BLOG POSTS
Running Own L2TP VPN Server on Ubuntu

Running Own L2TP VPN Server on Ubuntu

Requirements

The minimum specs for setting up an L2TP VPN server on an Ubuntu VPS depend on the number of users you plan to have and the amount of traffic that will be passing through the VPN. However, here are some rough estimates:

  • CPU: 1 core
  • RAM: At least 512 MB
  • Disk Space: At least 5 GB
  • Network: A static public IP address

The 512 MB RAM VPS should be able to handle a small number of users (around 1-10) with low to moderate traffic. If you have more users or higher traffic, you may need to upgrade your VPS specs accordingly.

Virtualization type (If you install it on VPS)

The virtualization type doesn’t significantly affect the setup of a VPN server. However, the kernel-level virtualization, such as KVM (Kernel-based Virtual Machine), is often preferred over other types like OpenVZ for VPN setups. This is because KVM VPS provides better isolation and supports a wide range of VPN protocols, which can sometimes be restricted by OpenVZ’s shared kernel model. But in your case, since you’re setting up an L2TP/IPsec VPN, both KVM and OpenVZ should work fine, as L2TP/IPsec doesn’t require any special kernel modules that might be restricted by the virtualization type.

Installing

To set up an L2TP VPN server on an Ubuntu VPS with 512 MB RAM, follow these steps:

1. Update the system

sudo apt-get update
sudo apt-get upgrade

2. Install the necessary packages

sudo apt-get install strongswan xl2tpd

3. Configure StrongSwan (IPsec)

Create the file /etc/ipsec.conf and add the following:

config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, manager 2"conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2conn l2tpvpn
left=%defaultroute
auto=add
authby=secret
type=transport
ike=aes128-sha1-modp1024
esp=aes128-sha1
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=%config
rightprotoport=17/1701

4. Set the shared secret

Create the file /etc/ipsec.secrets and add the following:

bash
%any : PSK "YourSecretPassword"

Replace YourSecretPassword with a strong secret passphrase.

5. Start and enable StrongSwan

bash
sudo systemctl start strongswan
sudo systemctl enable strongswan

6. Configure XL2TPD

Create the file /etc/xl2tpd/xl2tpd.conf and add the following:

bash
[global]
ipsec saref = yes
listen-addr = <YourVPSIPAddress>[lns default]
ip range = <VPNClientIPRangeStart>-<VPNClientIPRangeEnd>
local ip = <YourVPSPrivateIPAddress>
require chap = yes
refuse pap = yes
require authentication = yes
name = <YourVPNName>
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Replace <YourVPSIPAddress>, <VPNClientIPRangeStart>, <VPNClientIPRangeEnd>, <YourVPSPrivateIPAddress>, and <YourVPNName> with the appropriate values for your setup.

7. Configure PPP options

Create the file /etc/ppp/options.xl2tpd and add the following:

bash
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

8. Set up a user for VPN

Add a user by editing the file /etc/ppp/chap-secrets and adding the following line:

bash
<Username> l2tpd <Password> *

Replace <Username> and <Password> with the desired username and password.

9. Start and enable XL2TPD

bash
sudo systemctl start xl2tpd
sudo systemctl enable xl2tpd

10. Configure the firewall

You need to allow incoming connections on the following ports:

  • UDP 500
  • UDP 4500
  • UDP 1701

If you are using ufw, you can use the following commands:

bash
sudo ufw allow 500/udp
sudo ufw allow 4500/udp
sudo ufw allow 1701/udp

After following these steps, your L2TP VPN server should be set up and running.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

More stories

whoami – command to determine, who are you (Linux users)
admin, April 24, 2024
whoami – command to determine, who are you (Linux...
Introduction to tar (Command to extract and compress files in Linux)
admin, April 24, 2024
Introduction to tar (Command to extract and compress fi...
Vim: Using to the Old School Text Editing Package
admin, April 16, 2024
Vim: Using to the Old School Text Editing Package

User comments

Lees
Lees, May 17, 2023

Do you set up VPN if i buy VPS?

Reply

Leave a reply

Your email address will not be published. Required fields are marked

Login
Register
Forgot something?