User Rating: 5 / 5

Star Active Star Active Star Active Star Active Star Active
 
l2tp.png

So I was in a situation; in order to help my friend to manage his servers, I have to connect through his L2TP VPN. After a little digging, I figure out how to do that with xl2tpd. However, the situation was not ideal, it was overwhelming to start manually the connection plus adding manually the routes (since xl2tpd doesn't have a way to add them).

So, let's take a look at the initscripts. Initscripts are wonderful, they allow you to configure different types of interfaces and turn them up/down with an ifup/ifdown command. The only problem is that they do not support L2TP.

Here is what I did.

Modify the Files

Start by editing /usr/sbin/vpn-start and add the l2tp support:

#!/usr/bin/sh

TYPE=$1
NAME=$2
shift 2
if [ -z "$TYPE" ] || [ -z "$NAME" ]; then
  echo "usage: $0: <VPN type> <VPN name> [parameters]"
fi

DIR=/etc/sysconfig/network-scripts/vpn.d/"$TYPE"
CONFIG="$DIR"/"$NAME".conf
PID=/var/run/"$TYPE"-"$NAME".pid

. /etc/init.d/functions

if pidofproc "$PID" >/dev/null; then
   gprintf "Connection is already started, please stop it first.\n"
   exit 1
fi

case $TYPE in
    pptp)
       gprintf "No implementation for connection type $TYPE yet.\n";
       exit 1
    ;;
    openvpn)
       action "Starting VPN connection: " openvpn --user openvpn --group openvpn --daemon --writepid $PID --config $CONFIG --cd $DIR $*
    ;;
    vpnc)
       action "Starting VPN connection: " /usr/sbin/vpnc $CONFIG --pid-file $PID $*
    ;;
    xl2tp)
       /sbin/service xl2ptd start >/dev/null 2>&1
       action "Starting xL2TP connection " /usr/bin/echo "c ${NAME}" > /var/run/xl2tpd/l2tp-control
    ;;
    *)
       gprintf "Connection type $TYPE is not supported.\n";
       exit 1
    ;;
esac

Later edit /etc/sysconfig/network-scripts/ifup.d/vpn and add the routing support.

#!/usr/bin/sh

if [ -r /etc/sysconfig/network-scripts/ifcfg-$1 ]; then
   . /etc/sysconfig/network-scripts/ifcfg-$1
   if [ -n "$VPN_TYPE" ] && [ -n "$VPN_NAME" ]; then
       /usr/sbin/vpn-start $VPN_TYPE "$VPN_NAME"
       exec /etc/sysconfig/network-scripts/ifup-routes ${VPN_NAME} ${VPN_DEVICE}
   fi
fi

Configuration of an L2TP VPN with the Linux Initscripts

The first step is configuring the xl2tpd daemon. Edit the /etc/xl2tpd/xl2tpd.conf and add something like this:

[lac VPN_NAME]
lns = vpn.thinkers.ca
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

Later, create or edit the /etc/ppp/options.l2tpd.client file with the following content:

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
usepeerdns
debug
connect-delay 5000
name YOUR_VPN_USERNAME
password YOUR_VPN_PASSWORD

My laptop's wifi interface is named wlo1, therefore the file I will edit is /etc/sysconfig/network-scripts/ifcfg-wlo1. Just edit the following content:

VPN_TYPE=xl2tp
VPN_NAME=VPN_NAME
VPN_DEVICE=ppp0

Lastly, edit/create the /etc/sysconfig/network-scripts/route-VPN_NAME. One network per line.

10.35.35.71
172.26.52.0/24

Note that the VPN_NAME is specified in three files, you must make them match (including lowercase). Since there is no easy way to know what is the number of the PPP interface, use ppp0 (or ppp1 if you always have a ppp0 on). In my very specific case, I don't use PPP connections but for VPN and not very often, therefore it is safe to use ppp0.

All set, I just did an ifup wlo1 and I got a connection to the VPN with my routes set.

Good luck!

blog comments powered by Disqus

About

Read about IT, Migration, Business, Money, Marketing and other subjects.

Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.