L2TP VPN Client

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
xwin78
Level 1
Level 1
Posts: 41
Joined: Mon Dec 17, 2007 1:11 am
Location: Mid-West, USA

L2TP VPN Client

Post by xwin78 »

All,

Would love some guidance on L2TP over IPSEC VPN client software for Mint 18.1. I've been gone for 10years but Im back and minty as ever.

Thanks in advance.
live for what you'd die for

xwin78
Level 1
Level 1
Posts: 41
Joined: Mon Dec 17, 2007 1:11 am
Location: Mid-West, USA

Re: L2TP VPN Client

Post by xwin78 »

Any help would be much appreciated.
live for what you'd die for

User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Re: L2TP VPN Client

Post by chrisuk »

I use OpenVPN, but am no expert... maybe someone more knowledgeable will reply. Until then; have a read here

Oh, and welcome back ;)
Chris

Manjaro MATE - MX Linux - LMDE MATE

desperados
Level 3
Level 3
Posts: 160
Joined: Wed Apr 13, 2016 1:57 am

Re: L2TP VPN Client

Post by desperados »

I've the same need
I've to connect to my work, I need L2TP/IPSec client
I've installed KVPNC but it says to me that it needs ipsec daemon
I've installed strongswan but it is not enough

desperados
Level 3
Level 3
Posts: 160
Joined: Wed Apr 13, 2016 1:57 am

Re: L2TP VPN Client

Post by desperados »


canove
Level 1
Level 1
Posts: 3
Joined: Wed Mar 29, 2017 7:01 pm

Re: L2TP VPN Client

Post by canove »

I have the same need. Waiting for a solution...

desperados
Level 3
Level 3
Posts: 160
Joined: Wed Apr 13, 2016 1:57 am

Re: L2TP VPN Client

Post by desperados »

I've seen a new client here: https://github.com/nm-l2tp/network-manager-l2tp
but it's not clear to me how to install a gui client

psg9196
Level 1
Level 1
Posts: 12
Joined: Wed Apr 26, 2017 2:24 am

Re: L2TP VPN Client

Post by psg9196 »

I battled this for a couple of days (due to ignorance :D ), but here is my specific case and the solution.

Case:
  • Meraki VPN L2TP/IPSEC router with Pre Shared Key (PSK) and Windows Active Directory authentication
  • mint 18.1 Cinnamon
  • kernel 4.10.0-20
Solution:
  1. Necessary libraries (all available in the standard distribution) - mark them for installation in Synaptic Package Manager
    1. Core packages that bring the necessary dependencies(start here)
      • network-manager-l2tp-gnome (1.2.4-0ubuntu1~xenial1)
      • strongswan (5.3.5-1ubuntu3.1)
      • strongswan-plugin-openssl (5.3.5-1ubuntu3.1)
    2. All packages (after selecting list 1, make sure you have all these "Marked for Installation") that need to be installed
      • network-manager-l2tp (1.2.4-0ubuntu1~xenial1)
      • network-manager-l2tp-gnome (1.2.4-0ubuntu1~xenial1)
      • strongswan (5.3.5-1ubuntu3.1)
      • strongswan-libcharon (5.3.5-1ubuntu3.1)
      • strongswan-plugin-openssl (5.3.5-1ubuntu3.1)
      • strongswan-charon (5.3.5-1ubuntu3.1)
      • strongswan-starter (5.3.5-1ubuntu3.1)
      • libstrongswan (5.3.5-1ubuntu3.1)
      • libstrongswan-standard-plugins (5.3.5-1ubuntu3.1)
      • xl2tpd (1.3.6+dfsg-4)
  2. Configure the Network Manager thru the applet (lower right corner of the desktop)
    1. Click on the applet and select "Network Connections"
    2. In the dialog box click Add and then select "Point-to-Point Tunneling Protocol (L2TP)" under the VPN item and click the "Create..." button
    3. A new VPN connection dialog will show up - enter the name of the connection as desired and the following in the "VPN" tab:
      • Gateway: the IP or host name of the remote VPN router/gateway
      • User name: your NT account user name
      • Password: leave it to "Ask for this password every time" - this is the default option by clicking the icon at the right end of the field
      • NT Domain: enter the NT active directory or domain name (for my case it was a simple name, not name.com e.g.)
      • Click the "IPsec Settings..." button end enter the following in the new dialog box:
        • Check the "Enable IPsec tunnel to L2TP host"
        • Leave "Group Name" and "Gateway ID" blank
        • Pre-shared key: enter the PSK
      • Click the "PPP Settings..." and enter the following in the new dialog box:
        • In the "Allow the following authentication methods:" list uncheck all but PAP and MSCHAPv2
        • Check the "Use Point-to-Point encryption (MPPE)" box and leave "Allow stateful encryption" unchecked
        • Leave "Allow BSD data compression" and "Allow Deflate data compression" checked
        • Uncheck the next three "Use ..." check boxes
        • Check the "Send PPP echo packets" box
        • Set "MTU" and "MRU" to 1200
Don't ask me why it works :) - this setup is the result of countless trials and errors from numerous suggestion and remarks on numerous blogs and mailing lists.
I hope it helps.

