This is a guide on setting up an IPSEC VPN server on Ubuntu 15.04 using StrongSwan as the IPsec server and for authentication. It has a detailed explanation with every step. We choose the IPSEC protocol stack because of vulnerabilities found in pptpd VPNs and because it is supported on all recent operating systems by default. IPsec VPN Server Auto Setup Scripts. Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.
VPN setup in Ubuntu – General introduction
VPN (Virtual Private Network) lets you establish a secure connection over the non-secure Internet, e.g. from a notebook to an office server.
Getting a VPN to work requires general knowledge on networks, and it may require some specific knowledge on routers, firewalls and VPN protocols.
In order to use VPN on Ubuntu, you need to make sure that support for the required VPN protocol is installed. Several VPN protocols exist:
PPTP (Microsoft VPN)
Cisco VPN
OpenVPN
IPSec VPN
Not covered on this page, so far
Usage
- Click on the network-manager in the system tray
Choose VPN Connections -> Configure VPN
- Click Add
You might have to restart the network-manager to get the added VPN connection on the list (killall nm-applet; nm-applet &)
- Now the VPN connection should be shown in the network-manager
VPN setup in Kubuntu Feisty (7.04)
You have to install the additional package
Please refer to WifiDocs/NetworkManager under VPN support for more information.
VPN setup using the command line
Run the following:
Create file /etc/ppp/peers/YOUR_COMPANY with this content:
Add to /etc/ppp/chap-secrets:
Create file /etc/ppp/ip-up.d/add-subnet with content similar to:
In the above line, adjust subnet values (192.168.100.0/24) if needed
Then run:
- Connect to VPN: sudo pon YOUR_COMPANY To disconnect, press Ctrl+C or close the terminal.
- If you do not want to see VPN connection debug output, in file /etc/ppp/peers/YOUR_COMPANY delete 3 lines: debug nodetach logfd 2
In this case, “pon YOUR_COMPANY” will run as a background process. Use “poff YOUR_COMPANY” to disconnect.
VPN setup in Ubuntu 8.10
I stole these instructions written by mgmiller from http://ubuntuforums.org/showpost.php?p=7089396&postcount=196. This is for connecting to a Microsoft VPN.
- You need to install 2 packages:
- network-manager-pptp
- pptp-linux
- input the IP address of the target computer.
- input your user name. Leave all else blank, unless you are tunneling to a domain, then enter the domain name where indicated.
- hit Advanced button.
- UNcheck PAP (because PAP means to allow unsecured passage - this is the source of 'no shared shared secrets')
- Check CHAP, MSCHAP and MSCHAPv2.
- Check Use Point-to-point encryption (MPPE)
- Select 128-bit (most secure).
- Check Allow stateful encryption.
VPN setup in Ubuntu 9.04
I could not get any VPN working on 9.04. There appears to be some bugs in the configuration tools, you may be able to get things to work via the command line.
VPN setup in Ubuntu 9.10
The following instructions were originally written by sweisler at http://ubuntuforums.org/showpost.php?p=8261958&postcount=6. They have been additionally tested for PPTP to an MS VPN:
- Here's a synopsis of my VPN setups. I have proven this to work on both x86 and x64 for all 3 VPN types. Important note/disclaimer: I tested these configurations on VMware Workstation 7 VM's and a Dell Vostro 220. All installations were fresh installs, not upgrades. Also, please notice that I detail what type of firewall/VPN I am connecting to for each VPN type. There are so many variations on these VPN implementations that it is extremely difficult to generalize a known-good configuration for each.
- Install various VPN components
- PPTP
- pptp-linux
- network-manager-pptp
- vpnc
- network-manager-vpnc
c. OpenConnect
- openconnect
- network-manager-openconnect
- PPTP
- Reboot
- PPTP VPN Configuration - This setup works for connecting to ISA 2004/2006 PPTP VPNs. It should work for connecting to MS PPTP VPN implementations in general. I can't speak for other PPTP VPN implementations.
- Create new PPTP connection
- VPN Tab Settings
- Set Connection name
- Set Gateway
- Set username (for domain-based user accounts, use domainusername)
- DO NOT SET PASSWORD
- DO NOT SET NT DOMAIN
- PPTP Advanced Options (Advanced button)
- uncheck all auth methods EXCEPT MSCHAPv2
- check 'Use Point-to-Point encryption (MPPE)'
- leave Security set at 'All Available (Default)'
- trying to force encryption level causes this option to become unset
- check 'Allow stateful inspection'
- uncheck 'Allow BSD Data Compression'
- uncheck 'Allow Deflate Data Compression'
- uncheck 'Use TCP Header Compression'
- uncheck 'Send PPP Echo Packets' (although connection works either checked or unchecked)
- save configuration
- enter password in login box
- DO NOT check either password save box at this time
- once connection establishes, verify remote connectivity - ping, rdp, ssh, etc.
