Created
May 19, 2019 20:20
-
-
Save gtors/91a4779c521337d4d24eb743865af9a2 to your computer and use it in GitHub Desktop.
linux strongswan client l2tp ipsec psk to windows server behind nat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| ike=3des-sha1-modp1024! | |
| esp=3des-sha1! | |
| conn vpn_psk | |
| keyexchange=ikev1 | |
| left=%defaultroute | |
| auto=add | |
| authby=psk | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=xxx.xxx.xxx.xxx # Public IP or FQDN of the VPN server | |
| rightid=xxx.xxx.xxx.xxx # Local IP (if server behind NAT) | |
| rightsendcert=never |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| : PSK "your pre-shared key" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-chap | |
| refuse-eap | |
| refuse-pap | |
| require-mschap-v2 | |
| noauth | |
| idle 1800 | |
| mtu 1410 | |
| mru 1410 | |
| nodefaultroute | |
| debug | |
| connect-delay 5000 | |
| name "username" | |
| password "password" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| systemctl start strongswan xl2tpd | |
| ipsec up vpn_psk | |
| echo 'c vpn_psk' > /var/run/xl2tpd/l2tp-control |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [global] | |
| access control = yes | |
| debug tunnel = yes | |
| [lac vpn_psk] | |
| lns = xxx.xxx.xxx.xxx # Public IP or FQDN of the VPN server | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment