Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Linux, how can I make an L2TP over IPsec VPN connection to the IU network, and what software do I need?

Note: When connecting from off campus, SSL VPN is the replacement for IU's IPsec- and PPTP-based VPN services, and UITS recommends using it now if your campus supports it. PPTP is retired at IU Bloomington and IUPUI, and IPsec VPN service at those campuses will be retired by fall 2010.

IU Secure is the wireless network for students, faculty, and staff to access on all campuses. IU Secure uses WPA2 Enterprise (Wi-Fi Protected Access) for authentication; no VPN is needed.

Indiana University provides a script to help you make a VPN connection; the latest version is available at IUware.

You must at least have pptp and ppp-mppe installed. Most modern distributions install the basic pptp requirements automatically; refer to your distribution's support area if you are unsure.

Other requirements are listed below. For some of these, you will need the developer tools for your distribution and the current kernel headers. For help accessing these tools, review the documentation and support areas for your distribution.

  • Openswan

    To install Openswan, go to the Openswan web site and download the tar.gz file. Then, enter the following commands:

    tar -xzvf [openswanfilename].tar.gz cd [openswan directory] make programs make programs install

    The make programs install command must be issued with root privileges.

    Note: Mandriva and Red Hat Enterprise Linux do not install gmp.h with the standard "devel" groups. Mandriva needs to have libgmp3-devel-VERSION-FOO.rpm installed (libgmp3-devel doesn't come on the install DVD, but is in install repositories like USSG's mirror). RHEL needs gmp-devel-VERSION-BAR.rpm.

  • xl2tpd

    To install xl2tpd, go to the xl2tpd web site and download the tar.gz file. Then, enter the following commands:

    tar -xzvf [xl2tpdfilename].tar.gz cd [xl2tpd directory] make make install

    The make install command must be issued as root.

  • Other kernel modules (most distributions except Gentoo include these by default):

    • Networking
    • (M) PF_KEY sockets
    • (M) IP: AH transformations
    • (M) IP: ESP transformations
    • (M) IP: IPComp transformations
    • (M) IP: tunnel transformations
    • (M) IPsec user configuration interface

Once you have downloaded the script from IUware, run the following commands in a terminal window:

cd /path/to/vpnscript/location tar -xzf iu-vpn-ipsec-VERSION.tgz cd iu-vpn-ipsec-VERSION make install vpn-config-ipsec

Run the last two commands as root; follow the prompts for vpn-config-ipsec.

This will complete your installation. To make a VPN connection, run the following command in a terminal window as root:

iu-vpn-ipsec start

To stop the connection, run as root:

iu-vpn-ipsec stop

To uninstall the script, enter in a terminal window (enter the last command as root):

cd /path/to/iu-vpn-ipsec-VERSION make uninstall

At Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?

This is document awjf in domain all.
Last modified on November 16, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.