Blog

Configuring VPN-server on Ubuntu

Learn how to set up a VPN server on Ubuntu using L2TP/IPSec, providing secure internet access for a variety of devices.

Dmytro
openvpn vpn networking security linux

Configuring a VPN Server on Ubuntu

Nowadays, VPN services are particularly popular among users in countries where freedom of expression and access to information are restricted, such as China, Belarus, and Russia. This guide will show you how to create your own VPN server using L2TP/IPSec on an SSD VDS.

Step 1: Order SSD VDS

Choose Ubuntu as your operating system with minimal resource requirements (512MB of memory is sufficient). The installation takes about 5-7 minutes, after which you will receive access details via email. Use an SSH client (e.g., PuTTY) for setup.

Step 2: Install Required Applications

Install the necessary applications with the following command:

apt-get install openswan xl2tpd ppp

During installation, select “No” for automatic key generation.

Step 3: Configure IPsec

Edit the file /etc/ipsec.conf:

version 2.0

config setup
    nat_traversal=yes
    oe=off
    protostack=netkey

conn L2TP-PSK
    authby=secret
    pfs=no
    rekey=no
    type=tunnel
    esp=aes128-sha1
    ike=aes128-sha-modp1024
    ikelifetime=8h
    keylife=1h
    left=185.14.XX.XX  # Specify your VDS IP
    leftnexthop=%defaultroute
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    rightsubnetwithin=0.0.0.0/0
    auto=add
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear

Step 4: Add Encryption Key

Specify your encryption key in /etc/ipsec.secrets:

%any %any: PSK "TestSecret"

Step 5: Configure L2TP

Edit /etc/xl2tpd/xl2tpd.conf:

[global]
    ipsec saref = yes
[lns default]
    ip range = 192.168.1.231-192.168.1.239
    local ip = 192.168.1.230
    refuse chap = yes
    refuse pap = yes
    require authentication = yes
    ppp debug = no
    pppoptfile = /etc/ppp/options.xl2tpd
    length bit = yes

Step 6: Configure PPP

Edit /etc/ppp/options.xl2tpd:

require-mschap-v2
ms-dns 8.8.8.8
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

Step 7: Set Up Authentication

In /etc/ppp/chap-secrets, add:

* * TestPassword *

Step 8: Enable NAT

Edit /etc/rc.local to enable NAT:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

Complete the Setup

Restart your VDS with the command:

reboot

Configure on iPhone

Go to “Settings” -> “VPN” -> “Add VPN Configuration…” and fill the fields:

  • Type: L2TP
  • Description: My VPN
  • Server: Your VDS IP
  • Account: Any name
  • Password: TestPassword
  • Secret: TestSecret

Save the configuration and enable the VPN in your preferences. After a few seconds, you can enjoy a secure, unrestricted internet experience.

Need Help?

Our support team is available 24/7 to assist you with any questions or issues.

Contact Support