I setup ikev2 using Strongswan, Now I need to add l2tp support to that What is the best and easy method to add l2tp support to Strongswan? Appreciate for any help
Asked
Active
Viewed 2,813 times
2 Answers
0
Working swanctl config of strongswan in client mode when connecting to a L2TP VPN hub with PSK:
connections {
vpnhub {
local-1 {
id=192.168.1.27
auth=psk
}
remote-1 {
id=325.678.571.25
auth=psk
}
children {
default {
esp_proposals=aes128-sha1-modp1024
dpd_action=clear
start_action=trap
mode=transport
local_ts=dynamic[17/1701]
remote_ts=dynamic[17/1701]
}
}
version=2
proposals=aes128-sha1-modp2048
local_addrs=192.168.1.27
remote_addrs=325.678.571.25
rekey_time=1h
}
}
drookie
- 8,051
- 1
- 17
- 27
0
As for strongSwan configuration, you only need to allow encapsulation of L2TP traffic into the tunnel. To do so you should specify L2TP port in local_ts/remote_ts parameters in swanctl.conf or leftsubnet/rightsubnet in ipsec.conf. Default port for L2TP is UDP/1701.
For example:
> cat swanctl.conf
connections {
# some params
connection1 {
# some params
children {
child1 {
# some params
local_ts = 192.168.1.1[udp/1701]
remote_ts = 192.168.1.10[udp/1701]
# maybe some more params
}
}
}
}
After establishing IPsec tunnel you should run your L2TP server/client as if there is no IPsec tunnel at all. Your L2TP traffic will be transparently encrypted on one side end decrypted on another side. I'd recommend this article on configuring L2TP in xl2tpd.
Viktor
- 181
- 1
- 4