Ultimate VPN Server ( KVM, VMware or Dedicated ) Ubuntu 12.04 / 12.10 PPTP + OpenVPN ( udp 1194 + tcp 443 ) + L2TP/IPSec ( xl2tpd strongswan ) + http https ftp Proxy ( Squid ) with FreeRadius ( radiusclient ) authentication + persistent iptables firewall

Assumptions:

Completed Server Preparation: KVM / VMware / Standalone Ubuntu 12.04 / 12.10 Server Preparation

FreeRADIUS Server Configured: Ubuntu 12.04 / 12.10 Install FreeRADIUS Server authenticating with a MySQL (MariaDB) Database

Notes:

FreeRADIUS Server: 68.68.68.11

PPTP Client IP: 10.10.10.1
PPTP Remote IP’s: 10.10.10.10 -> 10.10.10.250

OpenVPN udp 1194 Remote IP’s: 10.8.8.1 -> 10.8.8.255
OpenVPN tcp 443 Remote IP’s: 10.7.7.1 -> 10.7.7.255

L2TP/IPSec Client IP: 10.9.9.1
L2TP/IPSec Remote IP’s: 10.9.9.10 -> 10.9.9.250

Enable IP Forwarding

Add a VPN Client to your Freeradius Server

DO ONLY THIS ON YOUR FREERADIUS SERVER

Restart FreeRADIUS Server

PPTP Server + FreeRadius ( radiusclient ) authentication

FreeRADIUS Server: 68.68.68.11
PPTP Client IP: 10.10.10.1
PPTP Remote IP’s: 10.10.10.10 -> 10.10.10.250

PPTP Server

Install PPTP

Configure PPTP

Optimise PPTP MTU

FreeRadius ( radiusclient ) authentication

Install radiusclient

Configure radiusclient

Add a microsoft dictionary to the freeradius client

Create the dictionary.microsoft file for the freeradius client
/etc/radiusclient/dictionary.microsoft

Configure PPP to authenticate via radiusclient

Restart PPTP Server

OpenVPN Server + FreeRadius ( openvpn-auth-radius ) authentication

FreeRADIUS Server: 68.68.68.11
OpenVPN udp 1194 Remote IP’s: 10.8.8.1 -> 10.8.8.255
OpenVPN tcp 443 Remote IP’s: 10.7.7.1 -> 10.7.7.255

OpenVPN Server

Install OpenVPN

Configure OpenVPN Configuration Files

Generate OpenVPN certificates

Build CA

Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server’s hostname) [changeme]:vpn.domain.com
Name [changeme]:
Email Address [mail@host.domain]:

Build key server

—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server’s hostname) [server]:vpn.domain.com
Name [changeme]:
Email Address [mail@host.domain]:
A challenge password []:
An optional company name []:
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y

Build Diffie Hellman

Create a Static Key

Create the OpenVPN udp port 1194 server.conf
/etc/openvpn/server-udp1194.conf

Create the radiusplugin udp 1194 config
/etc/openvpn/radiusplugin-udp1194.cnf

Create the OpenVPN tcp port 443 server.conf
/etc/openvpn/server-tcp-443.conf

Create the radiusplugin tcp 443 config
/etc/openvpn/radiusplugin-tcp443.cnf

Sample: OpenVPN Client-udp1194.ovpn config file

SAMPLE: OpenVPN Client-tcp443.ovpn config file

Restart OpenVPN Server

L2TP/IPSec Server + FreeRadius ( radiusclient1 ) authentication + Android 4 ICS fixes

FreeRADIUS Server: 68.68.68.11
L2TP/IPSec Client IP: 10.9.9.1
L2TP/IPSec Remote IP’s: 10.9.9.10 -> 10.9.9.250

L2TP/IPSec Server

Install L2TP/IPSec Server

Create the xl2tpd options file
/etc/ppp/options.xl2tpd

Create the xl2tpd config file
/etc/xl2tpd/xl2tpd.conf

Create the ipsec config file
/etc/ipsec.conf

Create the IPSEC Secret

Restart strongswan IPSec Server

Restart XL2TPD Server

Squid Proxy Server + FreeRadius ( squid_radius_auth ) authentication

FreeRADIUS Server: 68.68.68.11
Squid Remote IP: 68.68.68.9

Install Squid

Configure Squid

Configure Squid Radius Auth config

Restart Squid

Firewall Rules ( iptables )

Install iptables-persistent

Flush / clear the iptable rules

Load the iptable rules

Save the iptables rules to automatically apply at boot

1 reply
  1. afreet
    afreet says:

    hello

     

    this is great tutorial  i have followed it over a year now and my server running with no issue until today when am unable to connect to l2tp  the logs show:

    pluto[2222]: “l2tp”[2] xx.xx.xx.xx #8: ERROR: asynchronous network error report on eth0 for message to xx.xx.xx.xx port 500, complainant xx.xx.xx.xx: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

    test more than one client and from different IPs, i have my development server also giving the same error

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *