Enabling L2TP over IPSec on Ubuntu 16.04

Ubuntu has stopped shipping L2TP over IPSec support for Ubuntu since Precise. A workaround for this exists using network-manager-l2tp.

Using PPA - Update (29 Mar 2017)

network-manager-l2tp now exists in a PPA. You can install it using

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp  
sudo apt-get update  
sudo apt-get install network-manager-l2tp  

Build from Source / Without using PPA

First you must install the prerequisites:

sudo apt install \  
intltool \  
libtool \  
network-manager-dev \  
libnm-util-dev \  
libnm-glib-dev \  
libnm-glib-vpn-dev \  
libnm-gtk-dev \  
libnm-dev \  
libnma-dev \  
ppp-dev \  
libdbus-glib-1-dev \  
libsecret-1-dev \  
libgtk-3-dev \  
libglib2.0-dev \  
xl2tpd \  
strongswan  

Then build the network manager again:

git clone https://github.com/nm-l2tp/network-manager-l2tp.git  
cd network-manager-l2tp  
autoreconf -fi  
intltoolize  

Make sure no errors have occurred.

Configure the build:

./configure \
  --disable-static --prefix=/usr \
  --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu \
  --libexecdir=/usr/lib/NetworkManager \
  --localstatedir=/var \
  --with-pppd-plugin-dir=/usr/lib/pppd/2.4.7

Make sure no errors occurred.

Then make it:

make  
sudo make install  

Remove AppArmor settings for IPSec:

sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon  
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke  

Replace x2ltpd with libpcap:

sudo apt remove xl2tpd  
sudo apt install libpcap0.8-dev

wget https://github.com/xelerance/xl2tpd/archive/v1.3.6/xl2tpd-1.3.6.tar.gz  
tar xvzf xl2tpd-1.3.6.tar.gz  
cd xl2tpd-1.3.6  
make  
sudo make install  

Now restart your machine.

Network Manager should now have an option to use a L2TP VPN connection.

Zaid Daba'een

Read more posts by this author.