In order to address the IKE Aggressive Mode vulnerability, you can contact Meraki support and have them change the minimum DH group to 14 (from 2) and enable AES128 instead of 3DES. With those changes made, I found that this configuration works for connecting Ubuntu to the client VPN: Install network-manager-l2tp: sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp sudo apt update sudo aptinstall network-manager-l2tp If using gnome, install the gnome plugin (if using another desktop environment, see if there's a plugin for its network manager): sudo apt install network-manager-l2tp-gnome Stop the xl2tpd service: sudo service xl2tpd stop Then disable the xl2tpd service: sudo systemctl disable xl2tpd Open Network Settings and click the + button Select Layer 2 Tunneling Protocol (L2TP) Fill in the Name, Gateway (IP address), and Username fields Click the icon in the Password field and select Store the password only for this user, then fill in your password Click on the IPsec Settings... button Check Enable IPsec tunnel to L2TP host Fill in the Pre-shared key Set Phase1 Algorithms to aes128-sha1-modp2048 Set Phase2 Algorithms to aes128-sha1 Leave all other options unchecked Click on the PPP Settings... button Uncheck all options except for PAP Turn on the VPN and verify that it stays connected TLDR: use aes128 instead of 3des and modp2048 (DH group 14) instead of modp1024 (DH group 2) for the Phase 1 and 2 algorithms, uncheck all options except for PAP
... View more
