hi
here is my simple approach of a vpn client via bash
The main script i found https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup
I’ve adopted it to my needs.
First we configure strongswan:
/etc/ipsec.conf
conn yourcompany keyexchange=ikev1 authby=secret type=transport left=%defaultroute leftprotoport=17/1701 right=2.2.2.2 rightprotoport=17/1701 auto=add
/etc/ipsec.secrets
2.2.2.2 : PSK "yourpsk"
Now we configure xl2tpd
/etc/xl2tpd/xl2tpd.conf
[lac vpn-connection] lns = 2.2.2.2 ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 noccp noauth idle 1800 mtu 1410 mru 1410 defaultroute debug lock connect-delay 5000 name yourusername password yourpassword
Here is my bash script
#!/bin/bash if [ $# != 1 ] ; then echo "Usage: (sudo) sh $0 {start|stop}" exit 1; fi VPN_ADDR=2.2.2.2 function getIP(){ /sbin/ifconfig $1 | grep "inet "| awk '{print $2}' } function getGateWay(){ /sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $2}' } function getVPNGateWay(){ /sbin/route -n | grep -m 1 "$VPN_ADDR" | awk '{print $2}' } function saveInterface() { echo $(/sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $8}') > /tmp/interface.txt } function getInterface(){ cat /tmp/interface.txt } GW_ADDR=$(getGateWay) function start(){ saveInterface ipsec up youconnectioname sleep 2 #delay to ensure that IPsec is started before overlaying L2TP systemctl start xl2tpd sleep 2 /bin/echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control sleep 2 #delay again to make that the PPP connection is up. route add $VPN_ADDR gw $GW_ADDR $(getInterface) route add default gw $(getIP ppp0) route delete default gw $GW_ADDR } function stop(){ ipsec down yourconnectioname /bin/echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control systemctl stop xl2tpd VPN_GW=$(getVPNGateWay) route delete $VPN_ADDR gw $VPN_GW $(getInterface) route add default gw $VPN_GW } $1 exit 0