The last step is to edit /etc/ppp/chap-secrets and insert records for all logins allowed into the VPN: # Secrets for authentication using CHAP Then /etc/ppp/options.xl2tpd: ipcp-accept-local Moving on to xl2tp, edit /etc/xl2tpd/nf to contain: Next edit /etc/crets and define the PSK secret (preshared key as it’s named in most clients) for IPSec: 192.168.1.1 %any: PSK yoursecretkey Xl2tpd To set up a server on CentOS, we start by installing the necessary software:Įdit /etc/rc.local and add the following at the end: # Correct ICMP Redirect issues with OpenSWANįor each in /proc/sys/net/ipv4/conf/* doĮdit /etc/nf to contain: config setup 192.168.1.254 – router NATting internet traffic for the LAN.192.168.1.101-120 – local IP range used for the L2TP tunnels, outside of the DHCP allocation range.192.168.1.1 – peer local IP of the L2TP VPN.192.168.1.100 – LAN IP of VPN server (also running the DNS server).The numbers used in the configurations below – adjust them to suit your specific network setup needs: This way, there are 2 passwords required – one for the IPSec component provided by OpenSWAN (set as the pre-shared key), and one for the actual user account which is connecting to the VPN. pppd provides authentication for users.It talks to pppd to authenticate a user, and then makes that user appear on the local network as some IP in its defined range. xl2tpd provides the component which connects the two networks (the client’s and the server’s) together.On connection, the client provides a pre-shared key to the server, and then OpenSWAN establishes the IPSEC tunnel and passes control to xl2tpd. OpenSWAN provides the IPSEC component, encapsulating packets from the client to/from the server, providing basic network connectivity and authentication.Prerequisitesĭue to its double-encapsulation nature (L2TP performs the tunnelling of data and IPSec provides the encrypted channel), L2TP/IPSec has a more complex setup and configuration procedure, both for the server and the client:
The next best thing (and least complicated to set up going from PPTP) is IPSec/L2TP, which has built-in support in most current operating systems (including Windows, Linux and Android). I’ve been using PPTP as a VPN solution for a while (despite is security obsolescence) however I have the feeling that one of my ISPs has started filtering and/or throttling PPTP traffic that goes outside its network.Īs a result, I had to look for an alternate VPN system to use when I need to dial back to my home network while on the move to access my media library or when I require a trusted connection or a whitelisted IP.