Configure VPN with Fedora

Please follow the steps below to establish a VPN connection.

*** The following instructions are for ClassNet and ResNet networks only while connection from Public ISP may not be supported.

I. Download and Install L2TP VPN Package

1. Download racoon, ppp, dhcp-client, ipsec-tools, xl2tpd to a computer which have Internet access, then transfer to your computer running debian by clicking the URL.
2. Double-click the package downloaded; you will be reminded that the client can also be downloaded through yum channel.

Then click Close.

3. Click Install Package to install racoon and ipsec-tools, ppp,dhcp-client and xl2tpd.
4. Type your computer’s root account password, and then click OK.
5. Click Apply to continue the installation .
6. Click Install anyway to continue the installation.
7. Click OK to finish the package installation.
8. Repeat the step 2 to step for installing the others package except racoon and ipsec-tools package.
9. You should select “direct” and press Enter to continue the installation of the racoon and ipsec tools package.

II. Configure the corresponding configuration file

1.Edit the configuration of the packages installed using any word editor (e.g. vi, vim, gedit)

I. Edit the racoon.conf file

Enter the command:

gedit /etc/racoon/racoon.conf

And then copy and paste the code like the picture shown below for the racoon configuration file.

The configuration of raccoon.conf should be:

log debug;
path pre_shared_key “/etc/racoon/psk.txt”;
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
proposal_check obey;
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
sainfo anonymous {
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;

II.Edit the Pre-Shared Key file

The first one is the servers’ IP and the second one is the pre-shared key, using Resnet VPN, the setting should be:

Enter the command,

gedit /etc/racoon/psk.txt

You can copy and paste all codes below the psk file.

#resnet ipsec-vpn ipsec-vpn ipsec-vpn ipsec-vpn ipsec-vpn ipsec-vpn ipsec-vpn ipsec-vpn
#classnet ipsec-vpn ipsec-vpn
#broadband ipsec-vpn ipsec-vpn

III. Edit the configuration of the l2tpd (for ubuntu 7.10) or xl2tpd (for ubuntu 8.04)

Enter the command according to your ubuntu’s version:

gedit /etc/xl2tpd/xl2tpd.conf

port = 1701
auth file = /etc/ppp/pap-secrets
[lac connect]
lns =
require pap = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd

IV. Edit the pap secrets file according to the nature of the VPN connection

Enter the command

gedit /etc/ppp/pap-secrets

s0123456 yourpassword

V. Edit the option file

Enter the command :

gedit /etc/ppp/options.xl2tpd

mtu 1000
name s0123456 (change to your student ID)

III. Connect to Resnet/Classnet

1.Download the script from here and save the file to the corresponding location.
2. You should at the directory where exist in the terminal and then type the below to excute the script file.When you need to connect to the VPN, you need to execute it everytime.
3. You can check whether your connection is under VPN connection by using “ifconfig” command. If you can see the ppp0 connection, that means your connection is under VPN connection.
4. For disconnection, please enter the following command.

echo “d” > /var/run/xl2tpd/l2tp-control

IV. Tips for broadband users

Please go though the steps in I and II. Then, you are required to make the following amendments.

1. Adding static route

First you have to identify the IP address of your ISP’s default gateway and the broadband VPN server you are connecting.

For ADSL-based broadband:
/sbin/route add -host vpn.server.ip.address ppp0 (adding both broadband VPN server IP addresses are ok)
/sbin/route add default ppp1

For ethernet-based broadband:
/sbin/route add -host vpn.server.ip.address gw isp.default.gateway.ip (adding both broadband VPN server IP addresses are ok)
/sbin/route add default ppp0

2. Modification of

  • remove the dhclient
  • changing ipsec encryption commands with local ip address as the following:

echo -e spdadd yourIPaddress/32\[1701\]\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; |

3. For DNS server

If you can connect by IP but can’t resolve DNS, you need to add the CUHK DNS servers to resolv.conf

gedit /etc/resolv.conf



About Bona

បណ្ដាញសម្រាប់ទំនាក់ទំនង ចែករំលែក ពិភាក្សា ពីជ្រុងមួយនៃប្រទេសកម្ពុជា

Posted on March 27, 2008, in ផ្ទាល់ខ្លួន. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s