859
edits
Changes
From SME Server
Jump to navigationJump to search→Installation
L2TPD/IPSEC does not need any special software configuration on your clients. It is supported on a very large number of modern mobile phones and laptops. Please note that not every phone or device will support L2TPD/IPSEC out of the box.
L2TPD/IPSEC does not need any special software configuration on your clients. It is supported on a very large number of modern mobile phones and laptops. Please note that not every phone or device will support L2TPD/IPSEC out of the box.
The device first calls the server via ipsec and makes and encrypted connection. But it has no networking information. xl2tpd then makes a ppp connection through that encrypted ipsec connection.and get its network information at this point.
The device first calls the server via ipsec and makes and encrypted connection. But it has no networking information. xl2tpd then makes a ppp connection through that encrypted ipsec connection and get its network information at this point.
Once implemented you can disable PPTP, which will be good for you and your users.
Once implemented you can disable PPTP, which will be good for you and your users.
The contrib basically works but there, can be complications when you want to combine it with standard host-host ipsec connections. The issue that 'may' arise is if an IPSEC connection is matched prior to the L2TPD one. I do have both types running on my test box but need more feedback on this.
The contrib basically works but there, can be complications when you want to combine it with standard host-host ipsec connections. The issue that 'may' arise is if an IPSEC connection is matched prior to the L2TPD one. I do have both types running on my test box but need more feedback on this.
This is because pure ipsec usually relies on having connections from specific IP address / and or IDs / Certificates. To accept mobile clients, which could come from pretty well any IP address, we need to tell out L2TPD Ipsec configuration to accept connections from anywhere.
This is because pure ipsec usually relies on having connections from specific IP address / and or IDs / Certificates. To accept mobile clients, which could come from pretty well any IP address, we need to tell our L2TPD Ipsec configuration to accept connections from anywhere.
The potential issue is if you try a pure Ipsec connection that does not have a correct configuration in the database/configuration, it may try to connect via the L2TPD connection. That will not break anything, but you may experience odd results from the client
The potential issue is if you try a pure Ipsec connection that does not have a correct configuration in the database/configuration, it may try to connect via the L2TPD connection. That will not break anything, but you may experience odd results from the client.
Please note that you can enable or disable L2TPD VPN access for users via the Server Manager.
Please note that you can enable or disable L2TPD VPN access for users via the Server Manager.
These links discuss the implementation and the creation of this page.
These links discuss the implementation and the creation of this page:
https://forums.contribs.org/index.php/topic,53021.0/all.html
https://forums.contribs.org/index.php/topic,53021.0/all.html
Some further reading can be found on this page:
Some further reading can be found on this page:
https://github.com/reetp/smeserver-libreswan-xl2tpd/blob/master/ipsecXl2tpd.Notes
https://github.com/reetp/smeserver-libreswan-xl2tpd/blob/master/ipsecXl2tpd.Notes
{{Note box|Server MUST be in Server/Gateway mode for this to be enabled}}
{{Note box|Server MUST be in Server/Gateway mode for this to be enabled}}
The smeserver-libreswan-xl2tpd contrib is currently in the development repo at Contribs
{{Note box|If you had installed an earlier version e.g 0.2x or lower then please uninstall first. The early dev versions used /etc/e-smith/templates-custom for their templates. Make sure there are no fragments lying about or you may get unexpected results.}}
The smeserver-libreswan-xl2tpd contrib is currently in the contribs repo.
Add the EPEL and Libreswan repos:
yum install smeserver-extrarepositories-libreswan smeserver-extrarepositories-epel
signal-event yum-modify
config set UnsavedChanges no
With the yum repo database updated, you can then run the installation of the package.
With the yum repo database updated, you can then run the installation of the package.
yum --enablerepo=smedev,epel install smeserver-libreswan-xl2tpd
yum --enablerepo=smecontribs,epel,libreswan install smeserver-libreswan-xl2tpd
That should bring everything in, including ipsec which is required
That should bring everything in, including ipsec which is required
config setprop pptpd status disabled sessions 0
config setprop pptpd status disabled sessions 0
signal-event remoteaccess-update
Take this action only *after* you have confirmed proper L2TP connection is working.
Take this action only *after* you have confirmed proper L2TP connection is working.
== Bugs ==
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
and select the {{lc:{{FULLPAGENAME}}}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{lc:{{FULLPAGENAME}}}}|title=this link}}
and select the {{lc:{{FULLPAGENAME}}}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{lc:{{FULLPAGENAME}}}}|title=this link}}
== Bugs (test entry) ==
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
and select the smeserver-letsencrypt-xl2tpd component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-libreswan-xl2tpd|title=this link}}
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-libreswan-xl2tpd |disablecache=1|noresultsmessage="No open bugs found."}}
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{lc:{{FULLPAGENAME}}}} |noresultsmessage=No open bugs found.}}
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{lc:{{FULLPAGENAME}}}} |noresultsmessage=No open bugs found.}}
{{#smechangelog: {{lc:{{FULLPAGENAME}}}} }}
{{#smechangelog: {{lc:{{FULLPAGENAME}}}} }}
[[Category: Contrib]]
[[Category: Contrib]] [[Category:VPN]]
