Notes: PPTP/L2TP Server on Ubuntu

From: https://help.ubuntu.com/community/PPTPServer and https://help.ubuntu.com/community/L2TPServer

This is an integrated & simplified intro about installing pptp/l2tp server on ubuntu 12.04.

Install

pptpd, xl2tpd, openswan are needed.
ppp should be installed by default, you can apt-get install ppp just for sure.
dnsmasq is needed to simplify dns issue.
So, just type commands:

Environment

Server ip is assigned as: 192.168.210.1
Client ip are in : 192.168.210.100~192.168.210.200

Steps

Configure dnsmasq

You can do nothing, but I just suggest add a

then reload.
If you’re running an open dns forwarder in Linode and set your requests forwarded to Linode’s own dns server, staff would open a ticket to warn you not doing this.

Configure pptp server

/etc/pptpd.conf:

/etc/ppp/pptpd-options

Configure xl2tp server

/etc/ipsec.conf

The left=x.x.x.x just set your ip from ifconfig, do not set as 192.168.210.1, I don’t know why, just find it not working.
Anytime you changed your server ip, DO NOT FORGET to change this line. If any of you have a better solution, please let me know.

/etc/ipsec.secrets

Change YourPreSharedKey to any pre-shared key you want.

/etc/xl2tpd/xl2tpd.conf

You can change the ip range to maybe 192.168.210.50-192.168.210.99 as you want.

/etc/ppp/options.xl2tpd

Configure ip forwarding

/etc/sysctl.conf

run commands

/etc/rc.local

run commands

Reload services

run commands

Amazon EC2

If you’re using Amazon EC2, you need to add new inbound rules to security group.

Custom TCP rule; Port range: 1723; Source:0.0.0.0/0;
Custom TCP rule; Port range: 500; Source:0.0.0.0/0;

Custom UDP rule; Port range: 500; Source:0.0.0.0/0;
Custom UDP rule; Port range: 1701; Source:0.0.0.0/0;
Custom UDP rule; Port range: 4500; Source:0.0.0.0/0;

More on iptables

Full list of iptables rules: (Originally from https://wiki.archlinux.org/index.php/PPTP_Server, L2TP related rules added)

And, http://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server says:

L2TP is totally insecure, and must NOT be accessible outside the IPsec connection
Use iptables to block all l2tp connection outside the ipsec layer:

Notes: PPTP/L2TP Server on Ubuntu by @sskaje: https://sskaje.me/2013/10/notes-pptpl2tp-server-on-ubuntu/