Server

Installation

apt-get install  xl2tpd ppp openswan

Openswan

cat /etc/ipsec.conf
version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey
conn l2tp
   authby=secret
   pfs=no
   auto=add
   type=transport
   left=XXX.XXX.XXX.XXX
   leftprotoport=17/1701
   right=%any
   rightprotoport=17/%any

cat /etc/ipsec.secrets 
XXX.XXX.XXX.XXX  %any : PSK "1234"

XL2TP

cat /etc/xl2tpd/xl2tpd.conf 

[global]
ipsec saref = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

PPP

cat /etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 192.168.240.21
ms-dns 192.168.240.22
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

cat /etc/ppp/chap-secrets 

xinux        l2tpd       "geheimes-passwort"	       *
l2tpd        xinux	  "geheimes-passwort"	       *

Client

Installation

apt-get install  xl2tpd ppp openswan

ipsec

cat /etc/ipsec.conf
version	2.0	# conforms to second version of ipsec.conf specification
config setup

dumpdir=/var/run/pluto/ protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off

conn  yourconn

authby=secret

      pfs=no
      auto=add
      keyingtries=3
      dpddelay=30
      dpdtimeout=120
      dpdaction=clear
      rekey=yes
      ikelifetime=8h
      keylife=1h
      type=transport
      left=%defaultroute
      leftprotoport=17/1701
      right=yourhost.com
      rightprotoport=17/1701

Start Script

#!/bin/bash
 case $1 in
start)
 /etc/init.d/ipsec restart
 sleep 1
 ipsec auto --up nagus
 sleep 1
 /etc/init.d/xl2tpd start
 sleep 1
 echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
 sleep 5
 ip route add 192.168.240.0/21 via 172.28.6.1
;;
stop)
 ip route del 192.168.240.0/21
 echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control
 /etc/init.d/xl2tpd stop
 ipsec auto --down nagus
 /etc/init.d/ipsec stop
;;
esac

Quellen:

• http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu
• http://pleasefeedthegeek.wordpress.com/2012/04/21/l2tp-ubuntu-server-setup-for-ios-clients/
• http://www.jacco2.dds.nl/networking/linux-l2tp.html
• https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup