Set up a L2TP/IPSec VPN connection on Ubuntu desktop

Context:

The VPN server runs on a Vyatta firewall (version 6.5). This has been tested on Ubuntu 13.10 (saucy) and 14.04 (trusty).

How to set up the VPN client on Ubuntu

1. Packages required:

$ sudo apt-get install openswan
$ sudo apt-get install xl2tpd
$ sudo apt-get install l2tp-ipsec-vpn

2. You need to restart your computer to see the little “L2TP IPSEC VPN Manager” appear in the  status bar

3. Configure the connection with the “L2TP IPSEC VPN Manager”:

Enter the VPN server address and the pre-shared key

Image

Go to the PPP tab and enter the username and password (you can let all the protocols checked as we will unban them later):

Image

Click on “IP Settings” and check the box:

Image

Before closing, click on “Routes” and make sure you use the gateway on the remote network:

Image

Close the “L2TP IPSEC VPN Manager” to apply the changes.

4. Before connecting to the VPN you need to make some more changes in the configuration files

In the file /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
– Add the password line
– Be sure the lines refuse-xxxx are commented:

$ sudo vi /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
  #debug
  #dump
  #record /var/log/pppd

  plugin passprompt.so
  ipcp-accept-local
  ipcp-accept-remote
  idle 72000
  ktune
  noproxyarp
  asyncmap 0
  #noccp
  noauth
  crtscts
  lock
  hide-password
  modem
  noipx

  ipparam L2tpIPsecVpn-<your_connection>

  promptprog "/usr/bin/L2tpIPsecVpn"

  #refuse-eap
  #refuse-pap
  #refuse-chap
  #refuse-mschap
  #refuse-mschap-v2
  #require-mschap-v2

  remotename ""
  name "<your_username>"
  password "<your_password>"

  defaultroute

  usepeerdns

5. Restart xl2tp and ipsec to apply the changes

$ sudo /etc/init.d/ipsec restart
$ sudo /etc/init.d/xl2tp restart

6. Finally, go to your (home) connection settings and deactivate the IPv6:

Image

7. You can now connect to your (home) connection and connect to the VPN connection you just created

Issues? Check the last lines of /var/log/syslog

FYI: the VPN server configuration
Here is the VPN configuration on the Vyatta firewall (version 6.5) which is our VPN server:
Any content in <> has to be replaced.
See Vyatta documentation for more details.

vpn {
    ipsec {
        esp-group ESP1 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE1 {
            dead-peer-detection {
                action clear
                interval 150
                timeout 450
            }
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface <eth0>
        }
        nat-networks {
            allowed-network <192.168.0.0/16> {
            }
        }
        nat-traversal enable
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username <user1> {
                        password <user1password>
                    }
                    username <user2> {
                        password <user2password>
                    }
                }
                mode local
            }
            client-ip-pool {
                start <vpn_ip_pool_start>
                stop <vpn_ip_pool_stop>
            }
            dns-servers {
                server-1 <internal_dns_server>
                server-2 <internal_dns_server2>
            }
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret <choose_a_shared_secret>
                }
                ike-lifetime 3600
            }
            outside-address <your_external_ip>
            outside-nexthop <your_gateway>
            wins-servers {
                server-1 <your_wins_server_ip>
            }
        }
    }
}

Loved this article? Send Ethereum to this address: 0x9b09d5b83395FE4F43e4746a8c44E8d8491799A3

Advertisements
Set up a L2TP/IPSec VPN connection on Ubuntu desktop

Add disk space on a VM

Mission: Add disk space (10GB) to a VM (vSphere5) running one of the last versions of CentOS.
This will actually consist of extending the LVM logical volume.

