Set up a L2TP/IPSec VPN connection on Ubuntu desktop


The VPN server runs on a Vyatta firewall (version 6.5). This has been tested on Ubuntu 13.10 (saucy) and 14.04 (trusty).

How to set up the VPN client on Ubuntu

1. Packages required:

$ sudo apt-get install openswan
$ sudo apt-get install xl2tpd
$ sudo apt-get install l2tp-ipsec-vpn

2. You need to restart your computer to see the little “L2TP IPSEC VPN Manager” appear in the  status bar

3. Configure the connection with the “L2TP IPSEC VPN Manager”:

Enter the VPN server address and the pre-shared key


Go to the PPP tab and enter the username and password (you can let all the protocols checked as we will unban them later):


Click on “IP Settings” and check the box:


Before closing, click on “Routes” and make sure you use the gateway on the remote network:


Close the “L2TP IPSEC VPN Manager” to apply the changes.

4. Before connecting to the VPN you need to make some more changes in the configuration files

In the file /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
– Add the password line
– Be sure the lines refuse-xxxx are commented:

$ sudo vi /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
  #record /var/log/pppd

  idle 72000
  asyncmap 0

  ipparam L2tpIPsecVpn-<your_connection>

  promptprog "/usr/bin/L2tpIPsecVpn"


  remotename ""
  name "<your_username>"
  password "<your_password>"



5. Restart xl2tp and ipsec to apply the changes

$ sudo /etc/init.d/ipsec restart
$ sudo /etc/init.d/xl2tp restart

6. Finally, go to your (home) connection settings and deactivate the IPv6:


7. You can now connect to your (home) connection and connect to the VPN connection you just created

Issues? Check the last lines of /var/log/syslog

FYI: the VPN server configuration
Here is the VPN configuration on the Vyatta firewall (version 6.5) which is our VPN server:
Any content in <> has to be replaced.
See Vyatta documentation for more details.

vpn {
    ipsec {
        esp-group ESP1 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
        ike-group IKE1 {
            dead-peer-detection {
                action clear
                interval 150
                timeout 450
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
        ipsec-interfaces {
            interface <eth0>
        nat-networks {
            allowed-network <> {
        nat-traversal enable
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username <user1> {
                        password <user1password>
                    username <user2> {
                        password <user2password>
                mode local
            client-ip-pool {
                start <vpn_ip_pool_start>
                stop <vpn_ip_pool_stop>
            dns-servers {
                server-1 <internal_dns_server>
                server-2 <internal_dns_server2>
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret <choose_a_shared_secret>
                ike-lifetime 3600
            outside-address <your_external_ip>
            outside-nexthop <your_gateway>
            wins-servers {
                server-1 <your_wins_server_ip>

Loved this article? Send Ethereum to this address: 0x9b09d5b83395FE4F43e4746a8c44E8d8491799A3

Set up a L2TP/IPSec VPN connection on Ubuntu desktop

Discussion avec un Cisco en telnet

Mission: chitchat with a Cisco through telnet. This is my old cheatsheet… in French.

telnet port 23

Rq : “en” suffit à la place de “enable”
=> taper mot de passe
#show run
Pour montrer la config existante
#conf t
Pour modifier la config
Le ? permet de lister les possibilités de commandes
#wr mem
Pour enregistrer

exemple (après un conf t) :
#ip route

You can write your comments in English, French, Portuguese, Spanish, Italian or Romanian!

Discussion avec un Cisco en telnet