Configure IPsec/L2TP VPN Clients

ditatompel July 1, 2019 4 min read Networking SysAdmin IPsec VPN VPN IPsec L2TP MacOS iPhone Android Linux
This is the next part after you successfully set up your own IPsec VPN server. Following these steps allow you to configure your Android, iOS, MacOS, and Linux machine using IPsec/L2TP VPN.
On this page
Configure IPsec/L2TP VPN Clients

This is the next part after you successfully set up your own IPsec VPN server. Following these steps allow you to configure your Android, iOS, MacOS, and Linux machine using IPsec/L2TP VPN.

IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows, so there is no additional software to install for them. Setup should only take a few minutes. For Linux users, additional L2TP network manager package needs to be installed.

Note:

MacOS Clients Configuration

  • Go to Network section in System Preferences.
  • Click the + button in the bottom-left corner of the window.
  • Select VPN from the Interface drop-down menu.
  • Select L2TP over IPSec from the VPN Type drop-down menu.
  • Service Name: enter anything you like (usually name of the VPN connection).
  • Click Create.
  • Server Address: Your VPN Server IP.
  • Account Name: Your VPN Username.
  • Show VPN status in menu bar checked.
  • Click the Authentication Settings button.
  • In the User Authentication section, select the Password radio button and enter Your VPN Password.
  • In the Machine Authentication section, select the Shared Secret radio button and enter Your VPN IPsec PSK. L2TP MacOS setting 1
  • (Important) Click the Advanced button and make sure the Send all traffic over VPN connection checkbox is checked. L2TP MacOS setting 2
  • Click the TCP/IP tab, and make sure Link-local only is selected in the Configure IPv6 section.
  • Click OK to close the Advanced settings, and then click Apply to save the VPN connection information.

To connect to the VPN: Use the menu bar icon, or go to the Network section of System Preferences, select the VPN and choose Connect. You can verify that your traffic is being routed properly by looking up your IP address on DuckDuckGo.

iOS (iPhone/iPad) Clients Configuration

  • Go to Settings -> General -> VPN.
  • Tap Add VPN Configuration….
  • Tap Type. Select L2TP and go back.
  • Description: enter anything you like (usually name of the VPN connection).
  • Server: Your VPN Server IP.
  • Account: Your VPN Username.
  • Password: Your VPN Password.
  • Secret: Your VPN IPsec PSK.
  • Make sure the Send All Traffic switch is ON.
  • Tap Done and slide VPN switch ON. L2TP iPhone setting

Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by looking up your IP address on DuckDuckGo.

Android Clients Configuration

  • Go to Settings > Wireless & Networks > VPN.
  • Add VPN Profile by tapping the + icon at top-right of screen.
  • Name: enter anything you like (usually name of the VPN connection).
  • Type: Choose L2TP/IPSec PSK.
  • Server address: Your VPN Server IP.
  • Leave L2TP secret & IPSec identifier field blank.
  • IPSec pre-shared key: Your VPN IPsec PSK.
  • Tap Save.
  • Tap the new VPN connection.
  • Username: Your VPN Username.
  • Password: Your VPN Password.
  • Check the Save account information checkbox.
  • Tap Connect. L2TP Android setting

Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on DuckDuckGo.

Linux Clients Configuration

First check here to see if the network-manager-l2tp and network-manager-l2tp-gnome packages are available for your Linux distribution. If yes, install them (Use strongSwan). After packages installation done, add your VPN connection.

  • Go to Settings -> Network -> VPN. Click the + button.
  • Select Layer 2 Tunneling Protocol (L2TP).
  • Name: enter anything you like (usually name of the VPN connection).
  • Gateway: Your VPN Server IP.
  • User name: Your VPN Username.
  • Password: Your VPN Password (click the ? in the password field, select Store the password only for this user)
  • Leave the NT Domain field blank.
  • Click the IPsec Settings… button. L2TP Linux 1
  • Enable IPsec tunnel to L2TP host: checked.
  • Leave the Gateway ID field blank.
  • Pre-shared key: Your VPN IPsec PSK.
  • Expand the Advanced section.
  • Enter aes128-sha1-modp2048! for the Phase1 Algorithms and Phase2 Algorithms. L2TP Linux 2

For Fedora > 28 and CentOS 7 users can connect using the faster IPsec/XAuth mode. Alternatively, you may configure Linux VPN L2TP clients using the command line.

Windows Clients Configuration

Since I don’t have any Windows machine, you can follow source documentation by Lin Song.

Credits

Configure IPsec/XAuth VPN Clients
Configure IPsec/XAuth VPN Clients
Set Up IKEv2 VPN Server and Clients
Set Up IKEv2 VPN Server and Clients
IPsec (L2TP, XAuth, IKEv2) VPN Server Auto Setup
IPsec (L2TP, XAuth, IKEv2) VPN Server Auto Setup
Configure WireGuard VPN Clients
Configure WireGuard VPN Clients
How to Setup Your Own WireGuard VPN Server
How to Setup Your Own WireGuard VPN Server
MacOS Is Not The Same Family Tree With Linux, It Never Been
MacOS Is Not The Same Family Tree With Linux, It Never Been
Installing WireGuard-UI to Manage Your WireGuard VPN Server
Installing WireGuard-UI to Manage Your WireGuard VPN Server
How to Install and Configure Dante as Private SOCKS Proxy in Ubuntu
How to Install and Configure Dante as Private SOCKS Proxy in Ubuntu
New Stage of Internet Censorship in Indonesia: DPI & TCP Reset Attack
New Stage of Internet Censorship in Indonesia: DPI & TCP Reset Attack
Story Behind The All New devilzc0de: Migration Process
Story Behind The All New devilzc0de: Migration Process