Home > Cloud Computing > Cloud Applications

How to configure L2TPVPN in Ubuntu

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Previously published an article on how to set up pptp vpn service under Ubuntu (see http://www.linuxidc.com/Linux/2014-07/104193.htm), but in some cases, PPTP will be affected and cannot be used normally, another option is to use an L2TP/IPSec VPN. Ubuntu OpenVPN client configuration tutorial http://www.linuxidc.com/L

Previously published an article on how to set up pptp vpn service under Ubuntu (see http://www.linuxidc.com/Linux/2014-07/104193.htm), but in some cases, PPTP will be affected and cannot be used normally, another option is to use an L2TP/IPSec VPN.

Ubuntu OpenVPN client configuration tutorial http://www.linuxidc.com/Linux/2013-06/86562.htm

Build OpenVPN http://www.linuxidc.com/Linux/2012-11/74790.htm in Ubuntu 10.04

Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot simultaneously access the internal and external network problems http://www.linuxidc.com/Linux/2013-07/86899.htm

How to build a secure remote network architecture http://www.linuxidc.com/Linux/2013-11/92646.htm with OpenVPN in Linux

Install software package
  1. Sudo apt-get install xl2tpd openswan ppp
IPSec/Openswan

Open the/etc/ipsec. conf file and configure it as follows:

  1. Config setup
  2. Nat_traversal = yes
  3. Virtual_private = % v4: 10.0.0.0/8, % v4: 192.168.0.0/16, % v4: 172.16.0.0/12, % v4 :! 10.152.2.0/24
  4. # The network address here can be configured as the subnet of the remote client. In other words,
    # These address ranges should be the addresses of the clients behind your NAT router.
  5. Oe = off
  6. Protostack = netkey
  7. Conn L2TP-PSK-NAT
  8. Rightsubnet = vhost: % priv
  9. Also = L2TP-PSK-noNAT
  10. Conn L2TP-PSK-noNAT
  11. Authby = secret
  12. Pfs = no
  13. Auto = add
  14. Keyingtries = 3
  15. Rekey = no
  16. # Apple iOS does not send a delete reminder,
    # So we need to identify the disconnected client through the dead peer Detection
  17. Dpddelay = 30
  18. Dpdtimeout = 120
  19. Dpdaction = clear
  20. # Set ikelifetime and keylife to be consistent with the default settings for Windows
  21. Ikelifetime = 8 h
  22. Keylife = 1 h
  23. Type = transport
  24. # Replace the IP address with your local IP address (generally, private address or NAT address)
  25. Left = x. x
  26. # Windows 2000/XP client used for upgrade
  27. Leftprotoport = 17/1701
  28. # To support old clients, set leftprotoport = 17/% any
    Right = % any
  29. Rightprotoport = 17/% any
  30. # Force all connections to be NAT, because iOS
  31. Forceencaps = yes

Note that in your ipsec. conf file, "config setup" and "L2TP-PSK-NAT", "L2TP-PSK-NAT" should be written with the line header, while other lines should be indented with 8 spaces.

Open/etc/ipsec. secrets and configure:

  1. X. x % any: PSK "somegoodpassword"

Here, x. x is replaced with the IP address of your server and a complicated password is set.

Start the IPSEC service:

  1. /Etc/init. d/ipsec start

Run the following command to check whether ipsec works properly:

  1. Sudo ipsec verify

There should be no errors:

  1. Checking your system to see ifIPsec got installed and started correctly:
  2. Version check and ipsec on-path [OK]
  3. LinuxOpenswan U2.6.28/K2.6.32-32-generic-pae (netkey)
  4. CheckingforIPsec support in kernel [OK]
  5. NETKEY detected, testing for disabled ICMP send_redirects [OK]
  6. NETKEY detected, testing for disabled ICMP accept_redirects [OK]
  7. Checking that pluto is running [OK]
  8. Pluto listening for IKE on udp 500 [OK]
  9. Pluto listening for NAT-T on udp 4500 [OK]
  10. Checkingfor 'IP' command [OK]
  11. Checkingfor 'iptable' command [OK]
  12. OpportunisticEncryptionSupport [DISABLED]

Create a file named ipsec. vpn under/etc/init. d with the following content:

  1. Case "$1" in
  2. Start)
  3. Echo "Starting my Ipsec VPN"
  4. Iptables-t nat-a postrouting-o eth0-s 10.152.2.0/24-j MASQUERADE
  5. Echo 1>/proc/sys/net/ipv4/ip_forward
  6. For each in/proc/sys/net/ipv4/conf /*
  7. Do
  8. Echo 0> $ each/accept_redirects
  9. Echo 0> $ each/send_redirects
  10. Done
  11. /Etc/init. d/ipsec start
  12. /Etc/init. d/xl2tpd start
  13. ;;
  14. Stop)
  15. Echo "Stopping my Ipsec VPN"
  16. Iptables -- table nat -- flush
  17. Echo 0>/proc/sys/net/ipv4/ip_forward
  18. /Etc/init. d/ipsec stop
  19. /Etc/init. d/xl2tpd stop
  20. ;;
  21. Restart)
  22. Echo "Restarting my Ipsec VPN"
  23. Iptables-t nat-a postrouting-o eth0-s 10.152.2.0/24-j MASQUERADE
  24. Echo 1>/proc/sys/net/ipv4/ip_forward
  25. For each in/proc/sys/net/ipv4/conf /*
  26. Do
  27. Echo 0> $ each/accept_redirects
  28. Echo 0> $ each/send_redirects
  29. Done
  30. /Etc/init. d/ipsec restart
  31. /Etc/init. d/xl2tpd restart
  32. ;;
  33. *)
  34. Echo "Usage:/etc/init. d/ipsec. vpn {start | stop | restart }"
  35. Exit 1
  36. ;;
  37. Esac

This will configure firewall forwarding. Remember to modify the local IP address pool 10.152.2.0/24 of the above file for your own.

Set the executable permission for this file:

  1. Sudo chmod 755 ipsec. vpn

Disable the running of the default ipsec service script:

  1. Sudo update-rc.d-f ipsec remove

Then, enable the custom one:

  1. Sudo update-rc.d ipsec. vpn defaults

 

For more details, refer to the highlights on the next page.: Http://www.linuxidc.com/Linux/2014-07/104263p2.htm

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to configure mysql in ubuntu how to configure ssh in ubuntu how to configure company email in outlook how to configure mail in iphone how to configure putty in windows how to configure netmeeting in windows 7 how to configure apache in linux
Related Article
Ingenious, Webapi httpbasicauthorize the practice of building...
Agent simplifies integration between cloud applications and e...
Enable cross-Cloud applications-DNS-based load balancing
10 cloud applications recommended for web designers and devel...
The best practices for iOS network programming and cloud appl...
Enable dazzling 3D desktop effects (group chart) in Fedora8)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More