How to connect L2TP + Ipsec client to Mikrotik Router

Linux / debian, ipsec, l2tp, strongswan, ubuntu / By / Leave a Comment
0
(0)

l2tp-ipsec-vpn-client

Configure a Linux VPN client using the command line.

You need the following:

  1. VPN Server Address (Mikrotik router in our case)
  2. Pre Shared Key
  3. Username
  4. Password

Install the following packages:

Ubuntu & Debian

sudo apt-get update
sudo apt-get -y install strongswan xl2tpd ppp

In latest distro of Debian / Ubuntu strongswan called strongswan-starter service

Configure StrongSwan

Edit ipsec.conf:

sudo nano /etc/ipsec.conf

Replace the file content with the following (replace n.n.n.n with your VPN Server Address):

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret
    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn L2TP-PSK
    keyexchange=ikev1
    left=%defaultroute
    auto=add
    authby=secret
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/1701
    # set this to the ip address of your vpn server
    right=n.n.n.n

Edit ipsec.secrets:

sudo nano /etc/ipsec.secrets

Replace the file content with the following (replace your_pre_shared_key with your PSK value):

: PSK "your_pre_shared_key"

Configure xl2tpd

Edit xl2tpd.conf:

sudo nano /etc/xl2tpd/xl2tpd.conf

Append the following to the file (replace n.n.n.n with your VPN Server Address):

[lac L2TP-PSK]
; set this to the ip address of your vpn server
lns = n.n.n.n
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

Edit /etc/ppp/options.l2tpd.client:

sudo nano /etc/ppp/options.l2tpd.client

Replace the file content with the following (replace your_user_name and your_password with your VPN credentials):

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
logfile /var/log/xl2tpd.log
idle 1800
mtu 1410
mru 1410
#defaultroute
#usepeerdns
debug
connect-delay 5000
name your_user_name
password your_password

Connect

Run the following script each time you want to start the ipsec and l2tp connection:

#!/bin/bash
(service strongswan-starter start ;
sleep 2 ;
service xl2tpd start) && (
ipsec up L2TP-PSK
echo "c L2TP-PSK" > /var/run/xl2tpd/l2tp-control
sleep 5
)

Disconnect

To disconnect run the following script:

#!/bin/bash
(echo "d L2TP-PSK" > /var/run/xl2tpd/l2tp-control
ipsec down L2TP-PSK) && (
service xl2tpd stop ;
service strongswan-starter stop)

Debugging

Check the logs:

dmesg | less /var/log/xl2tpd.log

Similar Posts:

150

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top