L2TP/IPSec Client

[MartinIAm]

Hey! I have recently setup a l2tp/ipsec server on my AWS vm. I have a client that I want to connect to that server, but I could not find any up to date guides that would show me on how to install a client for l2tp/ipsec on Ubuntu 18.04 cli.

 

[sphbecker]

You are probably not finding a lot of examples because OpenVPN has basically replaced every other form of client/server VPN in Linux. If at all possible, you might want to consider using OpenVPN instead, you will find tons of examples. Unless your Ubuntu client is acting as a router, then I don't see why L2TP would be preferred over OpenVPN.

 

I am sorry I am not answering your question directly, but I have never tried to do that and am not sure what packages are available to make it easier. Did you use a package to setup the server? If so, its documentation might have client examples. If not, then you probably need to replicate the same manual steps on the client (making the needed changes for it to function as a client).

[MartinIAm]

4 hours ago, sphbecker said:

You are probably not finding a lot of examples because OpenVPN has basically replaced every other form of client/server VPN in Linux. If at all possible, you might want to consider using OpenVPN instead, you will find tons of examples. Unless your Ubuntu client is acting as a router, then I don't see why L2TP would be preferred over OpenVPN.

My ubuntu server is acting as a router but my server and client need to both have network visibility, so for example my client would connect to my server's subnet and communicate as if they were on that subnet. This is not a private vpn subnet, but more of a way of doing it like point to point. The server can see the client's ip addresses and the client can see the server's subnets. I am new to Openvpn and I am more familiar with how L2TP actually works, so I am currently stuck on the fence.

4 hours ago, sphbecker said:

I am sorry I am not answering your question directly, but I have never tried to do that and am not sure what packages are available to make it easier. Did you use a package to setup the server? If so, its documentation might have client examples. If not, then you probably need to replicate the same manual steps on the client (making the needed changes for it to function as a client).

Yes I used a package to setup the server, but the only documentation that came with it was for clients that had a GUI and not from CLI.

[sphbecker]

18 minutes ago, MartinIAm said:

My ubuntu server is acting as a router but my server and client need to both have network visibility, so for example my client would connect to my server's subnet and communicate as if they were on that subnet. I am new to Openvpn and I am more familiar with how L2TP actually works, so I am currently stuck on the fence.

Yes I used a package to setup the server, but the only documentation that came with it was for clients that had a GUI and not from CLI.

I see, if your goal is to create a routeable VPN tunnel, then yes, you would want to use either GRE or L2TP (both with IPSec), or if the AWS environment is just a single server, you could consider basic IPSec to reach it. OpenVPN makes a few routing assumptions for you that make it impossible to use as tunnel between two sites (it can be used for NAT based remote access, but not for true site-to-site routing).

 

I am sorry, but I don't have good examples to provide for setting up Ubuntu as a router with VPN.

 

Here is an article I found. I read it enough to see that it looks legit. It is older and not specific to Ubuntu, but you can probably adapt the steps. Once you have VPN working (you can get to AWS from Ubuntu) you will need to setup a static route on your AWS server so it knows to use the VPN client address as the next-hop to get to your home LAN subnet.

 

https://www.elastichosts.com/blog/linux-l2tpipsec-vpn-client/

[MartinIAm]

Thanks for the information. Hope it works!

[sphbecker]

You might consider checking out the package fastd. I have found it to be an easy to use package for setting up site-to-site VPNs. It is lightweight and all CLI based. I have it installed on my Merlin ASUS routers at my two houses to establish a site-to-site tunnel between the two. It works perfectly. One house has 192.168.1.0 and the other is at 192.168.2.0 and all devices can directly contact all other devices (just like a corporate network).

 

For a while I was using it alongside BIRD, so I could have OSPF dynamic routing (pointless for only 2 sites, but it appealed to the nerdy side of me). I ended up turning that off and using static routing. fastd provides a nice way to automatically add the static routes at the time the tunnel is connected, that way you don't have to worry about adding kernel routes.

[MartinIAm]

1 minute ago, sphbecker said:

You might consider checking out the package fastd. I have found it to be an easy to use package for setting up site-to-site VPNs. It is lightweight and all CLI based. I have it installed on my Merlin ASUS routers at my two houses to establish a site-to-site tunnel between the two. It works perfectly. One house has 192.168.1.0 and the other is at 192.168.2.0 and all devices can directly contact all other devices (just like a corporate network).

 

For a while I was using it alongside BIRD, so I could have OSPF dynamic routing (pointless for only 2 sites, but it appealed to the nerdy side of me). I ended up turning that off and using static routing. fastd provides a nice way to automatically add the static routes at the time the tunnel is connected, that way you don't have to worry about adding kernel routes.

Ill be sure to try it out and see if it works.