Edit the file /etc/ipsec.conf and make sure the following is uncommented:
include /etc/ipsec.d/*.conf
edit the file /etc/ipsec.d/ipsec.conf (you will be creating an empty file), and add the following( the indentations are important):
conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=192.168.214.13 #your public IP , or IP to which the clents will be connecting leftprotoport=17/1701 right=%any rightprotoport=17/%any
Edit the file /etc/ipsec.secrets and make sure the following line is uncommented:
include /etc/ipsec.d/*.secrets
Create and edit the file /etc/ipsec.d/ipsec.secrets and add the following:
192.168.214.13 %any: PSK "server.lap.work"
Enable IP Forwarding in /etc/sysctl.conf (OR make sure it loads when the firewall loads)
net.ipv4.ip_forward = 1
Reload Sysctl settings with the following command:
sysctl -p
Enable masquerading with the following command \ (or put it in the firewall scripts):
iptables -t nat -A POSTROUTING -j MASQUERADE
Create a file /usr/bin/zl2tpset and make it executable, add the following to the file:
NB - first check the /proc/sys/net/ipv4/conf/ folder to see what "sub" folders there are and add "eth1", "eth2" and "default" and "lo" etc as needed. See below.
Download and install xl2pd cd /ztmp/l2tp wget http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz tar zxvf xl2tpd-1.2.4.tar.gz cd xl2tpd-1.2.4 make install
Create and edit with the following commands:
mkdir /etc/xl2tpd
Edit the /etc/xl2tpd/xl2tpd.conf file and add the following: [global] ipsec saref = yes [lns default] ip range = 10.20.0.200-10.20.0.254 local ip = 10.20.0.2 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
