-
-
Save coderua/e26a92268a386c701e24388709c4bce9 to your computer and use it in GitHub Desktop.
L2TP VPN client on Linux Debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requirements | |
| # debian/ubuntu | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get -y install strongswan xl2tpd libstrongswan-standard-plugins libstrongswan-extra-plugins | |
| # Setup variables for L2TP connestion | |
| VPN_SERVER_IP='' | |
| VPN_IPSEC_PSK='' | |
| VPN_USER='' | |
| VPN_PASSWORD='' | |
| VPN_CONNETCTION_NAME='VPN1' | |
| cat > /etc/ipsec.conf <<EOF | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev1 | |
| authby=secret | |
| conn $VPN_CONNETCTION_NAME | |
| keyexchange=ikev1 | |
| left=%defaultroute | |
| auto=add | |
| authby=secret | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=$VPN_SERVER_IP | |
| EOF | |
| cat > /etc/ipsec.secrets <<EOF | |
| : PSK "$VPN_IPSEC_PSK" | |
| EOF | |
| chmod 600 /etc/ipsec.secrets | |
| cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
| [lac $VPN_CONNETCTION_NAME] | |
| lns = $VPN_SERVER_IP | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat > /etc/ppp/options.l2tpd.client <<EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-chap | |
| noccp | |
| noauth | |
| mtu 1280 | |
| mru 1280 | |
| noipdefault | |
| defaultroute | |
| usepeerdns | |
| connect-delay 5000 | |
| name $VPN_USER | |
| # Better to use /etc/ppp/chap-secrets file for storing password | |
| #password $VPN_PASSWORD | |
| remotename L2TP | |
| EOF | |
| chmod 600 /etc/ppp/options.l2tpd.client | |
| echo "${VPN_USER} L2TP ${VPN_PASSWORD} *" >> /etc/ppp/chap-secrets | |
| service strongswan restart | |
| service xl2tpd restart | |
| cat > /usr/local/bin/start-vpn <<EOF | |
| #!/bin/bash | |
| (service strongswan start ; | |
| sleep 2 ; | |
| service xl2tpd start) && ( | |
| ipsec up $VPN_CONNETCTION_NAME | |
| echo "c ${VPN_CONNETCTION_NAME}" > /var/run/xl2tpd/l2tp-control | |
| sleep 5 | |
| #ip route add 10.0.0.0/24 dev ppp0 | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/start-vpn | |
| cat > /usr/local/bin/stop-vpn <<EOF | |
| #!/bin/bash | |
| (echo "d ${VPN_CONNETCTION_NAME}" > /var/run/xl2tpd/l2tp-control | |
| ipsec down $VPN_CONNETCTION_NAME) && ( | |
| service xl2tpd stop ; | |
| service strongswan stop) | |
| EOF | |
| chmod +x /usr/local/bin/stop-vpn | |
| # Check configuration | |
| echo "147.75.40.2 ipv4.icanhazip.com" >> /etc/hosts | |
| ip route add -host 147.75.40.2 dev ppp0 | |
| wget -qO- http://ipv4.icanhazip.com; echo | |
| echo "To start VPN type: start-vpn" | |
| echo "To stop VPN type: stop-vpn" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment