-
-
Save mattweidner/92fd6ead6b0d90190a6b31d4efaebbfb to your computer and use it in GitHub Desktop.
Revisions
-
psanford revised this gist
May 29, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ apt-get install -y strongswan xl2tpd Configure strong swan ``` cat > /etc/ipsec.conf <<EOF # ipsec.conf - strongSwan IPsec configuration file # basic configuration -
May 29, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
May 29, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,110 @@ These are my notes for connecting to a meraki client vpn from ubuntu 16.04. This configuration assumes you are using a psk for the ipsec auth. Install the following packages: ``` apt-get install -y strongswan xl2tpd ``` Configure strong swan ``` cat /etc/ipsec.conf <<EOF # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret ike=aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha1-modp1024,3des-sha1-modp1024! conn meraki-vpn keyexchange=ikev1 left=%defaultroute auto=add authby=secret type=transport leftprotoport=17/1701 rightprotoport=17/1701 # set this to the ip address of your meraki vpn right=XXX.XXX.XXX.XXX EOF cat > /etc/ipsec.secrets <<EOF : PSK "YOUR_PSK_GOES_HERE" EOF ``` Configure xl2tp: ``` cat > /etc/xl2tpd/xl2tpd.conf <<EOF [lac meraki] # your meraki vpn ip goes here lns = XXX.XXX.XXX.XXX ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes EOF cat > /etc/ppp/options.l2tpd.client <<EOF ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 noccp noauth idle 1800 mtu 1410 mru 1410 defaultroute usepeerdns debug lock connect-delay 5000 EOF mkdir -p /var/run/xl2tpd touch /var/run/xl2tpd/l2tp-control ``` Restart your services: ``` service strongswan restart service xl2tpd restart ``` Start the ipsec connection: ``` ipsec auto --up meraki ``` Start the l2tp connection (with your username and password) ``` echo "c meraki <user> <pass>" > /var/run/xl2tpd/l2tp-control ``` Add a route for your internal network: ``` ip route add 10.0.0.1/24 dev ppp0 ``` To disconnect: ``` echo "d meraki" > /var/run/xl2tpd/l2tp-control ipsec down meraki ```