Howto Mobile Ipsec

Basic on howto setup IPSEC/l2tp on Linux to serve Android.

On Linux install XL2tpd 1.2.4-1

On Linux install IPSEC/strongSwan U4.3.6.

/etc/ppp/chap-secrets

  1. Secrets for authentication using CHAP
  2. client server secret IP addresses

* * "secretpassword" *

/etc/xl2tpd/l2tp-secrets
* * secretpassword

/etc/xl2tpd/xl2tpd.conf
[global]
debug network = yes
debug tunnel = yes
[lns default]
ip range = 10.10.7.220-10.10.7.222
local ip = 10.10.7.219
require chap = yes
refuse pap = yes
require authentication = yes
name = your.server.name.com
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.2.1 //inside IP of the firewall, which had DNS server listening on it.
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
lcp-echo-interval 60
lcp-echo-failure 10

/usr/local/etc/ipsec.conf
config setup
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=yes
plutostart=yes
conn L2TP
authby=psk
pfs=no
rekey=no
type=tunnel
esp=aes128-sha1
ike=aes128-sha-modp1024
left=your.server.name.com
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
auto=add

/usr/local/etc/ipsec.secrets
your.public.ip.address %any : PSK "asdlkbasdliuh438hf3o747g"

On the Android:
Click: SETTINGS —> WIRELESS AND NETWORKS —> VPN SETTINGS —> ADD VPN —> ADD L2TP/IPSEC PSK VPN
VPN name: blah blah
Set VPN Server: IP or FQDN of your server
Setp IPSec pre-shared key: asdlkbasdliuh438hf3o747g
Enable L2TP secret: UNCHECKED
DNS search domains: ignore it.

Save it all, then click on your VPN in the list to connect.
It will ask for a user name, you can put anything in there.
For the password it is the same as from /etc/xl2tpd/l2tp-secrets

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License