Set up an IPSEC/L2TP VPN on Ubuntu 13.04 or 13.10 with OpenSwan, xl2tpd and ppp

[Raymii]

This is a guide on setting up an IPSEC/L2TP vpn server with Ubuntu 13.10 or 13.04 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp or local users / PAM for authentication. It has a detailed explanation with every step. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPNs.

This tutorial is available for the following platforms:

• Ubuntu 13.10
  
• Ubuntu 13.04
• Ubuntu 12.10
• Ubuntu 12.04 LTS
• CentOS 6, Scientific Linux 6 or Red Hat Enterprise Linux 6

This tutorial is tested on a VPS from InceptionHosting.com. They provide excellent VPS servers! If you buy a VPS via this link, you help support me!

IPSec encrypts your IP packets to provide encryption and authentication, so no one can decrypt or forge data between your clients and your server. L2TP provides a tunnel to send data. It does not provide encryption and authentication though, that is why we need to use it together with IPSec.

To work trough this tutorial you should have:

• 1 ubuntu 13.10 or 13.04 server with at least 1 public IP address and root access
• 1 (or more) clients running an OS that support IPsec/L2tp vpns (Ubuntu, Mac OS, Windows, Android).
• Ports 1701 TCP, 4500 UDP and 500 UDP opened in the firewall.

If you are not running Ubuntu you might have to compile the packages manually because openswan and xl2tpd in the older repositories seem to have critical bugs which make this all fail.

I do all the steps as the root user. You should do to, but only via * -i* or * su -*. Do not allow root to login via SSH!

Read on for Ubuntu 13.10
Read on for Ubuntu 13.04

 

[fahad]

Your Blog is nice but i think you should add Comment Box there. And obviously there is something not present as i couldn't get the tut useful........ something is wrong or i am wrong.

 

[Raymii]

Your Blog is nice but i think you should add Comment Box there. And obviously there is something not present as i couldn't get the tut useful........ something is wrong or i am wrong.

I don;t understand half of your comment. About the comment box, been there, done that. Disquss started serving ads on my website which I don't want, the other JS Comment thingies management panel is just awfull..

 

[zim]

nice tutorial

 

[CSRedRat]

Use https://launchpad.net/~seriy-pr/+archive/network-manager-l2tp

 

sudo apt-add-repository ppa:seriy-pr/network-manager-l2tp

sudo apt-get update

sudo apt-get install network-manager-l2tp-gnome

 

sudo service xl2tpd stop

sudo update-rc.d xl2tpd disable

 

[Raymii]

Use https://launchpad.net/~seriy-pr/+archive/network-manager-l2tp

 

sudo apt-add-repository ppa:seriy-pr/network-manager-l2tp

sudo apt-get update

sudo apt-get install network-manager-l2tp-gnome

 

sudo service xl2tpd stop

sudo update-rc.d xl2tpd disable

That won't work on a VPS with no desktop environment installed. It seems from the screenshots you need GNOME/Unity for that plugin.