-
-
Save danielv99/ae6dbd6d3f5b8fe4241519f5a0733ff3 to your computer and use it in GitHub Desktop.
| # Requirements | |
| # debian/ubuntu | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get -y install strongswan xl2tpd libstrongswan-standard-plugins libstrongswan-extra-plugins | |
| VPN_SERVER_IP='' | |
| VPN_IPSEC_PSK='y' | |
| VPN_USER='' | |
| VPN_PASSWORD='' | |
| cat > /etc/ipsec.conf <<EOF | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev1 | |
| authby=secret | |
| conn VPN1 | |
| keyexchange=ikev1 | |
| left=%defaultroute | |
| auto=add | |
| authby=secret | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=$VPN_SERVER_IP | |
| EOF | |
| cat > /etc/ipsec.secrets <<EOF | |
| : PSK "$VPN_IPSEC_PSK" | |
| EOF | |
| chmod 600 /etc/ipsec.secrets | |
| cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
| [lac VPN1] | |
| lns = $VPN_SERVER_IP | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat > /etc/ppp/options.l2tpd.client <<EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-chap | |
| noccp | |
| noauth | |
| mtu 1280 | |
| mru 1280 | |
| noipdefault | |
| defaultroute | |
| usepeerdns | |
| connect-delay 5000 | |
| name $VPN_USER | |
| password $VPN_PASSWORD | |
| EOF | |
| chmod 600 /etc/ppp/options.l2tpd.client | |
| service strongswan restart | |
| service xl2tpd restart | |
| cat > /usr/local/bin/start-vpn <<EOF | |
| #!/bin/bash | |
| (service strongswan start ; | |
| sleep 2 ; | |
| service xl2tpd start) && ( | |
| ipsec up VPN1 | |
| echo "c VPN1" > /var/run/xl2tpd/l2tp-control | |
| sleep 5 | |
| #ip route add 10.0.0.0/24 dev ppp0 | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/start-vpn | |
| cat > /usr/local/bin/stop-vpn <<EOF | |
| #!/bin/bash | |
| (echo "d myvpn" > /var/run/xl2tpd/l2tp-control | |
| ipsec down myvpn) && ( | |
| service xl2tpd stop ; | |
| service strongswan stop) | |
| EOF | |
| chmod +x /usr/local/bin/stop-vpn | |
| echo "To start VPN type: start-vpn" | |
| echo "To stop VPN type: stop-vpn" |
I'v a https://...:4433 server how can i config this to work?
This script works great, and the microtik fixes were good but now you have to replace service strongswan start with service strongswap-starter start and the same for service strongswan-starter stop.
Thanks for the script!
After adding the fixes for Mikrotik suggested by agenovez and updated the start and stop script to use systemctl it works great!
New start script:
#!/bin/bash
(
systemctl start strongswan-starter.service
sleep 2
systemctl start xl2tpd.service
) && (
ipsec up VPN1
echo "c VPN1" > /var/run/xl2tpd/l2tp-control
sleep 5
#ip route add 10.0.0.0/24 dev ppp0
)
New stop script:
#!/bin/bash
(
echo "d VPN1" > /var/run/xl2tpd/l2tp-control
ipsec down VPN1
) && (
systemctl stop xl2tpd.service
systemctl stop strongswan-starter.service
)
Thank you a ton for this gist.
I had to tweak it a bit to get it to work with my setup (Ubuntu client & Ubiquiti UDM server)
I've posted the gist here:
https://gist.github.com/btc100k/8a075e2855298aa359d14b1688aa2f04
The big diffs (IIRC) were in the pppoptfile, and in creating/removing the route when starting/stopping vpn.
Hi, Greetings thanks, I was searching for a clean simple tool but I can't find it, this helps me a lot:
I need to add the following to lines (after line 20) to make it work with Mikrotik:
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
I find this on this page:
https://dev-qa.com/153425/how-to-connect-l2tp-ipsec-client-on-linux-to-mikrotik