# IPsec VPN Server Auto Setup Scripts [![Build Status](https://static.ls20.com/travis-ci/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.
We will use <ahref="https://libreswan.org/"target="_blank">Libreswan</a> as the IPsec server, and <ahref="https://github.com/xelerance/xl2tpd"target="_blank">xl2tpd</a> as the L2TP provider.
<ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/"target="_blank">**» Related tutorial: IPsec VPN Server Auto Setup with Libreswan**</a>
A newly created <ahref="https://aws.amazon.com/ec2/"target="_blank">Amazon EC2</a> instance, using these AMIs: (See <ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup"target="_blank">instructions</a>)
A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <ahref="extras/vpnsetup-debian-7-workaround.sh"target="_blank">this workaround</a>. OpenVZ VPS is not supported, users could instead try <ahref="https://github.com/Nyr/openvpn-install"target="_blank">OpenVPN</a>.
This also includes Linux VMs in public clouds such as Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean, Vultr and Linode.
<ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps"target="_blank">**» I want to run my own VPN but don't have a server for that**</a>
For installation on DigitalOcean, check out this <ahref="https://usefulpcguide.com/17318/create-your-own-vpn/"target="_blank">step-by-step guide</a> by Tony Tran.
**Note:** If unable to download via `wget`, you may also open <ahref="vpnsetup.sh"target="_blank">vpnsetup.sh</a> (or <ahref="vpnsetup_centos.sh"target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
For **Windows users**, this <ahref="docs/clients.md#regkey"target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). If you get an error when trying to connect, see <ahref="docs/clients.md#troubleshooting"target="_blank">Troubleshooting</a>.
Clients are set to use <ahref="https://developers.google.com/speed/public-dns/"target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server.
For servers with an external firewall (e.g. <ahref="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html"target="_blank">EC2</a>/<ahref="https://cloud.google.com/compute/docs/networking#firewalls"target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
To open additional ports on the server, edit the IPTables rules in `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS). Then reboot your server.
When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`.
The additional scripts <ahref="extras/vpnupgrade.sh"target="_blank">vpnupgrade.sh</a> and <ahref="extras/vpnupgrade_centos.sh"target="_blank">vpnupgrade_centos.sh</a> can be used to upgrade Libreswan (<ahref="https://libreswan.org"target="_blank">website</a> | <ahref="https://lists.libreswan.org/mailman/listinfo/swan-announce"target="_blank">mailing list</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
- Got a question? Please first search other people's comments <ahref="https://gist.github.com/hwdsl2/9030462#comments"target="_blank">in this Gist</a> and <ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread"target="_blank">on my blog</a>.
- Ask Libreswan (IPsec) related questions <ahref="https://lists.libreswan.org/mailman/listinfo/swan"target="_blank">on the mailing list</a>, or read these articles: <ahref="https://libreswan.org/wiki/Main_Page"target="_blank">[1]</a><ahref="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server"target="_blank">[2]</a><ahref="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup"target="_blank">[3]</a><ahref="https://help.ubuntu.com/community/L2TPServer"target="_blank">[4]</a><ahref="https://libreswan.org/man/ipsec.conf.5.html"target="_blank">[5]</a>.
- If you found a reproducible bug, open a <ahref="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue"target="_blank">GitHub Issue</a> to submit a bug report.
Copyright (C) 2014-2016 Lin Song <ahref="https://www.linkedin.com/in/linsongui"target="_blank"><imgsrc="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png"width="160"height="25"border="0"alt="View my profile on LinkedIn"></a>
This work is licensed under the <ahref="http://creativecommons.org/licenses/by-sa/3.0/"target="_blank">Creative Commons Attribution-ShareAlike 3.0 Unported License</a>