3

I need to make an L2TP VPN connection from a Debian Squeeze server.

What I have is:

  • The server IP address
  • Shared Key
  • My username and password

Just using these 3 parameteres I can establish the VPN connection from my Mac OSX computer right from the Network panel in System Preferences.

To connect from Debian, after googling; I ended up with a "Openswan (IpSec) + XL2TP" solution (if you have a better alternative I can try that as well). However, connecting from Debian (by using openswan+xl2tp) involves configuring tens of parameters and unfortunately the system administrator of the VPN doesn't have any idea about the parameters I ask. He desperately claims, "it works on iphone/android/osx so it should work as well on linux." and unfortunately he is right.

What I want to ask is:

  1. Is openswan+xl2tp is the most simple and effective solution to use for this purpose?
  2. Since connection is successful from an OSX computer, is there anyone who can highlight the unshown but used parameters of OSX VPN connection? Or is there any way that I can display them?
sam_pan_mariusz
  • 2,053
  • 1
  • 12
  • 15
Lashae
  • 183
  • 1
  • 12
  • When you say L2TP, do you mean L2TP over IPSec? – CIA Aug 26 '15 at 21:08
  • Yes @CIA, I mean the L2TP over IPSec. – Lashae Aug 27 '15 at 06:31
  • Have you tried with *Racoon* instead of *openSwan*? It's often simpler to configure. The downside is that it (AFAIK) supports IKE1 only. Another workaround could be running ie. *pfSense* 2.2+ in a VM, which offers a nice, web-based configuration wrapper for *strongSwan* (or for above-mentioned *Racoon* in older versions); after configuring a valid connection in pfSense, copy resulting config file to Debian. I can elaborate more on it if you ever consider a solution like that. – sam_pan_mariusz Aug 27 '15 at 22:30
  • To answer your questions @Lashae; 1) It depends on what you mean by simple. There aren't a lot of opensource VPN clients out there that guess at all the possible configurations needed. openswan w/ xl2tp is one of your options. You could use OpenVPN's `--script-security` with a config file, but you'll run into the same technicalities as openswan w/ xl2tp; you need to know all the parameters. 2) There isn't a lot of documentation available on this, but someone asked a similar question on serverfault before: http://serverfault.com/a/459900/161412 – CIA Aug 27 '15 at 23:02

1 Answers1

1

We are also using a L2TP VPN connection and I could make it work on Ubuntu with openswan and xl2tp. I guess it should be similar on Debian.

It didn’t work right away, I had to play with the parameters.

It worked for me when I commented these lines:

#refuse-eap
#refuse-pap
#refuse-chap
#refuse-mschap
#refuse-mschap-v2
#require-mschap-v2

in /etc/ppp/your_vpn_connection_name.options.xl2tpd : 

#debug
#dump
#record /var/log/pppd

plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
#noccp
noauth
crtscts
lock
hide-password
modem
noipx

ipparam L2tpIPsecVpn-MyVPN

promptprog "/usr/bin/L2tpIPsecVpn"

#refuse-eap
#refuse-pap
#refuse-chap
#refuse-mschap
#refuse-mschap-v2
#require-mschap-v2

remotename ""
name "<your_username>"
password "<your_password>"

defaultroute

usepeerdns

Restart ipsec and xl2tp after modifying this file.

The logs on your Debian server or on the VPN server can also help to debug.

Céline Aussourd
  • 590
  • 1
  • 5
  • 14