Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@yyolk

yyolk/nm_l2tp_ipsec_vpn.md

Forked from luvarqpp/nm_l2tp_ipsec_vpn.md
Created February 9, 2020 22:13
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save yyolk/ccafbdf9f47fc85b1a7ca9bcba67472c to your computer and use it in GitHub Desktop.
Save yyolk/ccafbdf9f47fc85b1a7ca9bcba67472c to your computer and use it in GitHub Desktop.
Download ZIP
setup L2TP IPSEC VPN in archlinux using NetworkManager
Raw
nm_l2tp_ipsec_vpn.md

setup L2TP IPsec VPN in archlinux using NetworkManager

install networkmanager-l2tp first:

yaourt -S networkmanager-l2tp
apt install -y network-manager-l2tp

then reboot or systemctl restart NetworkManager

using commandline only

because nmtui can not create VPN connections, so I ended up creating one in the GUI and analysis generated config file

this can be done only via root, create the vpn config /etc/NetworkManager/system-connections/{vpn_name} manually:

#pregenerate config file by nmcli (replace {vpn_name} by your name. It will be prefixed by vpn- string):
sudo nmcli connection add type vpn ifname {vpn_name} vpn-type l2tp 
[connection]
id={vpn_name}
uuid=aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa 
type=vpn
autoconnect=false
permissions=

[vpn]
gateway={ip_of_vpn_server}
ipsec-enabled=yes
ipsec-esp=3des-sha1
ipsec-ike=3des-sha1-modp1024
ipsec-psk={PSK}
password-flags=0
user={given_user}
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password={password_for_user_given_user}

[ipv4]
dns-search=
method=auto
# do not use this vpn to tunelling traffic. It is another ip range for private servers. For normal Internet use original connection.
never-default=true

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
# do not use this vpn to tunelling traffic. It is another ip range for private servers. For normal Internet use original connection.
never-default=true

fill {vpn_name} {ip_of_vpn_server}, {PSK}, {given_user}, {password_for_user_given_user} change uuid if needed (list current connections via nmcli c) and make sure the config permission is 600 with owner root:root, then:

systemctl restart NetworkManager # reload to detect the config
nmcli c up {vpn_name} --ask # establish the vpn connection, it will ask for password
nmcli # check connection status
nmcli c down {vpn_name} # close the vpn connection

via GNOME/KDE Plasma GUI

GNOME

add vpn in gnome

options of l2tp ipsec

KDE PLASMA

add_vpn_in_kde

options_of_kde_l2tp_ipsec

  • Gateway is the ip of the vpn server
  • User name is the given user
  • Password can be left blank to enter when connecting
  • click IPsec Settings... button
    • Check Enable IPsec tunnel to L2TP host
    • paste PSK to Pre-shared key
    • IMPORTANT Uncheck Enable IPsec tunnel to L2TP host before click OK button, I think this is a bug
  • click Add button and enable
@DAJHER
Copy link

DAJHER commented Mar 8, 2023

Error in conection

Error: Connection activation failed: Could not find source connection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment