Scripts for automatic configuration of an IPsec/L2TP VPN server on Ubuntu 16.04/14.04/12.04, Debian 8 and CentOS 6 & 7. All you need to do is providing your own values for `IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD`, and let them handle the rest.
We will use <ahref="https://libreswan.org/"target="_blank">Libreswan</a> as the IPsec server, and <ahref="https://www.xelerance.com/services/software/xl2tpd/"target="_blank">xl2tpd</a> as the L2TP provider.
A newly created <ahref="https://aws.amazon.com/ec2/"target="_blank">Amazon EC2</a> instance, using these AMIs: (See <ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup"target="_blank">instructions</a>)
<ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps"target="_blank">**» I want to run my own VPN but don't have a server for that**</a>
If unable to download via `wget`, you may alternatively open <ahref="vpnsetup.sh"target="_blank">vpnsetup.sh</a> (or <ahref="vpnsetup_centos.sh"target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
Get your computer or device to use the VPN. Search the web for instructions, e.g. <ahref="https://www.google.com/search?q=setup+l2tp+client"target="_blank">google.com/search?q=setup+l2tp+client</a>
For **Windows users**, a <ahref="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809"target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Also make sure that `CHAP`<ahref="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875"target="_blank">is enabled</a> under "Allow these protocols" in the "Security" tab of VPN properties.
**Android 6 (Marshmallow) users**: After install, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then <ahref="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow"target="_blank">add a new line</a>`sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
**iPhone/iPad users**: In iOS settings, choose `L2TP` (instead of `IPSec`) as the VPN type. In case you are unable to connect, edit `ipsec.conf` and replace `rightprotoport=17/%any` with `rightprotoport=17/0`. Then restart `ipsec` service.
If you wish to create multiple VPN users with different credentials, just <ahref="https://gist.github.com/hwdsl2/123b886f29f4c689f531"target="_blank">edit a few lines</a> in the scripts.
Clients are configured to use <ahref="https://developers.google.com/speed/public-dns/"target="_blank">Google Public DNS</a> when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`.
For Amazon EC2 instances only: In the <ahref="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html"target="_blank">security group</a>, open UDP ports 500 & 4500 and TCP port 22 (optional, for SSH).
If you configured a custom SSH port (not 22) or wish to allow other services, edit <ahref="vpnsetup.sh#L278"target="_blank">IPTables rules</a> before using the scripts.
The additional scripts <ahref="vpnupgrade_Libreswan.sh"target="_blank">vpnupgrade_Libreswan.sh</a> and <ahref="vpnupgrade_Libreswan_centos.sh"target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to periodically upgrade Libreswan to the latest version. Check the <ahref="https://libreswan.org"target="_blank">official website</a> and update the `SWAN_VER` variable as necessary.
- Have a question? Please first search other people's comments <ahref="https://gist.github.com/hwdsl2/9030462#comments"target="_blank">in this Gist</a> and <ahref="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread"target="_blank">on my blog</a>.
- Ask Libreswan (IPsec) related questions <ahref="https://lists.libreswan.org/mailman/listinfo/swan"target="_blank">on the mailing list</a>, or read these wikis: <ahref="https://libreswan.org/wiki/Main_Page"target="_blank">[1]</a><ahref="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server"target="_blank">[2]</a><ahref="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup"target="_blank">[3]</a><ahref="https://help.ubuntu.com/community/L2TPServer"target="_blank">[4]</a><ahref="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation"target="_blank">[5]</a>.
- If you found a reproducible bug, open a <ahref="https://github.com/hwdsl2/setup-ipsec-vpn/issues"target="_blank">GitHub Issue</a> to submit a bug report.
Copyright (C) 2014-2016 Lin Song <ahref="https://www.linkedin.com/in/linsongui"target="_blank"><imgsrc="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png"width="160"height="25"border="0"alt="View my profile on LinkedIn"></a>
This work is licensed under the <ahref="http://creativecommons.org/licenses/by-sa/3.0/"target="_blank">Creative Commons Attribution-ShareAlike 3.0 Unported License</a>