This is a short guide to setup a FreeBSD L2TP/IPsec client, by using mpd5 and IPsec, to connect to a Unifi L2TP/IPsec server (using a shared key).
For this to work Strongswan and mpd5 need to be installed on the client.
The first two configs are ipsec.conf and ipsec.secret. Please read the man pages for each entry if you want more information. Alter the IP's and password in the two config files. Use
IPsec.conf
ipsec.secrets
After getting IPsec working it is time to work on the L2TP side of the solution. The shown mpd.conf config needs to be altered to your use. Please consult the man pages for each entry. Use the command
mpd.conf
You should be able to connect now.
If you need the connection to start on boot up add the following to your rc.conf.
rc.conf
Hope you can use it.
For this to work Strongswan and mpd5 need to be installed on the client.
The first two configs are ipsec.conf and ipsec.secret. Please read the man pages for each entry if you want more information. Alter the IP's and password in the two config files. Use
ipsec start/stop/reload
to start/stop/reload IPsec and ipsec up/down l2tp
to establish or close the l2tp connection, when testing your changes.IPsec.conf
Code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
uniqueids = yes
charondebug="ike 1, knl 1, cfg 4"
# Add connections here.
conn l2tp
keyexchange=ikev1
fragmentation=yes
forceencaps = yes
ike=aes256-sha1-modp4096!
esp=aes256-sha1-modp4096!
type=transport
auto=start
closeaction=restart
dpdaction=restart
dpddelay=300s
rightprotoport=17/1701
rightauth=psk
rekey=yes
# Left
leftid=ClientIP
left=%defaultroute
leftauth=psk
leftfirewall=yes
# Right
right=ServerIP # target server (same IP as the L2TP peer)
rightprotoport=17/1701
rightauth=psk
ipsec.secrets
Code:
ipsec.secrets - strongSwan IPsec secrets file
#
# : PSK "Password"
ClientIP ServerIP : PSK "Password"
After getting IPsec working it is time to work on the L2TP side of the solution. The shown mpd.conf config needs to be altered to your use. Please consult the man pages for each entry. Use the command
mpd5
+ name of the connection to open the connection.mpd.conf
Code:
startup:
# Set web self 127.0.0.1 5008
# Set user vpntest vpntest admin
# Set web open
log +ALL +EVENTS -FRAME -ECHO
default:
load l2tp
l2tp:
create bundle static B1
set iface route #.#.#.#/#
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp dns #.#.#.#
set ccp yes mppc
set mppc yes e128
set mppc yes stateless
create link static L1 l2tp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 0 0#20 75
set link accept chap-msv2
set l2tp peer ServerIP
set auth authname "username"
set auth password "password"
open
You should be able to connect now.
If you need the connection to start on boot up add the following to your rc.conf.
rc.conf
Code:
#VPN
mpd_enable="YES"
mpd_flags="-b -s mpd5 l2tp"
strongswan_enable="YES"
gateway_enable="YES"
Hope you can use it.