Please follow the steps below to establish a VPN connection. *** The following instructions are for ClassNet and ResNet networks only while connection from Public ISP may not be suppor 1. Download and Install L2TP VPN Corresponding Package 2. Configure the corresponding configuration file 3. Connect to the Resnet and classnet by using the file we provided 4. Tips for broadband users I. Download and Install L2TP VPN Package 1. Download racoon, ppp, dhcp-client, ipsec-tools, xl2tpd to a computer which have Internet access, then transfer to your computer running debian by clicking the URL. racoon and ipsec-tools gnome-ppp dhcp-client xl2tpd 2. Double-click the package downloaded; you will be reminded that the client can also be downloaded through yum channel. Then click Close.
3. Click Install Package to install racoon and ipsec-tools, ppp,dhcp-client and xl2tpd. 4. Type your computer's root account password, and then click OK. 5. Click Apply to continue the installation. 6. Click Install anyway to continue the installation.
7. Click OK to finish the package installation. 8. Repeat the step 2 to step for installing the others package except racoon and ipsec-tools package. 9. You should select "direct" and press Enter to continue the installation of the racoon and ipsec tools package. II. Configure the corresponding configuration file
1.Edit the configuration of the packages installed using any word editor (e.g. vi, vim, gedit) I. Edit the racoon.conf file Enter the command: gedit /etc/racoon/racoon.conf And then copy and paste the code like the picture shown below for the racoon configuration file. The configuration of raccoon.conf should be: log debug; path pre_shared_key "/etc/racoon/psk.txt"; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } remote anonymous { exchange_mode main; doi ipsec_doi; situation identity_only; generate_policy on; proposal_check obey; proposal { encryption_algorithm des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo anonymous { lifetime time 28800 sec;
encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } II.Edit the Pre-Shared Key file The first one is the servers IP and the second one is the pre-shared key, using Resnet VPN, the setting should be: Enter the command, gedit /etc/racoon/psk.txt You can copy and paste all codes below the psk file. #resnet 10.0.255.246 ipsec-vpn 10.0.255.247 ipsec-vpn 10.0.255.248 ipsec-vpn 10.0.255.249 ipsec-vpn 10.0.255.251 ipsec-vpn 10.0.255.253 ipsec-vpn 10.0.255.252 ipsec-vpn 10.0.255.254 ipsec-vpn #classnet 10.0.191.254 ipsec-vpn 10.0.191.253 ipsec-vpn #broadband 137.189.192.201 ipsec-vpn 137.189.192.204 ipsec-vpn
III. Edit the configuration of the l2tpd (for ubuntu 7.10) or xl2tpd (for ubuntu 8.04) Enter the command according to your ubuntu's version: gedit /etc/xl2tpd/xl2tpd.conf [global] port = 1701 auth file = /etc/ppp/pap-secrets [lac connect] lns = vpn.cuhk.edu.hk require pap = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd IV. Edit the pap secrets file according to the nature of the VPN connection Enter the command gedit /etc/ppp/pap-secrets s0123456 vpn.cuhk.edu.hk yourpassword V. Edit the option file Enter the command : gedit /etc/ppp/options.xl2tpd lock debug mtu 1000 nobsdcomp nodeflate noaccomp nopcomp novj
defaultroute replacedefaultroute name s0123456 (change to your student ID) III. Connect to Resnet/Classnet 1.Download the script connect.sh from here and save the file to the corresponding location. 2. You should at the directory where connect.sh exist in the terminal and then type the below to excute the script file.when yo to the VPN, you need to execute it everytime../connect.sh 3. You can check whether your connection is under VPN connection by using "ifconfig" command. If you can see the ppp0 connection, that means your connection is under VPN connection. 4. For disconnection, please enter the following command. echo "d" > /var/run/xl2tpd/l2tp-control IV. Tips for broadband users Please go though the steps in I and II. Then, you are required to make the following amendments.
http://helpdes 1. Adding static route First you have to identify the IP address of your ISP's default gateway and the broadband VPN server you are connecting. For ADSL-based broadband: /sbin/route add -host vpn.server.ip.address ppp0 (adding both broadband VPN server IP addresses are ok) /sbin/route add default ppp1 For ethernet-based broadband: /sbin/route add -host vpn.server.ip.address gw isp.default.gateway.ip (adding both broadband VPN server IP addresses are ok) /sbin/route add default ppp0 2. Modification of connect.sh remove the dhclient changing ipsec encryption commands with local ip address as the following: echo -e spdadd youripaddress/32\[1701\] 0.0.0.0\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; 3. For DNS server If you can connect by IP but can't resolve DNS, you need to add the CUHK DNS servers to resolv.conf gedit /etc/resolv.conf nameserver 137.189.192.3 nameserver 137.189.196.3 For comments and enquiries about this service, please write to the ITSC Elec