Portal Home > Knowledgebase > Tutorials / Guides > Linux Debian > L2TP (VPN) for Linux Debian

L2TP (VPN) for Linux Debian

Although it is not easy to set up a client access to L2TP on Linux Debian, you can still manage to access proxy.sh L2TP tunnels on this OS. To do so, just follow the following guidelines.

First of all, please make sure you are logged into root.

1. Install necessary packages.

        apt-get -y install openswan xl2tpd

2. Modify /etc/ipsec.conf It should look as follows:

        config setup
                virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
                nat_traversal=yes
                protostack=netkey
                oe=no
        # Replace wlan0 with your network interface
                plutoopts="--interface=wlan0"
                conn L2TP-PSK
                authby=secret
                pfs=no
                auto=add
                keyingtries=3
                dpddelay=30
                dpdtimeout=120
                dpdaction=clear
                rekey=yes
                ikelifetime=8h
                keylife=1h
                type=transport
        # Replace YOUR_IP with your local IP
                left=YOUR_IP
                leftnexthop=%defaultroute
                leftprotoport=17/1701
        # Replace PROXYSH_IP with the L2TP IP shown in your welcome email or panel's service details
                right=PROXYSH_IP
                rightprotoport=17/1701

3. Modify /etc/ipsec.secrets - you need to add there one line replacing 1st IP with your local IP, 2nd - with your VPN server's IP and using appropriate pre-shared key ("security") between quotes e.g.

        113.16.17.18 61.62.63.64 : PSK "security"

4. Modify /etc/xl2tpd/xl2tpd.conf - while PROXYSH_IP should be the proxy.sh L2TP IP, it should look as follows (you may replace vpn-sf14 with any other identifier):

        [lac vpn-sf14]
        lns = PROXYSH_IP
        ppp debug = yes
        pppoptfile = /etc/ppp/options.l2tpd.client
        length bit = yes

5. Create /etc/ppp/options.l2tpd.client with following contents replacing your proxy.sh credentials:

        ipcp-accept-local
        ipcp-accept-remote
        refuse-eap
        require-mschap-v2
        noccp
        noauth
        idle 1800
        mtu 1410
        mru 1410
        defaultroute
        replacedefaultroute
        usepeerdns
        debug
        lock
        connect-delay 5000
        name YOUR_USERNAME
        password YOUR_PASSWORD

6. Create a route to VPN server IP via your current default gateway (or ppp device if applicable). Example:

        ip ro ad PROXYSH_IP via YOUR_IP

7. Restart openswan and xl2tpd:

        invoke-rc.d ipsec restart
        invoke-rc.d xl2tpd restart

8. Startup sequence:

        ipsec auto --up L2TP-PSK
        echo "c vpn-sf14" > /var/run/xl2tpd/l2tp-control

9. Shutdown sequence:

        echo "d vpn-sf14" > /var/run/xl2tpd/l2tp-control
        ipsec auto --down L2TP-PSK

Note that 'vpn-sf14' and 'L2TP-PSK' are identifiers used in appropriate config files.

If you wish to start VPN with the system boot, you will need to place startup commands in /etc/rc.local directory.

9. You are now ready to start using VPN. Enjoy!

Please note that the following versions were used for this tutorial: kernel 2.6.32-5, openswan 1:2.6.28+dfsg-1, xl2tpd 1.2.7+dfsg-1.

NB: If you encounter difficulties to connect with L2TP, please try to switch to OpenVPN. OpenVPN is more reliable, more secure and more flexible. OpenVPN also allows you to try various ports, including 'discreet' ones such as TCP 443. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.

Guide for setting up Safejumper (OpenVPN) on Linux Debian.
I cannot find the .ovpn and .crt files necessary for OpenVPN. Where are they?
No matter how hard I try, I cannot succesfully connect to OpenVPN.
I can't access any website through my browser while connected to VPN.
I am connected to the VPN but my IP is not yet hidden. Help!
I am having some kind of other problem. Where can I find some help?
How can I find the local log files of my VPN client?

If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.
Related Knowledgebase Articles