Looking for a simple, stable and significant VPS as your web hosting? Check out DigitalOcean, only $5 per month, and you can get $10 in credit just for signing up now.
As mentioned before, PPTP VPN may be not workable for Mac OS X, at least mine, so that I have to use L2TP/IPSec (L2TP over IPSec) VPN.
This post will show you how to set up a L2TP/IPSec VPN in a VPS, and what you need are a Xen VPS and a computer. Same as the PPTP tutorial, the following steps are based on the Terminal application of Mac, for Linux, the steps will be nearly the same, and for Windows, you need to install Putty first.
By the way, make sure you are using Ubuntu 11.04, since the lower versions (at least Ubuntu 10.04 LTS Lucid 64Bit) may be not workable. Here we go:
I. Connect to your VPS
Run your Terminal, and enter the following command:
Just replace "xxx.xxx.xxx.xxx" with your VPS’ IP, such as "178.18.17.30".
Then you will see the following message:
Are you sure you want to continue connecting (yes/no)?
Enter "yes" and press the "Return" key, then, enter your password and press the "Return" key.
P.S.:
If you’ve rebuilt your VPS, you may meet the following error:
Host key verification failed.
In that case, enter the following command at first:
ssh-keygen -R xxx.xxx.xxx.xxx
Remember to replace "xxx.xxx.xxx.xxx" with your VPS’ IP address.
II. Install OpenSwan
Although you can enter the command "aptitude install openswan" to install OpenSwan directly, it was not workable during my test in two different VPS, so you’d better get OpenSwan from its official website and install.
1. Enter the following command:
aptitude install build-essential
Press the "Return" key, then enter "y" and press the "Return" key again.
2. Enter the following command:
aptitude install libgmp3-dev gawk flex bison
Press the "Return" key, then enter "y" and press the "Return" key again.
3. Enter the following command:
wget http://www.openswan.org/download/openswan-2.6.35.tar.gz
Press the "Return" key.
4. Enter the following command:
tar xzvf openswan-2.6.35.tar.gz
Press the "Return" key.
5. Enter the following command:
cd openswan-2.6.35
Press the "Return" key.
6. Enter the following command:
make programs
Press the "Return" key.
7. Enter the following command:
make install
Press the "Return" key.
P.S.:
a. 2.6.35 is the latest version now, and you can check the OpenSwan website to see if there is a new version later, if yes, you can use it instead of this one.
b. When it says "Enter" something, you can always copy and paste it.
III. Edit IPSec
While OpenSwan is used for IPSec, IPSec is used for L2TP.
1. Enter the following command:
vi /etc/ipsec.conf
Press the "Return" key,enter "dG" to delete all the existing contents, and press the "i" key, then copy and paste the following ones:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=netkey
conn %default
forceencaps=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.VPS.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
Remember to change YOUR.VPS.IP.ADDRESS to your VPS’ IP address, such as 178.18.17.30 for this post. To do so, press the "ESC" key to quit the insert mode, move the cursor to the "Y" letter, press the "i" key, enter your IP address, then press the "ESC" key, and move the cursor over the "YOUR.VPS.IP.ADDRESS" characters to delete them one by one by pressing the "x" key. Or you can edit the contents with Notepad or Stickies and paste them into your Terminal without any edition later.
After that, enter ":wq", then press the "Return" key to save.
P.S.:
You need to press the "i" key before you insert anything, and press the "ESC" key to quit the insert mode, or there will be something wrong.
2. Enter the following command:
vi /etc/ipsec.secrets
Press the "Return" key, and press the "i" key, then enter the following content:
YOUR.VPS.IP.ADDRESS %any: PSK “YourSharedSecret”
For example:
178.18.17.30 %any: PSK “123456abcdef”
(Tips: You need to press the Tab key to make a pace among each value.)
Then press the "ESC" key, enter ":wq", and press the "Return" key to save.
3. Enter the following commands one by one:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
Remember to press the "Return" key after every command.
4. Enter the following command:
service ipsec restart
And then press the "Return" key.
P.S.:
Enter "ipsec verify", press the "Return" key, if everything is right, then you will see the results as the following image:
If not, double check the above steps, especially the "ipsec.conf" settings.
IV. Install L2TP
Based on IPSec, L2TP is used for VPN.
1. Enter the following command:
cd ..
Press the "Return" key and go back to the root.
2. Enter the following command:
aptitude install xl2tpd
Press the "Return" key, enter "y" and press the "Return" key again.
3. Enter the following command:
vi /etc/xl2tpd/xl2tpd.conf
And enter "dG" to delete all the existing contents, then press the "i" key, and paste the following contents:
[global]
; listen-addr = 192.168.1.98[lns default]
ip range = 10.1.1.2-10.1.1.255
local ip = 10.1.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Then press the "ESC" key, enter ":wq", and press the "Return" key to save.
V. Set up xl2tpd
Supposed that your VPS has PPP support already, if not, enter "aptitude install ppp" before the following steps:
1. Enter the following command:
vi /etc/ppp/options.xl2tpd
Press the "Return" key, and press the "i" key, then paste the following codes:
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
Then press the “ESC” key, enter “:wq”, and press the “Return” key to save it.
P.S.:
You can also replace 8.8.8.8 & 8.8.4.4 with 208.67.222.222 & 208.67.220.220.
2. Enter the following command:
vi /etc/ppp/chap-secrets
Press the "Return" key, then press the "i" key to enter the following contents:
username l2tpd password *
For example:
freenuts l2tpd 123456 *
Again, remember to use the "tab" key for a space, and enter “:wq” to save it.
3. Enter the following command:
service xl2tpd restart
Press the "Return" key.
VI. IP forward
This step will let your VPN connect with the whole internet world:
1. Enter the following command:
vi /etc/sysctl.conf
Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and remove the "#" by pressing the "x", then press "ESC", enter ":wq" to save it.
2. Enter the following command:
sysctl -p
Press the "Return" key, then you will only see "net.ipv4.ip_forward=1" as the result if everything is right.
3. Enter the following command:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
Now, you can connect your L2TP/IPSec VPN and use it to get access to any blocked sites, but if you reboot your VPS, your forwarding settings will be gone, to avoid this, you can enter the following command:
vi /etc/rc.local
Press the "Return" key and paste the following contents before the "exit 0" line:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
/etc/init.d/ipsec restart
Save it, then you are done.
Bonus:
The following is a L2TP/IPSec VPN account created in a 2Host VPS according to the above tutorials:
Server Address: 178.18.17.30
Account Name: freenuts
Password: 123456
Shared Secret: 123456abcdef
The above VPN will be free and available for a month, and you can check out this post for how to use it in your computer and mobile phone.
