This procedure sets up an IPSec vpn server on Linux with Preshared Key (PSK) using Openswan . Install Openswan: # yum install openswan Edit /etc/ipsec.conf . This is about the minimum needed to run IPSec server. Instead of running L2TP on port 1701, I'm running TCP on port 8080 so that I can test the setup with nc later. # /etc/ipsec.conf - Openswan IPsec configurati... Edit /etc/ipsec.secrets . # # Preshared key for clients connecting from a... Start IPSec: # /etc/init.d/ipsec start Check status: # ipsec auto --status Monitor IPSec log: # less /var/log/secure If IPSec is running KLIPS, you should see a new nic ( ipsec0 ). There's no ipsec0 if IPSec is running NETKEY. # ifconfig eth0 Link encap:Ethernet HWadd...

This procedure works for xl2tpd . Edit L2TP configuration file /etc/xl2tpd/xl2tpd.conf : ; ; This is a minimal sample xl2tpd configurati... Edit PPP options file for L2TP /etc/ppp/options.xl2tpd.client : ipcp-accept-local ipcp-accept-remote refuse-... Edit PPP authentication file /etc/ppp/chap-secrets : # Secrets for authentication using CHAP # serve... Start xl2tpd : # /etc/init.d/xl2tpd start Connect to the server: # echo "c vpnserver" >/var/run/xl2tpd/l2tp-control Tail /var/log/messages , you should see something like: Sep 28 11:05:46 sta101894 pppd[26059]: pppd 2.4.5 ... ifconfig should show that ppp0 is added: # ifconfig ppp0 ppp0 Link encap:Point-to-P... To tear down the vpn: # echo "d vpnserver" >/var/run/xl2tpd/l2tp-control If authentication fails, try to set "require authentication" to no on both server and client and restart xl2tpd on both sides: # /etc/init.d/xl2tpd restart # echo "c vpnserve......

These steps set up a Linux host as IPSec client, using Openswan . Install Openswan: # yum install openswan Edit /etc/ipsec.conf . Instead of L2TP on port 1701, I'm setting up TCP on port 8080 so that I can test the connection with nc . # /etc/ipsec.conf - Openswan IPsec configuration f... Edit /etc/ipsec.secrets . # include /etc/ipsec.d/*.secrets 192.168.0.101 ... Start IPSec: # /etc/init.d/ipsec start Connect to IPSec server: # ipsec auto --up TCP8080-PSK-CLIENT 104 "TCP80...