BDaddyG
Level 1
Level 1
Posts: 1
Joined: Wed May 17, 2017 1:23 pm

Re: L2TP VPN Client

Post by BDaddyG »

I have the same setup as psg9196 (Meraki and a fresh install of Mint 18.1 Cinnamon)

I ran into trouble following his process when I couldn't find network-manager-l2tp-gnome in the repository.

I used the guide at http://blog.z-proj.com/enabling-l2tp-ov ... untu-16-04 (I actually followed the steps because the listed PPA package doesn't have the IPSec settings Advanced options dialog which my setup requires).

This installed everything except for 3DES support which I was able to add by installing strongswan-plugin-openssl.

I could then follow psg9196's steps starting at: "B. Configure the Network Manager thru the applet (lower right corner of the desktop)" and stopping at "Click the "PPP Settings..."".

My setup required adding specific Phase1 and Phase2 Algorithms (which I found at https://github.com/nm-l2tp/network-manager-l2tp in the VPN servers using broken IPsec IKEv1 cipher suites section) to IPSec Settings --> Advanced options and didn't require any changes to PPP settings.

Be sure to restart your computer after doing the install so that VPN tab will appear when you create the new VPN connection.

BDaddyG

psg9196
Level 1
Level 1
Posts: 12
Joined: Wed Apr 26, 2017 2:24 am

Re: L2TP VPN Client

Post by psg9196 »

Unfortunately with the 1.2.6 patch my VPN is not working again, so I'm back to square 1

psg9196
Level 1
Level 1
Posts: 12
Joined: Wed Apr 26, 2017 2:24 am

Re: L2TP VPN Client

Post by psg9196 »

Thanks to Doug who maintains the library, there was a quick resolution.
So we don't bother him all at once, I wan to share the solution in my case.
What he did is execute:
sudo systemctl stop strongswan
sudo ike-scan <your VPN gateway>
which responded with
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
<your gateway ip> Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec). 1 returned handshake; 0 returned notify

from which he concluded that I had to enter in the advanced IPSec settings:
Phase1 Algorithms : 3des-sha1-modp1024
Phase2 Algorithms : 3des-sha1

Thanks Doug!

I can only guess this is what helped BDaddyG...
The Advanced settings was added to be able to overwrite the default IPSec ciphers of strongwan in order to provide backward compatibility with routers configured with week ciphers.

pompey58
Level 1
Level 1
Posts: 2
Joined: Wed May 31, 2017 2:51 am

Re: L2TP VPN Client

Post by pompey58 »

i have been trying to get IPsec/L2tp preshared key to work for sometime with no success.
My problem is 2 fold,
1) I am a novice in Linux and although very familiar with windows, I would like to move away since the launch of W10. (the learning curve is steep)
2) I have a small windows server that is setup for VPN IPsec/L2tp preshared key so I can still use Google from China. (So moving to Linuxmint, the VPN is a must)

So what I am looking for is a step by step install instruction to get this feature working from a clean install if necessary. who can help?

Many thanks in advance.

psg9196
Level 1
Level 1
Posts: 12
Joined: Wed Apr 26, 2017 2:24 am

Re: L2TP VPN Client

Post by psg9196 »

pompey58 wrote:i have been trying to get IPsec/L2tp preshared key to work for sometime with no success.
My problem is 2 fold,
1) I am a novice in Linux and although very familiar with windows, I would like to move away since the launch of W10. (the learning curve is steep)
2) I have a small windows server that is setup for VPN IPsec/L2tp preshared key so I can still use Google from China. (So moving to Linuxmint, the VPN is a must)

So what I am looking for is a step by step install instruction to get this feature working from a clean install if necessary. who can help?

