Instalasi xl2tp VPN pada Ubuntu

Tulisan yang berwarna biru artinya harus dirubah atau bisa dirubah sesuai dengan konfigurasi dari server.

Sumber: https://kayama.dp.ua/blog/ubuntu-16-04-how-to-setup-l2tp-over-ipsec-vpn-serv.html
 
#########################################################################

Step 1 : Install strongswan dan xl2tp

How to setup L2TP over IPSec VPN server (Ubuntu 16.04)

apt-get install strongswan xl2tpd
# (optional, need to check ) apt-get install ppp libgmp3-dev bison flex

 

Step 2 : Edit file ipsec.conf

# /etc/ipsec.conf — Openswan IPsec configuration file modified for Strongswan
# (c) Kayama 2018
# Add connections here

conn L2TP-IPSEC
    authby=secret
    rekey=no
    keyingtries=3
    type=transport
    esp=aes128-sha1
    ike=aes128-sha-modp1024
    ikelifetime=8h
    keylife=1h
    left=*.*.*.* # your IP Public VPN Server 
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    rightsubnet=0.0.0.0/0
    auto=add
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    #force all to be nat'ed. because of iOS
    forceencaps=yes

 

Step 2 : Execute the below commands to enable kernel IP packet forwarding and disable ICP redirects.

echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.accept_source_route = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.send_redirects = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | tee -a /etc/sysctl.conf

for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done

Step 4 : Edit ipsec.secrets.

# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.

: PSK "TypeYourPassPhraseHere"

 

Step 5 : Edit /etc/ppp/options.xl2tpd 

require-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1450
mru 1450
connect-delay 5000
lock
hide-password
local
#debug
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

  

Step 6 : Edit /etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = no
debug tunnel = no
debug avp = no
debug network = no
debug state = no
access control = no
rand source = dev
port = 1701
auth file = /etc/ppp/chap-secrets

[lns default]
ip range = 172.16.12.10-172.16.12.254
local ip = 172.16.12.1
require authentication = yes
name = l2tp
pass peer = yes
ppp debug = no
length bit = yes
refuse pap = yes
refuse chap = yes
pppoptfile = /etc/ppp/options.xl2tpd

 

Step 7 : Edit /etc/ppp/chap-secrets file

test    l2tpd     TestTest      *

 

Step 8 : Restart service to make sure configuration was loaded.

service xl2tpd start / restart / stop
service strongswan start / restart / stop

Everything should work fine!
######################################

Modifikasi
####################

And finally add password to the /etc/ppp/chap-secrets file

test    l2tpd     TestTest      "*"    #hanya l2tp
test1     pptpd    test1        "*"    #hanya pptp

test2    *        test2        "*" #untuk semua l2tp/pptp/sstp