how to setup l2tp vpn on ubuntu 24.10?

If you want to connect your Ubuntu 24.10 system to an L2TP VPN using only the terminal.

Step 1: Install required packages

First, install the tools needed to run L2TP and IPsec tunnels:

sudo apt update
sudo apt install strongswan xl2tpd -y

These tools allow Ubuntu to handle L2TP/IPsec VPN sessions securely.

Step 2: Configure IPsec

You’ll need to create a basic IPsec configuration to secure the L2TP connection:

sudo nano /etc/ipsec.conf

Add this content and adjust values as needed:

config setup
  charondebug="ike 1, knl 1, cfg 0"

conn l2tp
  keyexchange=ikev1
  authby=secret
  type=transport
  left=%defaultroute
  leftprotoport=17/1701
  right=vpn.example.com
  rightprotoport=17/1701
  auto=start

Step 3: Add shared secret

Set the pre-shared key (PSK) used with the VPN server:

sudo nano /etc/ipsec.secrets

Add this line:

%any vpn.example.com : PSK "your_shared_secret"

Replace vpn.example.com and your_shared_secret with your real VPN server and key.

Step 4: Configure L2TP client

Now configure the L2TP layer to handle the connection:

sudo nano /etc/xl2tpd/xl2tpd.conf

Paste the following:

[global]
port = 1701

[lns default]
ip range = 192.168.100.10-192.168.100.20
local ip = 192.168.100.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpclient
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

Step 5: Set PPP options

Define how the PPP tunnel handles credentials and DNS.

sudo nano /etc/ppp/options.l2tpd.client

Add the following lines:

name vpnuser
password vpnpass
refuse-pap
require-chap
ms-dns 1.1.1.1
mtu 1410
mru 1410
persist
noauth

Replace vpnuser and vpnpass with your actual login credentials.