Home › Using Linux as L2TP VPN client

Using Linux as L2TP VPN client 

magnum
Joined:
04/19/2010
Posts:
94

September 28, 2011 09:31:58    Last update: September 28, 2011 09:31:58
This procedure works for xl2tpd.
  1. Edit L2TP configuration file /etc/xl2tpd/xl2tpd.conf: 
    ;
; This is a minimal sample xl2tpd configuration file for use as L2TP client.
;

[global]
; listen-addr = 192.168.56.1
;
; ipsec saref = yes
; forceuserspace = yes
;
debug tunnel = yes

; Connect as a client to a server at 192.168.1.98
; Changing "require authentication" to yes below doesn't seem to have any effect
[lac vpnserver]
lns = 192.168.1.98
require chap = yes
refuse pap = yes
require authentication = no
; Name should be the same as the username in the PPP authentication!
name = l2tpuser
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.client
length bit = yes


  2. Edit PPP options file for L2TP /etc/ppp/options.xl2tpd.client: 
    ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000


  3. Edit PPP authentication file /etc/ppp/chap-secrets: 
    # Secrets for authentication using CHAP
# server name should match the name defined on the server side, not in lac section on client side
# client        server  secret                  IP addresses
l2tpuser L2TPServer password *


  4. Start xl2tpd: 
    # /etc/init.d/xl2tpd start


  5. Connect to the server: 
    # echo "c vpnserver" >/var/run/xl2tpd/l2tp-control

    Tail /var/log/messages, you should see something like: 
    Sep 28 11:05:46 sta101894 pppd[26059]: pppd 2.4.5 started by root, uid 0
Sep 28 11:05:46 sta101894 pppd[26059]: Using interface ppp0
Sep 28 11:05:46 sta101894 pppd[26059]: Connect: ppp0 <--> /dev/pts/13
Sep 28 11:05:46 sta101894 pppd[26059]: CHAP authentication succeeded: Access granted
Sep 28 11:05:46 sta101894 pppd[26059]: CHAP authentication succeeded
Sep 28 11:05:46 sta101894 pppd[26059]: local  IP address 192.168.1.128
Sep 28 11:05:46 sta101894 pppd[26059]: remote IP address 192.168.1.99


  6. ifconfig should show that ppp0 is added: 
    # ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:192.168.1.128  P-t-P:192.168.1.99  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1410  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:40 (40.0 b)  TX bytes:46 (46.0 b)


  7. To tear down the vpn: 
    # echo "d vpnserver" >/var/run/xl2tpd/l2tp-control


  8. If authentication fails, try to set "require authentication" to no on both server and client and restart xl2tpd on both sides: 
    # /etc/init.d/xl2tpd restart
# echo "c vpnserver" >/var/run/xl2tpd/l2tp-control

    The file /etc/ppp/chap-secrets is no longer relevant when authentication is turned off.
Share |
| Comment  | Tags