Image may be NSFW.
Clik here to view.
The Raspberry Pi is a great little small computer, both for tinkering but also as a low power 24/7 running homeserver system. I've got multiple Pi's, one running as my home VPN gateway. It is running an IPSEC/L2TP VPN server. This is a guide on setting up an IPSEC/L2TP vpn server with Arch Linux on the Raspberry Pi using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp or local users / PAM for authentication. It has a detailed explanation with every step. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPNs.
This tutorial is available for the following platforms:
- Raspberry Pi with Arch Linux ARM
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- CentOS 6, Scientific Linux 6 or Red Hat Enterprise Linux 6
This tutorial was tested on a Raspberry Pi running Arch Linux ARM, installed via NOOBS. It ran the current up to date Arch Linux ARM, here are the versions used:
uname -a: Linux pi2.raymii.nl 3.10.25-1-ARCH #1 PREEMPT Mon Dec 23 16:07:25 MST 2013 armv6l GNU/Linuxipsec --version: Linux Openswan U2.6.39/K3.10.25-1-ARCH (netkey)xl2tpd -v: xl2tpd version: xl2tpd-1.3.1pppd --version: pppd version 2.4.5
IPSec encrypts your IP packets to provide encryption and authentication, so no one can decrypt or forge data between your clients and your server. L2TP provides a tunnel to send data. It does not provide encryption and authentication though, that is why we combine the two.
To work trough this tutorial you should have:
- 1 Raspberry Pi running Arch Linux ARM
- 1 (or more) clients running an OS that support IPsec/L2tp vpns (Ubuntu, Mac OS, Windows, Android).
- Ports 1701 TCP, 4500 UDP and 500 UDP opened in the firewall.
I do all the steps as the root user. You should do to, but only via sudo -i or su -. Do not allow root to login via SSH!
