Indiana University
University Information Technology Services
  
What are archived documents?

In Linux, how can I make an L2TP over IPsec VPN connection to the IU network, and what software do I need?

Note: At Indiana University Bloomington and IUPUI, you can access the wireless network without using VPN. See What is IU Secure?

Note: A new service, SSL VPN, replaces Indiana University's IPsec- or PPTP-based VPN service. See At IU, what is the SSL VPN service and how do I connect? On July 13, 2009, UITS will retire the PPTP VPN servers; while the IPsec VPN servers will remain available, UITS recommends switching to SSL VPN if your campus supports it.

Indiana University provides a script to help you make a VPN connection; the latest version is available at IUware Online.

You must at least have pptp and ppp-mppe installed. Most modern distributions install the basic pptp requirements automatically; refer to your distribution's support area if you are unsure.

Other requirements are listed below. For some of these, you will need the developer tools for your distribution and the current kernel headers. For help accessing these tools, review the documentation and support areas for your distribution.

  • Openswan

    To install Openswan, go to the Openswan web site and download the tar.gz file. Then, enter the following commands:

    tar -xzvf [openswanfilename].tar.gz cd [openswan directory] make programs make programs install

    The make programs install command must be issued with root privileges.

    Note: Mandriva and Red Hat Enterprise Linux do not install gmp.h with the standard "devel" groups. Mandriva needs to have libgmp3-devel-VERSION-FOO.rpm installed (libgmp3-devel doesn't come on the install DVD, but is in install repositories like USSG's mirror). RHEL needs gmp-devel-VERSION-BAR.rpm.

  • xl2tpd

    To install, xl2tpd, go to the xl2tpd web site and download the tar.gz file. Then, enter the following commands:

    tar -xzvf [xl2tpdfilename].tar.gz cd [xl2tpd directory] make make install

    The make install command must be issued as root.

  • Other kernel modules (most distributions except Gentoo include these by default):

    • Networking
    • (M) PF_KEY sockets
    • (M) IP: AH transformations
    • (M) IP: ESP transformations
    • (M) IP: IPComp transformations
    • (M) IP: tunnel transformations
    • (M) IPsec user configuration interface

Once you have downloaded the script from IUware, run the following commands in a terminal window:

cd /path/to/vpnscript/location tar -xzf iu-vpn-ipsec-VERSION.tgz cd iu-vpn-ipsec-VERSION make install vpn-config-ipsec

Run the last two commands as root; follow the prompts for vpn-config-ipsec.

This will complete your installation. To make a VPN connection, run the following command in a terminal window as root:

iu-vpn-ipsec start

To stop the connection, run as root:

iu-vpn-ipsec stop

To uninstall the script, enter in a terminal window (enter the last command as root):

cd /path/to/iu-vpn-ipsec-VERSION make uninstall

At Indiana University, to get support for personal or departmental Linux or Unix systems, see At IU, how do I get support for Linux or Unix?

This is document awjf in domain all.
Last modified on April 24, 2009.
Please tell us, did you find the answer to your question?