– Couple of checks before starting:

# lvdisplay
--- Logical volume ---
LV Name                /dev/vg_myserver/lv_root
VG Name                vg_myserver
LV UUID                WhZDxf-IHgn-jM82-HfOQ-jbJc-
MtcL-ogyARd
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                15.54 GiB
Current LE             3978
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:0

--- Logical volume ---
LV Name                /dev/vg_myserver/lv_swap
VG Name                vg_myserver
LV UUID                gEzSPv-GyuX-34Ld-usrx-1Nks-Apcw-0OFfeT
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                3.97 GiB
Current LE             1016
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:1

# lvm vgdisplay
--- Volume group ---
VG Name               vg_myserver
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               19.51 GiB
PE Size               4.00 MiB
Total PE              4994
Alloc PE / Size       4994 / 19.51 GiB
Free  PE / Size       0 / 0
VG UUID               KJaWtf-ig6Y-9pAi-L2iw-3kl4-Jx1W-cFocjr

Good, we actually have logical volumes :-)

– I also checked that the last backup of this VM was successful before to start.

– Add disk space to the VM
You can extend the size of your virtual disk or create a new disk (I actually created a new disk: I couldn’t increase the size of my disk. I stopped the VM and still couldn’t increase the size of the disk, I thought it was because of the provisioning type but it was actually because I had created a snapshot. You can’t increase a disk size if there is any snapshot… I know it, now…)

– Now, you can take a snapshot of the VM in case it would go bad and you would need to go back and need the delta between the last backup and now.

– Then I checked I could see the new disk in the server. I supposed that my new disk would appear as /dev/sdb. So to be sure I used fdisk:

#fdisk /dev/sdb

I didn’t get any error message (good sign)
then I typed p to display the partitions (no partition)
I’m sure there is another way to do… but that the way I did it :-)

– Add a physical volume for use by LVM

# lvm pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created

– Add the physical volume to the volume group

# lvm vgextend vg_myserver /dev/sdb
Volume group "vg_myserver" successfully extended

I knew the name of my volume group from the command lvm vgdisplay I executed before

– We check:

# lvm vgdisplay
--- Volume group ---
VG Name               vg_myserver
System ID
Format                lvm2
Metadata Areas        2
Metadata Sequence No  4
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                2
Act PV                2
VG Size               29.50 GiB
PE Size               4.00 MiB
Total PE              7553
Alloc PE / Size       4994 / 19.51 GiB
Free  PE / Size       2559 / 10.00 GiB
VG UUID               KJaWtf-ig6Y-9pAi-L2iw-3kl4-
Jx1W-cFocjr

I can know see the available space :-)

– I check the size of my actual volume to know what would be the total size (actually I already had the information when I typed lvdisplay but anyway…)

# lvm lvdisplay /dev/vg_myserver/lv_root
--- Logical volume ---
LV Name                /dev/vg_myserver/lv_root
VG Name                vg_myserver
LV UUID                WhZDxf-IHgn-jM82-HfOQ-jbJc-
MtcL-ogyARd
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                15.54 GiB
Current LE             3978
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:0

– I make a hard calculation…. 3978+2559= 6537

– I extend the volume using this value:

# lvm lvresize -l 6537 /dev/vg_myserver/lv_root
Extending logical volume lv_root to 25.54 GiB
Logical volume lv_root successfully resized

– I resize the filesystem:

# resize2fs /dev/vg_myserver/lv_root
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_myserver/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 2
Performing an on-line resize of /dev/vg_myserver/lv_root to 6693888 (4k) blocks.
The filesystem on /dev/vg_myserver/lv_root is now 6693888 blocks long.

– Last check:

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_biofloat-lv_
root
26G   13G   12G  51% /

It worked :-)

– Don’t forget to delete the snapshot ones you are sure everything is OK.
I had an instant of doubt after clicking on  “Delete” but no worries: If “You are here” is after your snapshot, the “Delete” action will commit the snapshot data to the parent and delete the snapshot.

References: http://wiki.centos.org/TipsAndTricks/ExpandLV

If you any question/comment, don’t hesitate to write in another language if you prefer. I should be able to answer in French, Portuguese, Spanish, Italian or Romanian.

Add disk space on a VM