13

I'm having trouble connecting to my company's VPN on Ubuntu 15.04. It uses L2TP over IPsec, and I have a username, password and shared secret. How do I connect?

thomson_matt
  • 233

6 Answers6

12

Update: A PPA exists now for network-manager-l2tp:

You can use

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp  
sudo apt-get update  
sudo apt-get install network-manager-l2tp

To install the network manager l2tp that supports L2TP for Ubuntu 16.04

Walkthrough for building from source: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/

Old Answer

Another solution is to use network-manager-l2tp. You can get it from https://github.com/nm-l2tp/network-manager-l2tp.

For installation walk-through: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/

It works for Ubuntu 16.04

zed
  • 551
3

Patch NM-L2TP package with script

#!/bin/bash
CUR_PATH=$(dirname $(readlink -f $0))
TMP_PATH=/tmp/nm-l2tp
mkdir ${TMP_PATH}
cd ${TMP_PATH}
wget https://launchpad.net/~seriy-pr/+archive/ubuntu/network-manager-l2tp/+build/6512073/+files/network-manager-l2tp_0.9.8.5-0utopic1_amd64.deb
ar vx network-manager-l2tp_0.9.8.5-0utopic1_amd64.deb
mkdir new
tar -xpvf data.tar.xz -C ./new
mv ./new/usr/lib/pppd/2.4.5 ./new/usr/lib/pppd/2.4.6
sed -i 's/2.4.5/2.4.6/g' ./new/usr/lib/NetworkManager/nm-l2tp-service
sed -i 's/2.4.5/2.4.6/g' ./new/usr/lib/pppd/2.4.6/nm-l2tp-pppd-plugin.so
mkdir new/DEBIAN
tar -xpvf control.tar.gz -C ./new/DEBIAN
sed -i 's/, ppp (<< 2.4.6)//g' ./new/DEBIAN/control
sed -i 's/0utopic1/0vivid1/g' ./new/DEBIAN/control
rm ./new/DEBIAN/md5sums
dpkg-deb -b ./new/ ${CUR_PATH}/network-manager-l2tp_0.9.8.5-0vivid1_amd64.deb
rm -rf ${TMP_PATH}

Then download and install an appropriate Openswan package from the http://www.ubuntuupdates.org/pm/openswan and run the following commands

sudo apt-get update
sudo dpkg -i network-manager-l2tp_0.9.8.5-0vivid1_amd64.deb
sudo service xl2tpd stop
sudo update-rc.d xl2tpd disable

Then just go to the Network manager, choose VPN connections and create l2tp. You need only set up a username, password and the IPSec PSK in the IPSec additional settings.

Part taken from this answer

Community
  • 1
ChipX
  • 31
3

The first comment is probably the answer for most of us, except, maybe, some real experts:

"Seems there is no easy way anymore to establish a L2tp VPN connection since OpenSwan has been deprecated and removed in Ubuntu 14.10. Need it myself, found no working solution after months of sporadic research. – derFunk May 21 at 18:11"

No solution seems to be planned, see https://wiki.strongswan.org/issues/254. Another needed functionality removed from Ubuntu.

hako
  • 191
2

Note that for the accepted answer, the correct installation command for Ubuntu 18 is

sudo apt install network-manager-l2tp network-manager-l2tp-gnome

Since Ubuntu now ships with Gnome.

herman
  • 121
2

Another workaround, tested on 15.10, should work on 15.04 also. Requires manual editing of conffiles and manual establishing connection.

config setup strictcrlpolicy=yes conn %default ikelifetime=30m keylife=15m rekeymargin=3m keyingtries=1 mobike=no dpdaction=restart dpddelay=30 dpdtimeout=120 conn MYSERVER left=192.168.101.157 leftprotoport=17/1701 right=77.78.79.80 # public IP of VPN gw rightprotoport=17/1701 authby=secret type=transport keyexchange=ikev1 auto=route

  • edit /etc/ipsec.secrets:

: PSK "StrongPSKgivenByProvider"

  • edit (or create) /etc/openl2tpd.conf:

ppp profile modify profile_name=default \ auth_eap=no auth_mschapv1=no auth_mschapv2=no tunnel create tunnel_name=MYSERVER \ dest_ipaddr=77.78.79.80 \ hello_timeout=10 \ retry_timeout=10 \ max_retries=60 \ persist=yes session create session_name=MeOnMYSERVER \ tunnel_name=MYSERVER \ interface_name=ppp1 \ user_name=MyLogin \ user_password=MyPassword

  • restart and test ipsec:

    ipsec restart ipsec status

  • output should be like this:

    Routed Connections: MYSERVER{1}: ROUTED, TRANSPORT MYSERVER{1}: 192.168.101.157/32[udp/l2f] === 77.78.79.80/32[udp/l2f] Security Associations (0 up, 0 connecting): none

  • connect

    sudo service openl2tpd restart sudo route add -net {net_behing_VPN_gateway/mask} gw {local_IP_of_VPN_gw}

Hope this helps someone.

Pawel Szubert
  • 21
1

There is a workaround to get l2tp-ipsec on 15.04 but its not very elegant.

I uninstalled strongswan and installed an old openswan trusty .deb package.

http://packages.ubuntu.com/trusty/openswan

I then found .deb files of the old l2tp-ipsec-vpn and l2tp-ipsec-vpn-daemon from trusty by Werner Jaeger.

http://packages.ubuntu.com/trusty/l2tp-ipsec-vpn

http://packages.ubuntu.com/trusty/l2tp-ipsec-vpn-daemon

I installed those, and after I restarted, I was able to connect. However, this took quite a bit of time to get working properly and required installing deprecated packages.

I think that's all I did but if you try this and get another error there may be another package I installed I don't remember.

UPDATE: I had to do this again so I figured I would share the steps. Install the old client: https://launchpad.net/l2tp-ipsec-vpn

Again this is a workaround if you need it in pinch and currently works. That being said, this really needs to be apart of the OS.

sudo apt-get install gksu libgksu2-0 libctemplate2 libengine-pkcs11-openssl libp11-2 xl2tpd

Next download the old binaries and install with dpkg:

wget http://mirrors.kernel.org/ubuntu/pool/universe/o/openswan/openswan_2.6.38-1_amd64.deb

sudo dpkg -i openswan_2.6.38-1_amd64.deb 

wget http://mirrors.kernel.org/ubuntu/pool/universe/l/l2tp-ipsec-vpn/l2tp-ipsec-vpn_1.0.9-1_amd64.deb

wget http://mirrors.kernel.org/ubuntu/pool/universe/l/l2tp-ipsec-vpn-daemon/l2tp-ipsec-vpn-daemon_0.9.9-1_amd64.deb

sudo dpkg -i l2tp-ipsec-vpn_1.0.9-1_amd64.deb
sudo dpkg -i l2tp-ipsec-vpn-daemon_0.9.9-1_amd64.deb

Open the client. Add a connection and configure as needed. Once you try to connect it may take awhile but be patient.

badmadrad
  • 111