VPN(L2TP, IPSec)

Setup

NOTE: this memo is VPN of L2TP/IPSec PSK
based on https://github.com/hwdsl2/setup-ipsec-vpn
and network-manager-l2tp-gnome was not working for me that's why i used vpn cmd manually.

make .envrc

$ cp .env .envrc

check IEK algorithm type

result was below in my vpn server it means IKE algorithm is aes128-sha1-modp1024!

$ sudo ike-scan $VPN_SERVER_IP --trans="(1=7,14=128,2=2,3=1,4=2)"
XXX.XXX.XXX.XXX  Main Mode Handshake returned HDR=(CKY-R=5911387ba9cc4c1e) SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=1800)

to load vpn credential

$ cd ~/dotifiles
$ sudo direnv allow && sudo direnv exec . bash
# echo $VPN_SERVER_IP

run setup script

# sh /home/mike/dotfiles/scripts/vpn-setup.sh

Start L2TP/IPSec

Firstly, need to start processes

$ /usr/bin/systemctl restart strongswan
$ /usr/bin/systemctl restart xl2tpd

SWitch shell to use env

$ sudo direnv allow && sudo direnv exec . bash

Start VPN

$ wget -qO- http://ipv4.icanhazip.com; echo # current ip address
$ 
$ ipsec up myvpn # start ipsec
$ echo "c myvpn" > /var/run/xl2tpd/l2tp-control # start l2tp
$ ifconfig # confim whether ppp0(Point-to-Point Protocol) exits or not
$ ip route # check default route
$ route add $VPN_SERVER_IP gw 192.168.0.1 # replace default route; 192.168.0.1 is gateway ip, it appeared by `default via X.X.X.X ....`
$ route add default dev ppp0 # Add a new default route to start routing traffic via the VPN server
$ 
$ wget -qO- http://ipv4.icanhazip.com; echo # new ip address

finish VPN

$ route del default dev ppp0
$ echo "d myvpn" > /var/run/xl2tpd/l2tp-control
$ ipsec down myvpn

Get gateway address

DEFAULT_GW=$(python3 ~/dotfiles/scripts/gw_addr.py)
route add $VPN_SERVER_IP gw $DEFAULT_GW # replace default route; 192.168.0.1 is gateway ip, it appeared by `default via X.X.X.X ....`