iGFW

This article covers installation steps to setup Linux machine as a client to connect to L2TP servers.

I used Debian Squeeze/sid, it should work on Ubuntu too. Other distributions weren’t tested (nor will be in some near future).

0. Prerequisites
Find out your machine’s IP address and network interface used for internet connectivity – you may do that using ifconfig command.
Find out your default gateway (using ‘ip ro’ command)
Get your VPN server’s IP address (using ‘host’ or ‘ping’ or whatever you like).
Login as root to your system.

1. Install necessary packages.

apt-get -y install openswan xl2tpd

2. Modify /etc/ipsec.conf It should look as follows:
config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nat_traversal=yes
protostack=netkey
oe=no
# Replace wlan0 with your network interface
plutoopts=”–interface=wlan0″
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
# Replace IP address with your local IP
left=172.16.17.3
leftnexthop=%defaultroute
leftprotoport=17/1701
# Replace IP address with your VPN server’s IP
right=68.68.32.79
rightprotoport=17/1701

3. Modify /etc/ipsec.secrets – you need to add there one line replacing 1st IP with your local IP, 2nd – with your VPN server’s IP and using appropriate pre-shared key between quotes (listed in customer area):
172.16.17.3 68.68.32.79 : PSK “your_pre_shared_key”

4. Modify /etc/xl2tpd/xl2tpd.conf It should look as follows (you may replace vpn-sf14 with any other identifier):
[lac vpn-sf14]
lns = 68.68.32.79
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

5. Create /etc/ppp/options.l2tpd.client with following contents replacing your VPN username and password:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
replacedefaultroute
usepeerdns
debug
lock
connect-delay 5000
name your_vpn_username
password your_password

6. Create a route to VPN server IP via your current default gateway (or ppp device if applicable).
Example:
ip ro ad 68.68.32.79 via 172.16.17.30

7. Restart openswan and xl2tpd:
invoke-rc.d ipsec restart
invoke-rc.d xl2tpd restart

You are now ready to start using VPN.

Startup sequence:
ipsec auto –up L2TP-PSK
echo “c vpn-sf14” > /var/run/xl2tpd/l2tp-control

Shutdown sequence:
echo “d vpn-sf14” > /var/run/xl2tpd/l2tp-control
ipsec auto –down L2TP-PSK

Note that ‘vpn-sf14’ and ‘L2TP-PSK’ are identifiers used in appropriate config files.

If you wish to start VPN with the system boot, you will need to place startup commands in /etc/rc.local

Following versions were used:
kernel 2.6.32-5
openswan 1:2.6.28+dfsg-1
xl2tpd 1.2.7+dfsg-1

http://strongvpn.com/forum/viewtopic.php?pid=1844提供的Ubuntu使用L2TP VPN的方法，貌似很复杂啦，不知道有没有人知道Ubuntu上图形化的L2TP VPN连接工具。

国外服务商的VPN价格都比较贵了，一般一年都要60美元以上，不知道大家都是用的哪家的付费VPN，有没有好的推荐呢？