In Linux, how can I make an L2TP over IPsec VPN connection to the IU network, and what software do I need?
Note: When connecting from off campus, SSL VPN is the replacement for IU's IPsec- and PPTP-based VPN services, and UITS recommends using it now if your campus supports it. PPTP is retired at IU Bloomington and IUPUI, and IPsec VPN service at those campuses will be retired by fall 2010.
IU Secure is the wireless network for students, faculty, and staff to access on all campuses. IU Secure uses WPA2 Enterprise (Wi-Fi Protected Access) for authentication; no VPN is needed.Indiana University provides a script to help you make a VPN connection; the latest version is available at IUware.
You must at least have pptp and ppp-mppe
installed. Most modern distributions install the basic pptp requirements
automatically; refer to your distribution's support area if
you are unsure.
Other requirements are listed below. For some of these, you will need the developer tools for your distribution and the current kernel headers. For help accessing these tools, review the documentation and support areas for your distribution.
-
Openswan
To install Openswan, go to the Openswan web site and download the
tar -xzvf [openswanfilename].tar.gz cd [openswan directory] make programs make programs installtar.gzfile. Then, enter the following commands:The
make programs installcommand must be issued with root privileges.Note: Mandriva and Red Hat Enterprise Linux do not install
gmp.hwith the standard "devel" groups. Mandriva needs to havelibgmp3-devel-VERSION-FOO.rpminstalled (libgmp3-develdoesn't come on the install DVD, but is in install repositories like USSG's mirror). RHEL needsgmp-devel-VERSION-BAR.rpm. -
xl2tpd
To install xl2tpd, go to the xl2tpd web site and download the
tar -xzvf [xl2tpdfilename].tar.gz cd [xl2tpd directory] make make installtar.gzfile. Then, enter the following commands:The
make installcommand must be issued as root. -
Other kernel modules (most distributions except
Gentoo include these by default):
- Networking
- (M) PF_KEY sockets
- (M) IP: AH transformations
- (M) IP: ESP transformations
- (M) IP: IPComp transformations
- (M) IP: tunnel transformations
- (M) IPsec user configuration interface
Once you have downloaded the script from IUware, run the following commands in a terminal window:
cd /path/to/vpnscript/location tar -xzf iu-vpn-ipsec-VERSION.tgz cd iu-vpn-ipsec-VERSION make install vpn-config-ipsecRun the last two commands as root; follow the prompts for
vpn-config-ipsec.
This will complete your installation. To make a VPN connection, run the following command in a terminal window as root:
iu-vpn-ipsec startTo stop the connection, run as root:
iu-vpn-ipsec stopTo uninstall the script, enter in a terminal window (enter the last command as root):
cd /path/to/iu-vpn-ipsec-VERSION make uninstallAt Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?
Last modified on November 16, 2009.