- disconnect VPN session
- enter password in login box
- check both password save option boxes
- once again verify remote connectivity
- disconnect VPN session
- VPN session should automatically connect using saved auth credentials
- Create new PPTP connection
- VPNC VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.
- Create new VPNC connection
- set connection name
- set Gateway
- set Group Name
- set User Password to 'Saved' and enter password
- set Group Password to 'Saved' and enter password
- set username
- set domain (if applicable)
- leave Encryption Method at 'Secure (Default)'
- set NAT traversal to 'NAT-T'
- save configuration
- open VPNC connection
- if prompted, select 'Always Allow' if you want connection to be automatic
- verify remote connectivity - ping, rdp, ssh, etc.
- disconnect VPN session
- open VPNC connection - session should automatically connect
- Create new VPNC connection
OpenConnect VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.
Create new OpenConnect connection
- set connection name
- set Gateway
- set Authentication type to 'Password/SecurID'
no need to set username, OpenConnect won't store it yet
- save configuration
- open VPN connection
- check 'Automatically start connecting next time'
- click Close
- you will get the 'No Valid VPN Secrets' VPN failure message
- open VPN connection
- accept certificate (if prompted)
- change Group (if necessary)
- enter username (may need to be domainusername)
- enter password
- click Login
- if VPN connection fails, see note below
- verify remote connectivity - ping, rdp, ssh, etc.
- disconnect session
- open VPN connection
- enter password
- session should connect
Note: If you get the 'Login Failed' message, cancel and wait 15-30 minutes before attempting to connect again. Also, I ended up having to use the NT style domainusername pair for authentication, even though a Cisco AnyConnect client connecting to the same ASA only requires username.
More Detail: OpenConnect has been brutal to get connected. I got failed attempt after failed attempt. When I checked the NPS (IAS) log and the Security Event log on the W2K8 domain controller, I could see my user account authenticating properly via RADIUS from the ASA. Yet the OpenConnect client came back with a 'Login Failed' message. I'm not an ASA expert, so I have no idea what to check in the ASA configuration to troubleshoot this problem, other than the basic AAA configuration. But I believe the problem lies in the ASA configuration because when I get the OpenConnect 'Login Failed' message, the AnyConnect client from my Windows laptop fails as well. I think it may be a ridiculously short timeout or max failure setting. Whatever the issue is, I have to wait for some length of time (~15-30 minutes) for whatever the problem is to reset.
However, once I finally get the OpenConnect client to successfully connect, it worked from then on. (Just don't mess with the connection configuration, or you will get to go thru this whole process again.)
VPN setup in Ubuntu 10.04
Ubuntu 10.04 comes preinstalled with VPN support.
This features is available under the networks connections tab.
Ubuntu 18.04 Cisco Ipsec Vpn Client
VPN (last edited 2015-05-21 10:52:58 by waldyrious)
Today we will setup a Site to Site ipsec VPN with Strongswan, which will be configured with PreShared Key Authentication.
After our tunnels are established, we will be able to reach the private ips over the vpn tunnels.
Get the Dependencies:
Update your repository indexes and install strongswan:
Set the following kernel parameters:
Generate Preshared Key:
We will need a preshared key that both servers will use:
Details of our 2 Sites:
Site A:
Site B:
Configure Site A:
We will setup our VPN Gateway in Site A (Paris), first to setup the /etc/ipsec.secrets
file:
Now to setup our VPN configuration in /etc/ipsec.conf
:
Firewall Rules:
Configure Site B:
We will setup our VPN Gateway in Site B (Amsterdam), setup the /etc/ipsec.secrets
file:
Ubuntu Cisco Ipsec Vpn Server
Next to setup our VPN Configuration:
Firewall Rules:
Start the VPN:
Start the VPN on both ends:
Get the status of the tunnel, in this case we are logged onto our Site A (Paris) Server:
Test if we can see the remote end on its private range:
Set the service to start on boot:
Then your VPN should be setup correctly.
Other useful commands:
Start / Stop / Status:
Get the Policies and States of the IPsec Tunnel:
Reload the secrets, while the service is running:
Check if traffic flows through the tunnel:
Adding more connections to your config:
If you have to add another site to your config, the example of the ipsec.secrets
will look like:
And the ipsec.conf
:
Just remember to configure the config on the Frankfurt VPN Gateway, and the example of the status output will look like the following: