Last active
April 4, 2024 20:30
-
-
Save danielv99/ae6dbd6d3f5b8fe4241519f5a0733ff3 to your computer and use it in GitHub Desktop.
L2TP VPN client on Linux Debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requirements | |
| # debian/ubuntu | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get -y install strongswan xl2tpd libstrongswan-standard-plugins libstrongswan-extra-plugins | |
| VPN_SERVER_IP='' | |
| VPN_IPSEC_PSK='y' | |
| VPN_USER='' | |
| VPN_PASSWORD='' | |
| cat > /etc/ipsec.conf <<EOF | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev1 | |
| authby=secret | |
| conn VPN1 | |
| keyexchange=ikev1 | |
| left=%defaultroute | |
| auto=add | |
| authby=secret | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=$VPN_SERVER_IP | |
| EOF | |
| cat > /etc/ipsec.secrets <<EOF | |
| : PSK "$VPN_IPSEC_PSK" | |
| EOF | |
| chmod 600 /etc/ipsec.secrets | |
| cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
| [lac VPN1] | |
| lns = $VPN_SERVER_IP | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat > /etc/ppp/options.l2tpd.client <<EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-chap | |
| noccp | |
| noauth | |
| mtu 1280 | |
| mru 1280 | |
| noipdefault | |
| defaultroute | |
| usepeerdns | |
| connect-delay 5000 | |
| name $VPN_USER | |
| password $VPN_PASSWORD | |
| EOF | |
| chmod 600 /etc/ppp/options.l2tpd.client | |
| service strongswan restart | |
| service xl2tpd restart | |
| cat > /usr/local/bin/start-vpn <<EOF | |
| #!/bin/bash | |
| (service strongswan start ; | |
| sleep 2 ; | |
| service xl2tpd start) && ( | |
| ipsec up VPN1 | |
| echo "c VPN1" > /var/run/xl2tpd/l2tp-control | |
| sleep 5 | |
| #ip route add 10.0.0.0/24 dev ppp0 | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/start-vpn | |
| cat > /usr/local/bin/stop-vpn <<EOF | |
| #!/bin/bash | |
| (echo "d myvpn" > /var/run/xl2tpd/l2tp-control | |
| ipsec down myvpn) && ( | |
| service xl2tpd stop ; | |
| service strongswan stop) | |
| EOF | |
| chmod +x /usr/local/bin/stop-vpn | |
| echo "To start VPN type: start-vpn" | |
| echo "To stop VPN type: stop-vpn" |
I'v a https://...:4433 server how can i config this to work?
This script works great, and the microtik fixes were good but now you have to replace service strongswan start with service strongswap-starter start and the same for service strongswan-starter stop.
Thanks for the script!
After adding the fixes for Mikrotik suggested by agenovez and updated the start and stop script to use systemctl it works great!
New start script:
#!/bin/bash
(
systemctl start strongswan-starter.service
sleep 2
systemctl start xl2tpd.service
) && (
ipsec up VPN1
echo "c VPN1" > /var/run/xl2tpd/l2tp-control
sleep 5
#ip route add 10.0.0.0/24 dev ppp0
)
New stop script:
#!/bin/bash
(
echo "d VPN1" > /var/run/xl2tpd/l2tp-control
ipsec down VPN1
) && (
systemctl stop xl2tpd.service
systemctl stop strongswan-starter.service
)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, Greetings thanks, I was searching for a clean simple tool but I can't find it, this helps me a lot:
I need to add the following to lines (after line 20) to make it work with Mikrotik:
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
I find this on this page:
https://dev-qa.com/153425/how-to-connect-l2tp-ipsec-client-on-linux-to-mikrotik