VPN client for Ubuntu 16.04

tzah
New here

VPN client for Ubuntu 16.04

Hi Guys 

 

 

Does anyone have an installation guide for Ubuntu 16.04 that I can send my users to self-installations? 

 

On the official guide is Ubuntu 12

 

 

Thnk you !!!

26 REPLIES 26
PhilipDAth
Kind of a big deal
Kind of a big deal

I have not tested it, but this guide looks promising.

 

http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/

PigMan
Conversationalist

I did this and it works for me:

 

  1. Install network-manager-l2tp:  sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp and sudo apt-get update sudo apt-get install network-manager-l2tp
  2. If using gnome, install the gnome plugin (if using another desktop environment, see if there's a plugin for its network manager): sudo apt-get install network-manager-l2tp-gnome
  3. Reboot
  4. Navigate to Settings > Network > Click the +button > Select "Layer 2 Tunneling Protocol (L2TP)"
  5. Name the new VPN connection something
  6. Put the host name or address in the Gateway field.
  7. Put username in the Username field.
  8. Click the icon in the Password field and select your preference for how to supply the password.
  9. Click IPSec Settings...
  10. Click the box for "Enable IPsec tunnel to L2TP host"
  11. Enter the shared secret into the Pre-shared key field.
  12. Leave the Gateway ID field empty.
  13. Expand the Advanced options area
  14. Enter "3des-sha1-modp1024" into the Phase 1 Algorithms box.
  15. Enter "3des-sha1" into the Phase 2 Algorithms box.
  16. Leave the box checked for "Enforce UDP encapsulation".
  17. Click OK.
  18. Click Save.
  19. Open a terminal and enter the following commands to permanently disable the xl2tpdservice:  sudo service xl2tpd stop
  20. Also enter the following:  sudo systemctl disable xl2tpd
  21. Open Network Settings and try to turn the VPN on.
PhilipDAth
Kind of a big deal
Kind of a big deal

No one should be using 3des for anything new.  Does aes128 work instead?

I believe you can call in and request AES - I'm gonna have to do this so I can get a VPN node in my datacenter rack....

PhilipDAth
Kind of a big deal
Kind of a big deal

AES is available by default.  You don't need to do anything.

Good deal - I haven't tested with linux / mac yet but it's full on awesome with AD - all the information for using an l2tpd client show 3des - I had to call in to get some features enabled for I believe some wireless or maybe a firewall setting so it would not surprise me if the same had to happen for AES. 

edilsonc
Conversationalist

it worked for Ubuntu 18.04!
JUANFER
Comes here often

Hi, can u give me details? Tks. I cant do it on 18.04

edilsonc
Conversationalist

Hello @JUANFER, I just followed the instructions of @PigMan, nothing more.
JUANFER
Comes here often

haven´t rebooted, i´ll try again.
JUANFER
Comes here often

Excuse me but im new with ubuntu... are this two lines or just 1?

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp

or it is;
sudo add-apt-repository ppa:nm-l2tp
sudo add-apt-repository network-manager-l2tp
edilsonc
Conversationalist

it's one line.
JosephH
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Amazing work! - Still works today

@ PigMan - I just used your suggestion for Ubuntu 19.10 and it worked. Thanks!

JUANFER
Comes here often

On Linux Mint 19.3 tricia, never worked like that. And when i was triyng on Ubuntu, difeerent versions either. What a bad luck

I'm also on Mint 19.3 and have had issues getting the VPN to work.  Will be setting aside some time today (hopefully) to work on finding a solution.

JUANFER
Comes here often

Go ahead. Iĺl be listening. Iḿ also on LM 19.3, and still doesnt work.

This works great for Ubuntu 18.04 LTS as well.

 

#15 from @PigMan can be changed to "aes128-sha1" instead of using 3DES.  Phase1 has to stay 3DES.

 

Quick instructions from me :

 

1. Update and clean up the machine first

sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot
# Wait for reboot, log back in
sudo apt autoremove

 2. Install VPN Software

sudo apt-get install strongswan xl2tpd net-tools
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome
sudo apt-get install network-manager-strongswan
sudo reboot

3. After reboot, Turn off the L2TP Server, we only want the client

sudo service xl2tpd stop
sudo systemctl disable xl2tpd

 

4. Setup the VPN per @PigMan's instructions:

  • Settings -> Network -> VPN - > "+"
  • Details:
    • Make available to other users, check (if desired)
  • Identity:
    • Name: Make a description
    • Gateway: the IP address (or dyn dns name from the meraki page)
    • User Name:  full@name.com
    • Password: Leave blank, will prompt
    • NT Domain: <blank>
  • IPSec Settings:
    • Enable IpSec tunnel to L2TP host: check
    • Pre-Shared Key:  Get from the meraki setup page
    • Phase1 Algorithms: 3des-sha1-modp1024
    • Phase2 Algorithms: aes128-sha1
    • Enforce UDP encap: <un checked>
  • PPP Settings:  Default

I am finally circling back to this.

 

I can confirm that changing the phase 2 algorithm to "aes128-sha1" fixes the VPN connection on Linux Mint 19.3

(at least it did for me)

 

Thank you so much for finding this solution.

Worked for me for Ubuntu v20.04 LTS, thanks

ellagraph
Conversationalist

In order to address the IKE Aggressive Mode vulnerability, you can contact Meraki support and have them change the minimum DH group to 14 (from 2) and enable AES128 instead of 3DES. With those changes made, I found that this configuration works for connecting Ubuntu to the client VPN:

 

  1. Install network-manager-l2tp: 
    sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
    sudo apt update
    sudo aptinstall network-manager-l2tp
  2. If using gnome, install the gnome plugin (if using another desktop environment, see if there's a plugin for its network manager):
    sudo apt install network-manager-l2tp-gnome
  3. Stop the xl2tpd service:
    sudo service xl2tpd stop
    Then disable the xl2tpd service:
    sudo systemctl disable xl2tpd
  4. Open Network Settings and click the + button
    Select Layer 2 Tunneling Protocol (L2TP)
    Fill in the Name, Gateway (IP address), and Username fields
    Click the icon in the Password field and select Store the password only for this user, then fill in your password
  5. Click on the IPsec Settings... button
    Check Enable IPsec tunnel to L2TP host
    Fill in the Pre-shared key
    Set Phase1 Algorithms to aes128-sha1-modp2048
    Set Phase2 Algorithms to aes128-sha1
    Leave all other options unchecked
  6. Click on the PPP Settings... button
    Uncheck all options except for PAP
  7. Turn on the VPN and verify that it stays connected

 

TLDR: use aes128 instead of 3des and modp2048 (DH group 14) instead of modp1024 (DH group 2) for the Phase 1 and 2 algorithms, uncheck all options except for PAP

Hi Folks.

Tried always to configure the L2TP client under Debian Buster. Trying to connect to an MX64. Connection works fine on latest ios All I get is a pop-down at the top of the screen:

 

Connection Failed

Activation of the connection failed

 

Any thoughts anybody please?

 

TIA

MikeB2

 

JUANFER
Comes here often

Hi folk i allways tried this since 2 years from here to connect MX84, and allways get that message but necer have tried to make connection. Do you have your stepd to do that to tru follow? Tks.

JUANFER
Comes here often

Hi folk i allways tried this since 2 years from here to connect MX84, and allways get that message but necer have tried to make connection. Do you have your stepd to do that to tru follow? Tks.

Hey Juanfer

 

I used the steps posted in this thread. But unable to connect. I am hoping the is a Debian Buster user out there who has this fixed.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels