I need to connect to a L2TP IPsec VPN using Ubuntu 14.10. I previously used L2TP IPsec VPN Manager 1.0.9 from Werner Jaeger in Ubuntu 14.04, and it worked great, but that no longer appears to be supported in 14.10. I have xl2tpd installed. I no longer see the option to add a L2TP Ipsec VPN connection under the VPN Connections menu in Network Connections. Any help or guidance is appreciated.
Asked
Active
Viewed 7.9k times
26
-
2I went ahead and re-installed Ubuntu 14.04 after researching and trying for several days without success. I think I'll stick to the LTS versions for now. – Doug Mai Jan 12 '15 at 02:50
-
This worked for me (16.04): http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/ – Muhamed Huseinbašić Nov 15 '16 at 09:30
2 Answers
19
The lt2p-ipsec-vpn package was deprecated along with OpenSwan. Ubuntu has replaced OpenSwan with StrongSwan, which is available in the main, along with a corresponding network manager plugin in universe.
apt-get install strongswan network-manager-strongswan
Ben Grimm
- 1,420
-
That doesn't seem to work. It complains of missing dependency network-manager-l2pt, which I tried to install, but that depends on "openswan" which has been deprecated and removed. So I don't know what to do next. – Pretzel Jan 28 '15 at 22:10
-
1l2tp-ipsec-vpn was deleted due to its dependency on openswan as well – Ben Grimm Jan 28 '15 at 22:19
-
-
Updated the solution, it seems to work, but I have not fully tested. No real danger from having the old repositories available since the current release takes precedence. – Ben Grimm Jan 28 '15 at 22:58
-
In the previous post of yours, you had a section about stopping a daemon and starting another one. Do I still need to do that? Btw, I did get it installed and I got it to try to connect to my L2TP server once, but then that was it. Still working away at this. – Pretzel Jan 29 '15 at 18:33
-
Those instructions were only relevant for the alternative network manager, you likely need to back out that change by running
sudo update-rc.d xl2tpd enable– Ben Grimm Jan 29 '15 at 18:45 -
So after more digging, it turns out OpenSwan was completely retired and replaced with StrongSwan. (apt-get install strongswan network-manager-strongswan). So now I've installed that and it integrates nicely with the Network Manager applet. Still working on getting my pre-shared keys installed, though. If you change your answer to say that the user should install StrongSwan instead (with instructions), I'll grant you the bounty. :) – Pretzel Jan 30 '15 at 18:40
-
-
1@Pretzel did you ever succeed in getting IPSec/L2TP to work with pre-shared keys? – sbrattla May 01 '16 at 20:26
-
9Could any of you show us how it's integrated with the network manager applet. I have installed these programs but don't see any additional options in nm. – Brandon Bertelsen May 28 '16 at 00:48
-
7Not sure if I'm missing something, but this solution does not make L2TP available in VPN connections. – Seth Jun 02 '16 at 22:20
-
1Yes, currently it doesn't show up on the network manager. This is already known bug: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1578193 Fortunately, someone has applied some patches to solve this and made them available through this PPA: https://launchpad.net/~raharper/+archive/ubuntu/bugfixes – Akronix Feb 27 '17 at 11:12
-
1This does add "IPsec/IKEv2" to my network manager, but not L2TP. (16.04) – Jørgen Mar 02 '17 at 10:06
0
StrongSwan should work with xl2tpd
I know it's a best practice to paste the actual scripts but it's quite a bit. And honestly a link here would have saved me some trouble so hopefully someone finds this useful...
http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/ https://www.rapidvpn.com/setup-vpn-l2tp-ubuntu https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c
Maybe after I'm done I'll share the final script.
EDIT
A few implementation notes
- I had to remove the
lockkeyword from /etc/ppp/options.l2tpd.client - Username and password should be specified when
echointo /var/run/xl2tpd/l2tp-control rightsubnet=0.0.0.0/0was added to the connection in /etc/ipsec.conf even though mine was a site-to-site VPNip linklists your devices. There should be apppNin the list where N is a number from0- For site-to-site I used the following to add a new route...
ip route add 192.168.192.0/24 dev ppp0
kervin
- 1,451