Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
L2TP on gentoo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Sun Jul 03, 2022 5:00 pm    Post subject: L2TP on gentoo Reply with quote

I'm trying to connect to a network that uses L2TP VPN using the cisco vpnc (net-vpn/vpnc). I can't find any example to configure it properly. The network I'm trying to connect to doesn't have a group ID, just a shared secret key. Any ideas?
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sun Jul 03, 2022 7:44 pm    Post subject: Reply with quote

I wrote a document for the server side of it: https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server . You can probably figure out the client side of it looks like (I've helped others) You need 2 pieces: strongSwan or openSwan and xl2tpd . I perfer strongSwan myself.

First you have to configure the ipsec connection. That's the hard part. Basically create a file. /etc/swanctl/conf.d/vpn.example.com.conf eit jhte follow contactents:

Code:
connections {
        work {
                remote_addrs=vpn.example.com
                proposals=aes-sha1-modp1024,default
                version=1
                local-1 {
                        auth=psk
                }
                remote-1 {
                        auth=psk
                }
                children {
                        only {
                                esp_proposals=aes-sha1,default
                                mode=transport
                                remote_ts=dynamic[udp/l2tp]
                        }
                }
        }
}
pools {
}
secrets {
        ike-1 {
                id = vpn.example.com
                secret = "password_pass"
        }
}
authorities {
}


"remote" and "id" shouild be the IP/DNS name of the VPN server. "secret" should be your PSK.

If you are using systems, start up the "strongswan" service
All other init systems should use the "ipsec" service

Load the config file:
Code:
wanctl -q
. Then. start the connection
Code:
swanctl -i --child only
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Sun Jul 03, 2022 7:50 pm    Post subject: Reply with quote

You can try with NM
Code:

emerge -av net-vpn/networkmanager-l2tp   net-vpn/networkmanager-strongswan


This will pull all dependencies.
then
Code:

nmcli c add con-name CON_NAME type vpn vpn-type l2tp vpn.data 'gateway=GATEWAY_HOST, ipsec-enabled=yes, ipsec-psk=PRE_SHARED_KEY, password-flags=2, user=USERNAME'
nmcli c up CON_NAME

See
https://gist.github.com/pastleo/aa3a9524664864c505d637b771d079c9
I guess though this will not be convenient if you use netifrc.
Plus you need kernel .config pertaining to ipsec and l2tp.
_________________
:)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum