Ok, if you want to play.
This bug refers for now:
https://bugs.contribs.org/show_bug.cgi?id=8890You do NOT need PPTP enabled for this. You can go to your server manager and disable it forever and sing a thousand hallelujahs for secure communications
ONLY use a VM in server gateway mode
You need my repo to test install.
https://wiki.contribs.org/User:ReetPyum --enablerepo=reetp,epel install smeserver-libreswan-xl2tpd
That should bring everything in.
post-upgrade and reboot
Make sure the IPs you are going to issue are NOT in your server DHCP range
You need at least one user on the system - for testing it can be admin
For now we need to set the right subnet to the same as the server local subnet
Check you have a basic connection:
db ipsec_configuration show
config show dhcpd
Check the IP range. Make sure the following IPs do not confiict with the server range found
Lets add some magic sauce substituting x for your local IP range:
db ipsec_connections set L2TPD-PSK status enabled IPRangeStart 192.168.x.180 IPRangeFinish 192.168.x.200 rightsubnet 192.168.x.0/24 passwd someLongSecret dpdaction clear dpddelay 10 dpdtimeout 90
Check the services are enabled:
config setprop xl2tpd status enabled;service xl2tpd start
config setprop ipsec status enabled
signal-event ipsec-update
Check you have some config files:
/etc/ipsec.conf
/etc/ipsec.d/ipsec.conf
/etc/ipsec.d/ipsec.secrets
Set up your phone.
Server Type L2TPD/UIpsec PSK
Server IP
Ipsec preshared key (use the one set above)
Username admin or other local user
Password admin password or other local user
Try connecting and watch:
/var/log/messages
The DNS is hard wired to Googly stuff server for now. You can modify this in:
/etc/xl2tpd/xl2tpd.conf
(the template is in templates-custom for now)
There is lot still to test - I have to make sure it doesn't break my existing ipsec configs for starters. If you ONLY want L2TPD/Ipsec that is about all you need to do.
Sure there will be lots of bugs, and a lot of them I won't know the answers too
If you see this one check the above bug and have a look online as it is know but doesn't stop it working as far as I can tell
xl2tpd[19441]: handle_avps: Bad exit status handling attribute 1 (Result Code) on mandatory packet.
Enjoy