L2TP over IPsec VPN client setup
L2TP/IPsec VPN client setup
Table of Contents
1 Linux
1.1 Gentoo
1.1.1 NetworkManager
- Open the NetworkManager UI, then:
- Go to Network > VPN. Click +.
- Select Layer 2 Tunneling Protocol (L2TP).
- You can choose a name for the VPN.
- Enter Your VPN Server IP for the Gateway.
- Enter Your VPN Username for the User name.
- Right-click the ? in the Password field, select Store the password only for this user.
- You might want to use Store password for all users.
- Enter Your VPN Password for the Password.
- Leave the NT Domain field blank.
- Click the IPsec Settings… button.
- Check the Enable IPsec tunnel to L2TP host checkbox.
- Leave the Gateway ID field blank.
- Enter Your VPN IPsec PSK for the Pre-shared key.
- Then click Add to save the VPN connection information.
1.1.2 Strongswan interactions
- By default, strongswan is built with capabilities support and the ability to run as an unprivileged user.
- However, capabilities are not configured in NetworkManager.
- As a result, the connection is not established.
- You can solve the problem as follows:
- either install strongswan without capabilities support and the ability to run as an unprivileged user:
USE="-caps -non-root" emerge strongswan - either build NetworkManager with capabilities support (see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1053).
- either install strongswan without capabilities support and the ability to run as an unprivileged user:
Links to this note
Dmitry S. Kulyabov
Professor of the Department of Probability Theory and Cybersecurity
My research interests include physics, Unix administration, and networking.