Install VPN Server with Linux

This is how I installed L2TP IPSEC VPN server from a debian squeeze Linux at home, now I can connect the VPN from my iPhone, iPad and Windows 7 laptop

All stuff source is grabbed from here, well documented by Steeve, but just in case it dissapears one day and for my own informations, I add to my blog. For more detailled instruction and explanations, see his blog.

My local network is and the VPN server is, my local DNS server is

What do you need ?

  • A debian linux box with
  • Openswan
  • xl2tp

Install the software

During installation choose to not use certifcate, we will use pre-shared key

edit the file /etc/ipsec.conf, my local network is so I changed the line virtual_private as follow :

removed the warning when starting service about certificate in the same file

Then paste the following code at the end of the file

Now edit /etc/ipsec.secrets and add a line similar to this :

if your external IP is fixed you can replace the 1st %any by your external IP, mine is not.

then edit /etc/xl2tpd/xl2tpd.conf. I added the following to mine.

ip range is your LAN reserved IP for the VPN clients, they should be removed from your dhcp range, the local IP is the VPN server IP

now copy the file /etc/ppp/options to /etc/ppp/options.l2tp

and edit the new file /etc/ppp/option.l2tp

ms-dns is your local DNS server, name is a name that will use in the next file

Finally, add entries to /etc/ppp/chap-secrets to set up individual VPN users

mylogin is the client’s login options-name must match the name parameter from the previous file, options.l2tp. The last parameter is the subnet and mask to match this client. It should be the range of your internal network.

Now if you want to access other computer from your LAN from your VPN client, you need to enable ip forwarding

Of course you need to redirect upd ports from your internet gateway to your linux box if you have one. And also open the ports in your linux box firewall if it is activated. The ports are UDP 500, UDP 1701 and UDP 4500

This prodecure works fine for my iPhone and Windows 7 client.

For windows 7 client to work fine, you need to uncheck the box “unsecure password PAP” into connexion properties security tab and check CHAP and MS-CHAP-V2. And also enter your PSK under advanced parameters from VPN type.