How to get L2TP working from the Linux command line

This article explains how to get xl2tpd, which has PPPtP cababilibies, working on Linux. This is useful where you have a server environment and you might need to connect from one server to another server.

If you’re using a Linux desktop based on Ubuntu, e.g. Linux Mint, you can use the built-in network manager to connect to a VPN. If you want to use the command line to connect to a desktop based-in VPN, use this command (see reference here):

nmcli con up id ConnectionName

Note password stored in clear text, so not secure.

ssh to server or use localhost

sudo -i

apt-get install -y xl2tpd ppp

or

yum install xl2tpd ppp

mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.backup

vi /etc/xl2tpd/xl2tpd.conf

When done:

# cat /etc/xl2tpd/xl2tpd.conf
[lac myvpn]
name = l2tp_user_name
lns = l2tp_server_domain_or_ip
pppoptfile = /etc/ppp/peers/myvpn.xl2tpd
ppp debug = no

vi /etc/ppp/peers/myvpn.xl2tpd

[email protected]:~# cat /etc/ppp/peers/myvpn.xl2tpd 
remotename myvpn
user "username"
password "secret"
unit 0
nodeflate
nobsdcomp
noauth
persist
nopcomp
noaccomp
maxfail 5
debug

Start the service. If you change credentials or all new files, restart the service:

systemctl start xl2tpd

Now connect:

sh -c 'echo "c myvpn" > /var/run/xl2tpd/l2tp-control'

Troubleshooting tips?

Do `ifconfig` or ip addr and look for pppo0

Checking the log file

tail -f /var/log/syslog | grep pppd

How to add a VPN route

route add -host 192.168.8.20 dev ppp0

Errors

Unauthorized remote IP address
Feb 10 16:28:53 host01 pppd[1038040]: rcvd [IPCP TermReq id=0x2 "Unauthorized remote IP address"]

Check noipdefault

cat /etc/ppp/options

Look for this and possibly uncomment:

# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault

Checking remote username and password

Log into the remote VPN server and check your IP address and username:

cat /etc/ppp/chap-secrets

Just one connection allowed

Your L2TP might only allow one connection. Disconnect first and try again.

Route not found

When you do this:

# route add -host 172.168.1.42 dev ppp0

Command ‘route’ not found, but can be installed with:

apt install net-tools

References

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top