Fully Automated IPsec/L2TP VPN Setup with Libreswan


New Member
Hello guys, I have created a fully automated ("one-click") IPsec/L2TP VPN install script for Ubuntu 12.04. My script was inspired by and is based on the work of Thomas Sarlandie (original post), that I took time to improve by replacing Openswan with Libreswan, which is more actively developed with recent bug fixes. I also corrected a few errors in his script, added sysctl.conf and basic IPTables rules.

This script is designed for use as Amazon EC2 "user-data" when launching an instance. The fact that it can be run purely from user-data makes it ideal for use on low-priced "spot instances". With minor modifications, the script can also be used on KVM- or XEN-based VPS from other providers.

Main features:

  • Fully automated IPsec/L2TP VPN install with no user interaction required
  • Encapsulates all VPN traffic in UDP - no ESP protocol support is needed
  • Can be directly used as the "user-data" when launching an Amazon EC2 instance
  • Can be used in both EC2 Classic and VPC, with on-demand OR spot instances
  • Automatically obtains public and private IP info from instance metadata
  • Includes a basic IPTables firewall as well as sysctl.conf settings
  • Tested on both Ubuntu 12.04 LTS 32-bit and 64-bit
Link to the script:     
Detailed instructions can also be found at my blog article here.

Instructions for use in Amazon EC2:

  1. Browse to my script at the link above.
  2. Click on the "< >" sign on top-right corner that says "View Raw". Ctrl-A to select all, Ctrl-C to copy. Then paste into your favorite editor. From there, be sure to replace the three variables "IPSEC_PSK", "VPN_USER" and "VPN_PASSWORD" with your own values.
  3. Launch an Amazon EC2 Ubuntu 12.04 instance (on-demand OR spot). Copy and paste the customized script into the "User data" field under "Advanced Details" in Step 3 (reference).
  4. Proceed to configure other details. When setting up the EC2 security group for your instance, remember to allow inbound UDP ports 500 and 4500 for the VPN, and TCP port 22 for SSH. Other ports are not required.
  5. Wait a few minutes after the instance finishes launching, and your fully configured IPsec/L2TP VPN server will be ready for you!
Instructions for use on other VPS (KVM- or XEN-based):

  1. Make sure to prepare your VPS with a fresh install of Ubuntu 12.04 LTS server.
  2. Save the script as "" on your VPS. Edit it in your favorite editor. From there, change the first line to "#!/bin/bash", replace the three variables "IPSEC_PSK", "VPN_USER" and "VPN_PASSWORD" as mentioned above, and change "PRIVATE_IP=..." and "PUBLIC_IP=..." to the actual IP addresses of your VPS. In case your VPS is run on its public IP directly with no private IP, just use that public IP for both.
  3. Save and exit the editor. Finally, run "bash" to install.
Use of the script on OpenVZ VPS is NOT recommended, as kernel support for IPsec may not be available on your host node. In addition, the IPTables rules in the script could give errors due to missing kernel modules.

Feel free to reply with your comments or suggestions.

Disclaimer: Although the script has been tested, there is NO guarantee and use at your own risk!
Last edited by a moderator:


New Member
Just want to make a correction to my previous post regarding IPsec/L2TP VPN behind NAT and Windows users. Someone reminded me yesterday that different registry changes are needed for XP users, and for those running later versions.

For XP users, see:     
For Vista, 7, and Server 2008 users, see:      
Alternatively, see this article for combined instructions (scroll down to end of page).
Last edited by a moderator: