How-To: Set up a L2TP over IPSec VPN using a Radius backend — page 2

1 minute read

We have now configured IPSec, let’s carry on with the next step.

XL2TP

Now, let’s get on the next phase: XL2TP.

Packages Requirements

You can install xl2tp with the following command:

# apt-get install xl2tp

Configuration

The configuration of xl2tp happens in /etc/xl2tpd/xl2tpd.conf. We are going to provide IPs in the range 10.10.10.2-10.10.10.254, 10.10.10.1 being the endpoint IP of the VPN server.

So go ahead and open /etc/xl2tpd/xl2tpd.conf and make it look like:

[global]
ipsec saref = yes
listen-addr = your external IP address
port = 1701

[lns default]
ip range = 10.10.10.2-10.10.10.254
local ip = 10.10.10.1
refuse chap = yes
require pap = yes
require authentication = no
name = LinuxVPNserver
hostname = YourHostName
ppp debug = yes
length bit = yes
pppoptfile = /etc/xl2tpd/ppp-options.xl2tpd

Copy an example config from xl2tp doc:

sudo cp /usr/share/doc/xl2tpd/examples/ppp-options.xl2tpd /etc/xl2tpd/ppp-options.xl2tpd

Now go and edit etc/xl2tpd/ppp-options.xl2tpd and make it look like:

require-pap
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

Same here, change it with whatever mstches your settings (DNS…)

Finally test your configuration with:

sudo xl2tpd -D

The next step is to integrate FreeRadius.