Skip to content

Instantly share code, notes, and snippets.

@liluxdev

liluxdev/how.md

Forked from Zemnmez/how.md
Created January 4, 2023 14:22
Show Gist options
  • Save liluxdev/80f98838dfe339d89c94a6763fe565e0 to your computer and use it in GitHub Desktop.
Save liluxdev/80f98838dfe339d89c94a6763fe565e0 to your computer and use it in GitHub Desktop.
Download ZIP
L2TP / ipsec VPN, Amazon Linux (EC2)
Raw
how.md 
# adapted from http://spottedhyena.co.uk/centos-67-ipsecl2tp-vpn-client-unifi-usg-l2tp-server/
yum -y install epel # different on amazon linux
sudo yum -y install xl2tpd openswan
systemctl start ipsec.service
service ipsec start

# 'myserver.com' is just to help identify. these are all imported into /etc/ipsec.conf.

vim /etc/ipsec.d/myserver.com.conf # see next...
config setup
     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
     nat_traversal=yes
     protostack=netkey
conn L2TP-PSK
     authby=secret
     pfs=no
     auto=add
     keyingtries=3
     dpddelay=30
     dpdtimeout=120
     dpdaction=clear
     rekey=yes
     ikelifetime=8h
     keylife=1h
     type=transport
# Replace %local below with your local IP address (private, behind NAT IP is okay as well)
     left=%local # i used the ip from ifconfig and it worked
     leftprotoport=17/1701
# Replace IP address with your VPN server's IP
     right=%server
     rightprotoport=17/1701

vim /etc/ipsec.d/myserver.com.secrets # see next...
# there was originally more stuff before the ":" . it didn't work when I had it
: PSK "your_pre_shared_key"

ipsec auto --add L2TP-PSK
vim /etc/xl2tpd/xl2tpd.conf
[lac vpn-connection]
lns = %server
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

vi /etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
logfile /var/log/xl2tpd.log
connect-delay 5000
proxyarp
name your_vpn_username
password your_password

mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control

# now an important amazon specific step!!
# (from here: https://forums.aws.amazon.com/thread.jspa?messageID=916088)
vim /usr/lib/systemd/system/xl2tpd.service # see next ...

Comment out the line starting with 'ExecStartPre='.

ipsec auto --up L2TP-PSK
echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control

after this you have to fix the route tables. here is what i did: save this as vpn.sh

#!/bin/bash

MASK=("192.168.1.0/24" "172.20.100.0/24")

if ! ifconfig | grep ppp0;
then
        echo "upping vpn"
                sudo ipsec auto --up L2TP-PSK
                sleep 3
                sudo echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
fi
echo "route 0 ${MASK[0]}";
if ! route | grep ppp0;
then
        echo "adding routes..."
                sudo route add -net ${MASK[0]} dev ppp0
                sudo route add -net ${MASK[1]} dev ppp0
fi       
chmod +x vpn.sh
sudo crontab -e
10 * * * * /home/ec2-user/vpn.sh

sudo ./vpn.sh # do this a few times until stuff is resolved -- this'll happen automatically via the cron also
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment