How to connect L2TPVPN on Ubuntu11.10

We need to continue the project development at home, but the GitLab is only accessible on campus. what's even worse is that the SSLVPN set up by the school does not support Linux, so we can remember the L2TPVPN set up by the school, we should be able to support Linux, so we can get a glimpse of Google Baidu. However, we found that these articles were either very cumbersome or not accessible. So we wrote this blog post to facilitate future search, second, it can also provide convenience for the brothers who need it. 1. Installing XL2TPD is simple, at least on Ubuntu

We need to continue project development at home, but the GitLab we set up can only be accessed within the school. what's even worse is that the ssl vpn set up by the school does not support Linux, so we can remember the L2TP VPN set up before the school, we should be able to support Linux, so we can get a glimpse of Google Baidu. However, we found that these articles were either very cumbersome or not accessible. So we wrote this blog post to facilitate future search, second, it can also provide convenience for the brothers who need it.

1. Install XL2TPD

Installing xl2tpd is simple, at least on Ubuntu:

Sudo apt-get install xl2tpd 2. Configure XL2TPD

To configure xl2tpd, You need to modify its configuration file (/etc/xl2tpd/xl2tpd. conf) as follows:

Sudo vi/etc/xl2tpd/xl2tpd. conf [global] port = 1701 access control = no [lac testvpn] lns = x. x. x. x; your VPN Server IP address or domain name redial = yes redial timeout = 15 max redials = 5 require chap = yes refuse pap = yes require authentication = yes name = name@your.org pppoptfile =/etc/ppp/ options. l2tpd. testvpn ppp debug = no. The key configurations are as follows:

Row 05: [lac testvpn] sets the name of the VPN connection to testvpn. You can change it to any name you want.
Row 06: Fill in the lns content with the IP address or domain name of your VPN Server
Row 10: The chap handshake authentication protocol is required.
Line 13: enter your username for the name content
The pppoptfile content is the option file name to be generated next. the creation process is as follows:
Sudo vi/etc/ppp/options. l2tpd. testvpn asyncmap 0 noauth crtscts lock hide-password modem netmask 255.255.255.0 proxyarp lcp-echo-interval 30 lcp-echo-failure 4 ipcp-accept-local ipcp-accept-remote noipx and then configure the username and password required for chap authentication:

Sudo vi/etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses name@your.org * mypassword * Where the name@your.org is the user name, it is the same as xl2tp. the content in the name statement in the conf configuration file is consistent, and mypassword is the password used by the user. In this way, xl2tpd is configured.

3. Connect to the VPN

After xl2tpd is configured, restart the service to make it take effect:

Sudo/etc/init. d/xl2tpd restart and use the following command to connect to the VPN:

Sudo-u root-H sh-c "echo 'C wzuvp'>/var/run/xl2tpd/l2tp-control" 4. Next work:

After the above command is used, there is no prompt whether the connection is successful. to check whether the connection is successful, you need to use the following command to check:

Ifconfig... ppp0 Link encap: Point-to-Point Protocol inet address: 10.63.1.2 point-to-point: 10.63.1.1 mask: 255.255.255.255 up pointopoint running noarp multicast mtu: 1500 hops: 1 receive packets: 4 error: 0 discard: 0 overload: 0 frames: 0 sent packets: 5 error: 0 discarded: 0 overload: 0 carrier: 0 collision: 0 sending queue length: 3 received Bytes: 40 (40.0 B) sent Bytes: 61 (61.0 B) as shown below. If ppp0 is displayed after the ifconfig command is run, the VPN connection is successful, otherwise, check whether xl2tpd is started properly (this often appears after the machine is restarted ).

After the VPN connection is successful, it does not work normally. It still lacks two key contents: one is the route to the Intranet, and the other is the resolution of the internal server of the Intranet. For example, my school server uses the network segment 192.168.0.0/255.255.128.0, while the Intranet Address Allocation uses the entire 10 network segment. Therefore, I set the route segment in my house to 192.168.254.0/24, this avoids access to the home network conflict:

Sudo route add-net 192.168.0.0 netmask 255.255.128.0 dev ppp0 sudo route add-net 10.0.0.0 netmask 255.0.0.0 dev ppp0 the preceding two statements indicate that ppp0 is used to access Intranet and Intranet servers, in this way, you can view the routes on the machine as follows:

Route kernel IP route table destination gateway subnet mask flag hop reference using interface default dir-605 0.0.0.0 UG 0 0 0 eth0 10.0.0.0*255.0.0.0 U 0 0 0 ppp0 10.63.1.1 * route 255.255.255 UH 0 0 0 ppp0 link-local * Route route 255.0.0 U 1000 0 0 eth0 192.168.0.0*255.255.128.0 U 0 0 0 ppp0 192.168.254.0*255.255.255.0 U 1 0 0 eth0 note that the interface is a route of ppp0, do not use the following statements as in some articles:

Sudo route del default sudo route add-net 0.0.0.0 netmask 0.0.0.0 dev ppp0 imagine that if Line 01 is executed, the default route is deleted, and the VPN connection cannot continue.

How can I resolve the Intranet server? If you only need to access several addresses, you can directly resolve them in the/etc/hosts file. If you need to access many addresses, you can modify/etc/resolv. in the conf file, add a new Intranet DNS server to the top.

5. Disconnect the VPN connection

To disconnect a VPN connection, use the following statement:

Sudo-u root-H sh-c "echo 'd wzuvpn '>/var/run/xl2tpd/l2tp-control" so the connection configuration of the entire L2TP VPN is complete.

Of course, it is best to use the script to complete the above operations. because there are only a few statements, you will be too lazy to write them. When will it become more diligent or lazy? May you write it out and update it later! Of course, it would be perfect if a brother could not read it and helped me write it. Smile!

If some services cannot be connected, modify/etc/ppp/options. l2tpd. the testvpn file is solved by adding mtu 1400 (of course, the value of 1400 is conservative. If you need precise size, you can calculate the exact value by analyzing the package of the service, the complexity is not described in detail here.