If ! command -v xl2tpd > /dev/null thenĮcho '`xl2tpd` command not found! Please install xl2tpd. # Based on: # Example `ip route` output before connecting to VPN: # default via 192.168.1.1 dev wlp4s0 proto dhcp src 192.168.1.7 metric 303 # 10.1.14.252 dev ppp0 proto kernel scope link src 10.1.16.107 # 192.168.1.0/24 dev wlp4s0 proto dhcp scope link src 192.168.1.7 metric 303 # Example `ip route` output after connecting to VPN: # default via 10.1.14.252 dev ppp0 # 10.0.0.0/8 via 10.1.14.252 dev ppp0 # 10.1.14.252 dev ppp0 proto kernel scope link src 10.1.16.107 # 71.245.184.58 via 192.168.1.1 dev wlp4s0 # 192.168.1.0/24 dev wlp4s0 proto dhcp scope link src 192.168.1.7 metric 303 set -eu # VPN settings (edit these!) vpn_server_public_ip = '68.68.32.79' vpn_subnet = '10.0.0.0/8' vpn_pingee_local_ip = '10.1.10.22' vpn_shared_secret = 'sh4r3ds3cr3t' vpn_username = 'johndoe' vpn_password = 'j0hn5p455w0rd' # Ensure that we're running as root if ] thenįi # Ensure that required packages are installed if ! command -v ipsec > /dev/null thenĮcho '`ipsec` command not found! Please install Openswan.' exit 1 Usage: save # this file as `vpn`, `chmod +x` it, and run `./vpn ` as root. #!/usr/bin/env bash # Enables or disables a client connection to an L2TP/IPsec VPN. Install Openswan for IPsec and xl2tpd for L2TP: Your user account on the VPN server is johndoe with password j0hn5p455w0rd.
Let’s say you want to connect to a VPN server with public IP address 68.68.32.79 and shared secret sh4r3ds3cr3t. This allows the use of Libreswan and NetworkManager, although on Arch Linux I also had to sudo mkdir -p /var/lib/ipsec/nss since that directory wasn’t created during Libreswan installation (?!) Walkthrough
Update : A less-than-ideal but much easier fix is to build xl2tpd from source with one problematic line commented out. Use the following table to assign arguments to the Linux commands. To start a VPN connection, type either of the following commands: f5fpc - start arguments f5fpc - s arguments Note: This requires the -host or -t argument at the minimum. The initial 10-minute setup is pretty tedious, but once you’ve got it working you can throw it all into a script and never worry about it again. All commands that are invoked on the Linux command line client begin with the command f5fpc. Here’s a fully working solution at the time of writing. pre-shared key) authentication, but every online guide I could find was inaccurate and/or incomplete. I needed to connect a Linux client to an L2TP/IPsec VPN using shared secret (a.k.a. Connecting to an L2TP/IPsec VPN from Linux