Many thanks in advance.
Hi pompey58,

Have in mind that every case is different, so you may need to experiment a bit.
You can follow the steps from my post (April 26, 2017) - the only thing that I missed (spotted by BDaddyG) is adding the repository. You can execute the following steps before following the post - in a terminal execute:
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update

Since you are probably going to get the latest version, check my post from May 20, 2017. Note that the ike-scan may not detect your VPN - it worked for my legacy VPN but not for the company production VPN, and I am not knowledgeable enough to make it work with all possible options...

I hope this helps and good luck.

canove
Level 1
Level 1
Posts: 3
Joined: Wed Mar 29, 2017 7:01 pm

Re: L2TP VPN Client

Post by canove »

These simple steps works for me on a fresh install:

- Install necessary packages:

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome
sudo apt-get install strongswan-plugin-openssl

- Logout and Login

- Configure client with advanced Ipsec settings:

Phase1 Algorithms : 3des-sha1-modp1024
Phase2 Algorithms : 3des-sha1

Thanks @psg9196!

pompey58
Level 1
Level 1
Posts: 2
Joined: Wed May 31, 2017 2:51 am

Re: L2TP VPN Client

Post by pompey58 »

Thank you gentlemen,

I will give it try and see if I can get to work.

Really a pity that this doesn't work out of the box.
Just another small barrier to do away with Microsoft.

I will let you know how I fare. For good or for worse.

VergingVertex
Level 1
Level 1
Posts: 1
Joined: Tue Jun 13, 2017 2:14 pm

Re: L2TP VPN Client

Post by VergingVertex »

I followed these instructions, but don't have the client applet.

I used to use l2tp/ipsec with Mint 17.x, but getting it to work on 18 is non-trivial. Is the `network-manager-gnome` the GUI portion?

I may be able to code up a simple script to connect/disconnect without the GUI, but will have to find my notes from a long time ago.

Has anyone tried this lately on 18.1 having the same issues I'm having (no applet)?

sergueidob
Level 1
Level 1
Posts: 2
Joined: Thu Jun 15, 2017 8:23 pm

Re: L2TP VPN Client

Post by sergueidob »

Wow!!!

I've been looking for a solution on that for 2 years already...worked as charm with Mint 18.1 Cinnamon!

thanks @psg9196! @canove

hgzr
Level 1
Level 1
Posts: 14
Joined: Sun Aug 16, 2009 6:30 am

Re: L2TP VPN Client

Post by hgzr »

Tried to use the same steps for linux mint 17.3 but had trouble with finding some packages. Installed all I could find from the list in the thread.

"Point-to-Point Tunneling Protocol (L2TP)" doesn't show up in the network manager gui under the create tab. IPsec/IKv2 strongswan is on the list with the default PPTP.

When I try with either of those, the setting mentioned aren't the same with the windows that opened up.

Surprisingly, linux mint isn't supported by pia at least that's what the support told me. Any help would be appreciated.

rickcr
Level 1
Level 1
Posts: 2
Joined: Fri Sep 01, 2017 12:34 pm

Re: L2TP VPN Client

Post by rickcr »

Sigh. My MacBookPro (which I love) is getting old and work just gave me a windows 10 laptop. I really just want to use Linux Mint on it, but until I can get VPN working, I'm stuck with using Linux in a VM on this windows machine. It's frustrating because on my Mac it's freakin' easy to set up my VPN connection. I believe I have all the VPN packages installed as mentioned in this thread, and I have the option to set up L2TP in the network manager but trying all the settings above I can't get it to work. I basically try to connect and then the manager doesn't say anything but just never connects.

Since MacOS has a Unix based underpinning why is it so difficult for me to find a basic l2tp client that just lets me enter in some minimal details and have it just work?
All I'm needing to enter for my Mac "L2TP over IPSec" is:

server address:
account name: (my user name)
shared secret: (is this "Pre-shared Key in IPsec settings in network manager vpn config for l2tp on Mint? I never find anything exactly saying "Shared Secret" ?)

And that's it! Bingo works out of the box. Simple.
Any help much appreciated.

rickcr
Level 1
Level 1
Posts: 2
Joined: Fri Sep 01, 2017 12:34 pm

Re: L2TP VPN Client

Post by rickcr »

/bump. Real shame since linux is much slower in my VM than native, I really want to get this VPN thing worked out.

Post Reply

Return to “Newbie Questions”