bsiegel/meraki_strongswan_notes.md

## meraki_strongswan_notes.md

      
    Raw
  

              meraki_strongswan_notes.md
            
          
    These are my notes for connecting to a meraki client vpn from ubuntu 16.04. This configuration assumes you are using a psk for the ipsec auth.
Install the following packages:
apt-get install -y strongswan xl2tpd

Configure strong swan
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=secret
        ike=aes128-sha1-modp1024,3des-sha1-modp1024!
        esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn meraki-vpn
     keyexchange=ikev1
     left=%defaultroute
     auto=add
     authby=secret
     type=transport
     leftprotoport=17/1701
     rightprotoport=17/1701
     # set this to the ip address of your meraki vpn  
     right=XXX.XXX.XXX.XXX
EOF

cat > /etc/ipsec.secrets <<EOF
: PSK "YOUR_PSK_GOES_HERE"
EOF


Configure xl2tp:
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac meraki]
lns = XXX.XXX.XXX.XXX
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF

cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name YOUR_MERAKI_USER_NAME
password YOUR_MERAKI_PASSWORD
EOF

mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control

Restart your services:
service strongswan restart
service xl2tpd restart

Create up/down scripts:
cat > /usr/bin/md_vpn_up <<EOF
ipsec up meraki-vpn
echo "c meraki" > /var/run/xl2tpd/l2tp-control
ip route add 10.0.1.0/24 dev ppp0
ip route add 172.16.1.0/24 dev ppp0
ip route add 172.21.0.0/16 dev ppp0
ip route add 172.22.0.0/16 dev ppp0
ip route add 172.23.0.0/16 dev ppp0
ip route add 172.24.0.0/16 dev ppp0
ip route add 172.25.0.0/16 dev ppp0
EOF

cat > /usr/bin/md_vpn_down <<EOF
echo "d meraki" > /var/run/xl2tpd/l2tp-control
ipsec down meraki-vpn
EOF

chmod 755 /usr/bin/md_vpn_up
chmod 755 /usr/bin/md_vpn_down

To connect:
/usr/bin/md_vpn_up

To disconnect:
/usr/bin/md_vpn_down