Trusted, Bureaucrats, Administrators
12,424
edits
Changes
From Amahi Wiki
no edit summary
heading =WARNING|
message = This is recommended only for advanced users, proceed with caution.}}
{{NeedsUpdate}} This is a IPSECIPsec/L2TP VPN server implementation for Fedora 14 that allows Android OS (2.3 .5 or less) devices to connect to your HDA. It has been tested with Android OS 2.3 .5 via [http://www.samsung.com/us/mobile/cell-phones/SGH-I727MSAATT Samsung Galaxy S™ II Skyrocket™]. It may not work for all Android devices or may require some modification.
===Setup===
Install the packages first as root user:
====Configure Openswan====
*Edit '''''/etc/ipsec.conf''''' with your favorite editor and update as follows ('''NOTE:''' Replace the ''{HDA IP Address}'' i.e. 192.168.0.10, ''{Router IP Address}'' i.e. 192.168.0.1, and xxx.xxx.xxx.xxx/24 i.e. 192.168.0.0/24 with the correct IP addresses for your network):{{Text|Text=<pre>config setup
protostack=netkey
nat_traversal=yes
oe=off
nhelpers=0
<nowiki></nowiki>conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT<nowiki></nowiki>conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=<nowiki>{HDA IP Address}</nowiki> leftprotoport=17/1701 leftnexthop={Router IP Address} right=%any rightprotoport=17/0 rightsubnet=vhost:%no,%priv}}any</pre>
* Add the following to '''''/etc/ipsec.d/hda.secrets''''':
* Edit '''''/etc/sysctl.conf''''' and add following to the file:
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0}}</pre>
* In the same file, disable the following by adding a #:
<nowiki>#</nowiki>net.bridge.bridge-nf-call-iptables = 0
<nowiki>#</nowiki>net.bridge.bridge-nf-call-arptables = 0}}</pre> * To enable changes, do the following: sysctl -p
* Create '''''/usr/bin/disable_send_accept_redirectszl2tpset''''' and add the following:{{Text|Text=<pre><nowiki>#</nowiki>!/bin/bashfor each in /proc/sys/net/ipv4/conf/*"doecho 0 > \$each/accept_redirectsecho 0 > \$each/send_redirectsdone</pre>
* Add the following to '''''/etc/rc.local''''' so this script runs on boot:
* To verify everything is set correctly, do the following:
====Configure xl2tpd====
* Edit '''''/etc/xl2tpd/xl2tpd.conf'''''and update to reflect as follows:** Ensure <code>ipsec saref = yes</code> is uncommented.** '''NOTE:''' The IP range is outside an actively used IP range. For example if your DHCP server assigns IPs between 192.168.10.10 and 192.168.10.100 you can use 192.168.10.150-192.168.10.200. Also, xl2tpd needs a local IP which is used for communication with PPP. Given example, you could use 192.168.10.101.<pre>[global]ipsec saref = no [lns default]ip range = 192.168.10.150-192.168.10.200local ip = 192.168.10.101require chap = yesrefuse pap = yesrequire authentication = yesppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yes</pre>
====Configure PPP====
* Add following to '''''/etc/ppp/chap-secrets''''' (replace username and password accordingly):
* Check '''''/etc/ppp/options.xl2tpd''''' to verify that all ''ms-dns'' entries point to the correct nameservers (the HDA).
*Start xl2tpd:
====Configure Router====
====Set Services to Start on Boot====
That's basically it, you can now setup your L2TP/IPSEC IPsec VPN client and try to connect.
References:
[http://www.mindbug.org/2010/11/fedora-as-ipsecl2tp-vpn-server-for-mac.html Fedora as IPSECIPsec/L2TP VPN Server for Mac and Android]
[https://lists.openswan.org/pipermail/users/2008-March/014218.html Installing OpenSwan for the first time]
[http://www.linuxhelp.in/2011/06/installing-and-configuring-l2tp-vpn.html Installing and configuring l2tp vpn using xl2tpd]
===Android L2TP/IPsec Client Setup===
