Last active
December 24, 2024 16:51
-
-
Save danielv99/ae6dbd6d3f5b8fe4241519f5a0733ff3 to your computer and use it in GitHub Desktop.
L2TP VPN client on Linux Debian
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requirements | |
| # debian/ubuntu | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get -y install strongswan xl2tpd libstrongswan-standard-plugins libstrongswan-extra-plugins | |
| VPN_SERVER_IP='' | |
| VPN_IPSEC_PSK='y' | |
| VPN_USER='' | |
| VPN_PASSWORD='' | |
| cat > /etc/ipsec.conf <<EOF | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev1 | |
| authby=secret | |
| conn VPN1 | |
| keyexchange=ikev1 | |
| left=%defaultroute | |
| auto=add | |
| authby=secret | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=$VPN_SERVER_IP | |
| EOF | |
| cat > /etc/ipsec.secrets <<EOF | |
| : PSK "$VPN_IPSEC_PSK" | |
| EOF | |
| chmod 600 /etc/ipsec.secrets | |
| cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
| [lac VPN1] | |
| lns = $VPN_SERVER_IP | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat > /etc/ppp/options.l2tpd.client <<EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-chap | |
| noccp | |
| noauth | |
| mtu 1280 | |
| mru 1280 | |
| noipdefault | |
| defaultroute | |
| usepeerdns | |
| connect-delay 5000 | |
| name $VPN_USER | |
| password $VPN_PASSWORD | |
| EOF | |
| chmod 600 /etc/ppp/options.l2tpd.client | |
| service strongswan restart | |
| service xl2tpd restart | |
| cat > /usr/local/bin/start-vpn <<EOF | |
| #!/bin/bash | |
| (service strongswan start ; | |
| sleep 2 ; | |
| service xl2tpd start) && ( | |
| ipsec up VPN1 | |
| echo "c VPN1" > /var/run/xl2tpd/l2tp-control | |
| sleep 5 | |
| #ip route add 10.0.0.0/24 dev ppp0 | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/start-vpn | |
| cat > /usr/local/bin/stop-vpn <<EOF | |
| #!/bin/bash | |
| (echo "d myvpn" > /var/run/xl2tpd/l2tp-control | |
| ipsec down myvpn) && ( | |
| service xl2tpd stop ; | |
| service strongswan stop) | |
| EOF | |
| chmod +x /usr/local/bin/stop-vpn | |
| echo "To start VPN type: start-vpn" | |
| echo "To stop VPN type: stop-vpn" |
Thanks for the script!
After adding the fixes for Mikrotik suggested by agenovez and updated the start and stop script to use systemctl it works great!
New start script:
#!/bin/bash
(
systemctl start strongswan-starter.service
sleep 2
systemctl start xl2tpd.service
) && (
ipsec up VPN1
echo "c VPN1" > /var/run/xl2tpd/l2tp-control
sleep 5
#ip route add 10.0.0.0/24 dev ppp0
)
New stop script:
#!/bin/bash
(
echo "d VPN1" > /var/run/xl2tpd/l2tp-control
ipsec down VPN1
) && (
systemctl stop xl2tpd.service
systemctl stop strongswan-starter.service
)
Thank you a ton for this gist.
I had to tweak it a bit to get it to work with my setup (Ubuntu client & Ubiquiti UDM server)
I've posted the gist here:
https://gist.github.com/btc100k/8a075e2855298aa359d14b1688aa2f04
The big diffs (IIRC) were in the pppoptfile, and in creating/removing the route when starting/stopping vpn.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script works great, and the microtik fixes were good but now you have to replace service strongswan start with service strongswap-starter start and the same for service strongswan-starter stop.