View previous topic :: View next topic |
Author |
Message |
jyoung Guru
Joined: 20 Mar 2007 Posts: 436
|
Posted: Sun Jul 03, 2022 5:00 pm Post subject: L2TP on gentoo |
|
|
I'm trying to connect to a network that uses L2TP VPN using the cisco vpnc (net-vpn/vpnc). I can't find any example to configure it properly. The network I'm trying to connect to doesn't have a group ID, just a shared secret key. Any ideas? |
|
Back to top |
|
|
salahx Guru
Joined: 12 Mar 2005 Posts: 530
|
Posted: Sun Jul 03, 2022 7:44 pm Post subject: |
|
|
I wrote a document for the server side of it: https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server . You can probably figure out the client side of it looks like (I've helped others) You need 2 pieces: strongSwan or openSwan and xl2tpd . I perfer strongSwan myself.
First you have to configure the ipsec connection. That's the hard part. Basically create a file. /etc/swanctl/conf.d/vpn.example.com.conf eit jhte follow contactents:
Code: | connections {
work {
remote_addrs=vpn.example.com
proposals=aes-sha1-modp1024,default
version=1
local-1 {
auth=psk
}
remote-1 {
auth=psk
}
children {
only {
esp_proposals=aes-sha1,default
mode=transport
remote_ts=dynamic[udp/l2tp]
}
}
}
}
pools {
}
secrets {
ike-1 {
id = vpn.example.com
secret = "password_pass"
}
}
authorities {
} |
"remote" and "id" shouild be the IP/DNS name of the VPN server. "secret" should be your PSK.
If you are using systems, start up the "strongswan" service
All other init systems should use the "ipsec" service
Load the config file: . Then. start the connection Code: | swanctl -i --child only |
|
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Sun Jul 03, 2022 7:50 pm Post subject: |
|
|
You can try with NM
Code: |
emerge -av net-vpn/networkmanager-l2tp net-vpn/networkmanager-strongswan
|
This will pull all dependencies.
then
Code: |
nmcli c add con-name CON_NAME type vpn vpn-type l2tp vpn.data 'gateway=GATEWAY_HOST, ipsec-enabled=yes, ipsec-psk=PRE_SHARED_KEY, password-flags=2, user=USERNAME'
nmcli c up CON_NAME
|
See
https://gist.github.com/pastleo/aa3a9524664864c505d637b771d079c9
I guess though this will not be convenient if you use netifrc.
Plus you need kernel .config pertaining to ipsec and l2tp. _________________
|
|
Back to top |
|
|
|