Cara Install L2TP VPN di VPS Ubuntu, Debian, Centos
L2TP VPN adalah salah satu jenis VPN yang menggunakan Layer 2 sebagaimana namanya L2TP (Layer 2 Tunneling Protocol)
L2TP merupakan pengembangan dari PPTP dengan keamanan yang lebih baik, port yang digunakan adalah UDP port 1701
Untuk melakukan instalasi L2TP di VPS yang besistem operasi Ubuntu, Debian atau Centos. Kita bisa menggunakan script installer yang ada di https://github.com/hwdsl2/setup-ipsec-vpn
Persyaratan
- VPS KVM (OpenVZ tidak bisa digunakan sebagai L2TP VPN Server)
Proses Install L2TP
Percobaan kali ini saya menggunakan VPS dari AWS.
Cara installnya cukup mudah, cukup jalankan perintah
wget https://git.io/vpnquickstart -O vpn.sh && sudo sh vpn.sh
Proses instalasi akan berjalan dan tunggu sampai selesai. Script di atas akan otomatis menggenerate username, password, IPSec
ubuntu@nixpoin:~$ wget https://git.io/vpnquickstart -O vpn.sh && sudo sh vpn.sh
--2021-11-06 06:46:36-- https://git.io/vpnquickstart
Resolving git.io (git.io)... 54.162.128.250, 18.205.36.100, 52.204.242.176, ...
Connecting to git.io (git.io)|54.162.128.250|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/quickstart.sh [following]
--2021-11-06 06:46:37-- https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/quickstart.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6458 (6.3K) [text/plain]
Saving to: ‘vpn.sh’
vpn.sh 100%[=================================================>] 6.31K --.-KB/s in 0s
2021-11-06 06:46:38 (31.4 MB/s) - ‘vpn.sh’ saved [6458/6458]
+ wget -t 3 -T 30 -q -O /tmp/vpn.KM6q0/vpn.sh https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup_ubuntu.sh
## VPN credentials not set by user. Generating random PSK and password...
## VPN setup in progress... Please be patient.
## Installing packages required for setup...
+ apt-get -yqq update
+ apt-get -yqq install wget dnsutils openssl iptables iproute2 gawk grep sed net-tools
## Trying to auto discover IP of this server...
## Installing packages required for the VPN...
+ apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev libcurl4-nss-dev flex bison gcc make libnss3-tools libevent-dev libsystemd-dev uuid-runtime ppp xl2tpd
Extracting templates from packages: 100%
## Installing Fail2Ban to protect SSH...
+ apt-get -yqq install fail2ban
## Downloading IKEv2 script...
+ wget -t 3 -T 30 -q -O ikev2.sh https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh
## Downloading Libreswan...
+ wget -t 3 -T 30 -q -O libreswan-4.5.tar.gz https://github.com/libreswan/libreswan/archive/v4.5.tar.gz
## Compiling and installing Libreswan, please wait...
+ make -j5 -s base
+ make -s install-base
## Creating VPN configuration...
## Updating sysctl settings...
## Updating IPTables rules...
## Enabling services on boot...
## Starting services...
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: 54.169.116.191
IPsec PSK: gA2TCVbbPrTDzFFwAq5E
Username: vpnuser
Password: hXfeyA3rZS5PVh8C
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
IKEv2 guide: https://git.io/ikev2
================================================
================================================
IKEv2 setup successful. Details for IKEv2 mode:
VPN server address: 54.169.116.191
VPN client name: vpnclient
Client configuration is available at:
/home/ubuntu/vpnclient.p12 (for Windows & Linux)
/home/ubuntu/vpnclient.sswan (for Android)
/home/ubuntu/vpnclient.mobileconfig (for iOS & macOS)
*IMPORTANT* Password for client config files:
SFTFuGTuvtVVeW2e8m
Write this down, you'll need it for import!
Next steps: Configure IKEv2 VPN clients. See:
https://git.io/ikev2clients
================================================
Menambahkan User L2TP VPN
Untuk menambahkan user, download dulu script lain untuk menambahkan user.
wget https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
Lalu jalankan perintah dibawah ini untuk menambahkan usernya
ubuntu@nixpoin:~$ sudo bash add_vpn_user.sh 'usernameku' 'passwordku'
Welcome! Use this script to add or update a VPN user account for both
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
If the username you specified already exists, it will be updated
with the new password. Otherwise, a new VPN user will be added.
Please double check before continuing!
================================================
VPN user to add or update:
Username: usernameku
Password: passwordku
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================
Do you want to continue? [y/N] y
Adding or updating VPN user...
Done!
Note: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets.
Menghapus User L2TP VPN
Download dahulu script untuk menghapusnya
wget https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
Perintah untuk menghapus usernya
sudo bash del_vpn_user.sh 'usernameyangingindihapus'
Selamat mencoba!
Read other posts