/etc/ipsec.conf # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # crlcheckinterval=600 # strictcrlpolicy=yes # cachecrls=yes nat_traversal=yes charonstart=yes plutostart=yes klipsdebug=all plutodebug=all charondebug="ike 10, knl 10, cfg 10" conn L2TP authby=psk pfs=no rekey=no type=tunnel esp=aes128-sha1 ike=aes128-sha-modp1024 #left=213.23.94.34 left=10.0.2.10 #left=%any leftnexthop=%defaultroute leftprotoport=17/1701 #right=10.0.2.10 right=%any rightprotoport=17/%any rightsubnetwithin=0.0.0.0/0 auto=add include /var/lib/strongswan/ipsec.conf.inc /etc/xl2tpd/xl2tpd.conf [global] debug state = yes debug tunnel = yes debug avp = yes debug network = yes debug packet = yes [lns default] ip range = 10.9.10.2-10.9.11.254 local ip = 10.9.10.1 ;require chap = yes ;refuse pap = yes ;require authentication = yes ;name = NIELSPEEN.COM ;pppoptfile = /etc/ppp/options.xl2tpd ;length bit = yes refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes ipsec:/var/log# cat /etc/ipsec.secrets # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "ipsec showhostkey". # this file is managed with debconf and will contain the automatically created private key #include /var/lib/strongswan/ipsec.secrets.inc #10.0.2.10 %any : PSK "test" 10.0.2.10 %any : PSK "test" ipsec:/var/log# cat /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses thomas l2tpd "meinpasswd" 10.9.10.2