192.168.1.101-120 – local IP range used for the L2TP tunnels, outside of the DHCP allocation range.192.168.1.1 – peer local IP of the L2TP VPN.192.168.1.100 – LAN IP of VPN server (also running the DNS server).
The numbers used in the configurations below – adjust them to suit your specific network setup needs: This way, there are 2 passwords required – one for the IPSec component provided by OpenSWAN (set as the pre-shared key), and one for the actual user account which is connecting to the VPN. pppd provides authentication for users.It talks to pppd to authenticate a user, and then makes that user appear on the local network as some IP in its defined range. xl2tpd provides the component which connects the two networks (the client’s and the server’s) together.On connection, the client provides a pre-shared key to the server, and then OpenSWAN establishes the IPSEC tunnel and passes control to xl2tpd. OpenSWAN provides the IPSEC component, encapsulating packets from the client to/from the server, providing basic network connectivity and authentication.Prerequisitesĭue to its double-encapsulation nature (L2TP performs the tunnelling of data and IPSec provides the encrypted channel), L2TP/IPSec has a more complex setup and configuration procedure, both for the server and the client: The next best thing (and least complicated to set up going from PPTP) is IPSec/L2TP, which has built-in support in most current operating systems (including Windows, Linux and Android). I’ve been using PPTP as a VPN solution for a while (despite is security obsolescence) however I have the feeling that one of my ISPs has started filtering and/or throttling PPTP traffic that goes outside its network.Īs a result, I had to look for an alternate VPN system to use when I need to dial back to my home network while on the move to access my media library or when I require a trusted connection or a whitelisted IP.