin/touch /var/run/xl2tpd/l2tp-control
ExecStart=/usr/local/sbin/xl2tpd -D
Restart=on-abort
[Install]
WantedBy=multi-user.target
Bash
Append to /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn L2TP-PSK
keyexchange=ikev1
left=%any
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=12.34.56.78
Bash
Append to /etc/ipsec.secrets
: PSK "PreSharedKey"
Bash
Append to /etc/xl2tpd/xl2tpd.conf
[lac ClientName]
lns = 12.34.56.78
local ip = 192.168.0.254
redial = yes
redial timeout = 15
autodial = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.ClientName
length bit = yes
Bash
Create /etc/ppp/options.l2tpd.ClientName
ipparam ClientName
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
logfile /var/log/xl2tpd.log
idle 1800
mtu 1500
mru 1500
nodefaultroute
ipcp-accept-local
ipcp-accept-remote
debug
connect-delay 5000
name ***
password ***
Bash
Append to /etc/dhcp/dhclient.conf
prepend domain-name-servers 192.168.0.1;
prepend domain-name-servers 192.168.0.2;
Bash
Append to /etc/ppp/ip-up
case "$4" in
192.168.0.254)
/sbin/route add -net 192.168.0.0/24 gw 192.168.0.1
;;
*)
esac
Bash
To start and enable on boot:
systemctl restart networking
systemctl daemon-reload
systemctl enable ipsec
systemctl enable xl2tpd
systemctl start ipsec
systemctl start xl2tpd
Bash