As PPTP service suspended since 1 Sept, the guide given in ITSC website doesn't not work now. Here are the steps for L2TP VPN connection.
1. Download the ipsec-tools, racoon and xl2tpd
(or sudo apt-get install ipsec-tools racoon xl2tpd)
2. Install the packages
3. Add the content between the lines to /etc/racoon/racoon.conf
------- File Begin, don't copy this line -----------
path pre_shared_key "/etc/racoon/psk.txt";
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
proposal_check obey;
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous {
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
------- File End, don't copy this line -----------
4. Add the content between the lines to /etc/racoon/psk.txt
------- File Begin, don't copy this line -----------
10.0.255.248 ipsec-vpn
10.0.255.249 ipsec-vpn
10.0.255.250 ipsec-vpn
10.0.255.251 ipsec-vpn
10.0.255.252 ipsec-vpn
10.0.255.253 ipsec-vpn
10.0.255.254 ipsec-vpn
------- File End, don't copy this line -----------
5. Save the content between the lines to /etc/ipsec.conf
------- File Begin, don't copy this line -----------
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.0.219.121/18[1701] 0.0.0.0/0[0] any
-P out ipsec esp/transport//require;
------- File End, don't copy this line -----------
6. Add the content between the lines to at /etc/xl2tpd/xl2tpd.conf
------- File Begin, don't copy this line -----------
[global]
port = 1701
auth file = /etc/xl2tpd/l2tp-secrets
[lac connect]
lns = ipsec-vpn.resnet.cuhk.edu.hk
redial = yes
require pap = yes
ppp debug = no
pppoptfile = /etc/ppp/options.l2tp
------- File End, don't copy this line -----------
6. Save the content between the lines to at /etc/ppp/options.l2tp
------- File Begin, don't copy this line -----------
lock
debug
mtu 1000
nobsdcomp
nodeflate
noaccomp
nopcomp
novj
defaultroute
replacedefaultroute
name YOUR_COMPUTING_ID
------- File End, don't copy this line -----------
7. Add the content between the lines to both /etc/xl2tpd/l2tp-secrets and /etc/ppp/pap-secrets
------- File Begin, don't copy this line -----------
YOUR_COMPUTING_ID ipsec-vpn.resnet.cuhk.edu.hk YOUR_CWEM_PASSWORD
------- File End, don't copy this line -----------
8. Run
sudo mkdir /var/run/xl2tpd
sudo /etc/init.d/racoon start
sudo /etc/init.d/xl2tpd start
echo "c connect" | sudo tee /var/run/xl2tpd/l2tp-control
9. You should get your Resnet connection now
Ref:
How to L2TP/IPsec @ CUHK
iveney的共享空间: l2tp over ipsec in Linux @ CUHK
Using Linux as an L2TP/IPsec VPN client
codeserv.us » Blog Archive » Ubuntu IPSEC/L2TP VPN Client
沒有留言:
發佈留言