How-To: Set up a L2TP over IPSec VPN using a Radius backend — page 2

1 minute read

We have now configured IPSec, let’s carry on with the next step.


Now, let’s get on the next phase: XL2TP.

Packages Requirements

You can install xl2tp with the following command:

# apt-get install xl2tp


The configuration of xl2tp happens in /etc/xl2tpd/xl2tpd.conf. We are going to provide IPs in the range, being the endpoint IP of the VPN server.

So go ahead and open /etc/xl2tpd/xl2tpd.conf and make it look like:

ipsec saref = yes
listen-addr = your external IP address
port = 1701

[lns default]
ip range =
local ip =
refuse chap = yes
require pap = yes
require authentication = no
name = LinuxVPNserver
hostname = YourHostName
ppp debug = yes
length bit = yes
pppoptfile = /etc/xl2tpd/ppp-options.xl2tpd

Copy an example config from xl2tp doc:

sudo cp /usr/share/doc/xl2tpd/examples/ppp-options.xl2tpd /etc/xl2tpd/ppp-options.xl2tpd

Now go and edit etc/xl2tpd/ppp-options.xl2tpd and make it look like:

idle 1800
mtu 1200
mru 1200
connect-delay 5000

Same here, change it with whatever mstches your settings (DNS…)

Finally test your configuration with:

sudo xl2tpd -D

The next step is to integrate FreeRadius.