Table of Contents
Background
This article explains how to get xl2tpd, which has PPPtP capabilibies, working on Linux. This is useful where you have a server environment and you might need to connect from one server to another server using the L2TP protocol.
If you’re using a Linux desktop based on Ubuntu, e.g. Linux Mint, you can use the built-in network manager to connect to a VPN. If you want to use the command line to connect to a desktop based-in VPN, use this command (see reference here):
nmcli con up id ConnectionName
Note password stored in clear text, so not secure.
Install the Software
ssh to the server or use localhost
Elevate to superuser:
sudo -i
Install both packages:
apt install -y xl2tpd ppp
or
yum install xl2tpd ppp
Configuration Files (there are two)
Backup the default configuration by just renaming it. The reason why we do this is because it’s huge and has 100s of options so it will just be confusing the first time around:
mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.backup
Create a fresh new configuration file:
vi /etc/xl2tpd/xl2tpd.conf
The contents of this fresh new configuration file should look like this:
# cat /etc/xl2tpd/xl2tpd.conf [lac myvpn] name = l2tp_user_name lns = l2tp_server_domain_or_ip pppoptfile = /etc/ppp/peers/myvpn.xl2tpd ppp debug = no
Next create the PPP options file referred to by the above configuration file:
vi /etc/ppp/peers/myvpn.xl2tpd
root@nms:~# cat /etc/ppp/peers/myvpn.xl2tpd remotename myvpn user "username" password "secret" unit 0 nodeflate nobsdcomp noauth persist nopcomp noaccomp maxfail 5 debug
Starting the service and connecting the VPN
Next Start the service. If you change credentials or all new files, restart the service:
systemctl start xl2tpd
Connect:
sh -c 'echo "c myvpn" > /var/run/xl2tpd/l2tp-control'
Checking if the service is running
Here are two methods to see if the service is running:
> netstat -tuln | grep 1701 udp 0 0 0.0.0.0:1701 0.0.0.0:*
Or
systemctl status xl2tpd
Troubleshooting tips?
Do `ifconfig` or ip addr and look for pppo0
Checking the log file
tail -f /var/log/syslog | grep pppd
How to add a VPN route
route add -host 192.168.8.20 dev ppp0
Errors
Unauthorized remote IP address
Feb 10 16:28:53 host01 pppd[1038040]: rcvd [IPCP TermReq id=0x2 "Unauthorized remote IP address"]
Check for noipdefault
vi /etc/ppp/options
Look for this and uncomment it:
# Disables the default behaviour when no local IP address is specified, # which is to determine (if possible) the local IP address from the # hostname. With this option, the peer will have to supply the local IP # address during IPCP negotiation (unless it specified explicitly on the # command line or in an options file). noipdefault
Checking remote username and password
Log into the remote VPN server and check your IP address and username:
cat /etc/ppp/chap-secrets
Just one connection allowed
Your L2TP might only allow one connection. Disconnect first and try again.
Routing
You might have to route:
ip route add 172.168.1.42 via 10.0.10.1 dev ppp0
Route not found
When you do this:
# route add -host 172.168.1.42 dev ppp0
Command ‘route’ not found, but can be installed with:
apt install net-tools
Password Errors
A password problem will manifest itself like this:
May 20 05:36:13 hv7 pppd[2090478]: sent [LCP EchoReq id=0x0 magic=0x3541b8c1] May 20 05:36:13 hv7 pppd[2090478]: rcvd [CHAP Challenge id=0x72 <a0024cc7e81e087501fe613fb8d4755c3d2d60c88610be>, name = "l2tpd"] May 20 05:36:13 hv7 pppd[2090478]: sent [CHAP Response id=0x72 <eede46c2d4780d64d23c5f8865c3a5ac>, name = "YOUR_USERNAME"] May 20 05:36:13 hv7 pppd[2090478]: rcvd [LCP EchoRep id=0x0 magic=0x2897188] May 20 05:36:13 hv7 pppd[2090478]: rcvd [CHAP Failure id=0x72 "Access denied"] May 20 05:36:13 hv7 pppd[2090478]: CHAP authentication failed: Access denied May 20 05:36:13 hv7 pppd[2090478]: CHAP authentication failed