Skip to content

Instantly share code, notes, and snippets.

@crossi202

crossi202/VPN Configuration at Interoute.md

Last active January 24, 2016 10:13
Show Gist options
  • Save crossi202/efe0c86acc86f493c301 to your computer and use it in GitHub Desktop.
Save crossi202/efe0c86acc86f493c301 to your computer and use it in GitHub Desktop.
Download ZIP
VPN Configuration at Interoute
Raw
VPN Configuration at Interoute.md

VPN (L2TP/IPsec) configuration at Interoute

Server side

To enable the VPN server at Interoute, the steps are described at:

http://cloudstore.interoute.com/main/knowledge-centre/library/how-enable-software-vpn-connection-vm

Note. The authentication is performed through a Pre-Shared Key (PSK).

Client side (Linux)

Installation

TODO

IPsec configuration file

/etc/ipsec.d/interoute.conf

conn L2TP-PSK-CLIENT
        #
        # ----------------------------------------------------------
        # Use a Preshared Key. Disable Perfect Forward Secrecy.
        # Initiate rekeying.
        # Connection type _must_ be Transport Mode.
        #
        authby=secret
        pfs=no
        rekey=yes
        keyingtries=3
        type=transport
        #
        # ----------------------------------------------------------
        # The local Linux machine that connects as a client.
        #
        # The external network interface is used to connect to the server.
        # If you want to use a different interface or if there is no
        # defaultroute, you can use:   left=your.ip.addr.ess
        left=%defaultroute
        #
        leftprotoport=17/1701
        #
        # ----------------------------------------------------------
        # The remote server.
        #
        # Connect to the server at this IP address.
        right=<vpn server ip>
        #
        rightprotoport=17/1701
        # ----------------------------------------------------------
        #
        # Change 'ignore' to 'add' to enable this configuration.
        #
        auto=add

/etc/ipsec.d/interoute.secrets

%any <vpn server ip> : PSK "<Pre-Shared Key>"

L2TP/PPP configuration

/etc/xl2tpd/xl2tpd.conf

[lac vpn-connection]
lns = <vpn server ip>
local ip = <local ip>
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

/etc/ppp/options.l2tpd.client

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name <user>
password <password>

Start the Connection

service ipsec start
sleep 2
service xl2tpd start
sleep 2
ipsec auto --up L2TP-PSK-CLIENT
echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control

Close the Connection

ipsec auto --down L2TP-PSK-CLIENT
echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control
service xl2tpd stop
service ipsec stop

References

http://www.elastichosts.com/support/tutorials/linux-l2tpipsec-vpn-client/ https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup http://www.jacco2.dds.nl/networking/linux-l2tp.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment