OpenWRT L2TP/IPsec server

I would like to setup a VPN server for my home NAS. I would like to connect to it from my MacBook and my Android phone out-of-box. I have decided to use L2TP with IPsec. I had an old, unused Fonera 2.0.

The Fonera connects to my local network via its WAN port. The DHCP server on my router is providing addresses between and

OpenWRT on Fonera
I had some issues, when I tried to reach RedBoot via telnet. Terminal on Mac OS X couldn't send Ctrl+C to RedBoot to login into the boot menu. I found a very good solution:

  1. Download this: break
  2. Set manually on the Ethernet interface
  3. Open a terminal, and start to ping
  4. In an other terminal, when ping was successful, execute the following command:
        nc -vv 9000 > break
  5. Finally you could access RedBoot via telnet:
        telnet 9000
If you could access the RedBoot prompt, you have to flashing OpenWRT to the Fonera: OpenWRT on a Fonera 2.0

First steps

First of all, I created a new root password, and enabled SSH. Next I disabled the WLAN device, and the LAN port of the device.

Required packages

You should install the following packages with opkg:

  • openswan
  • ipsec-tools
  • xl2tpd
  • iptables-mod-ipsec
  • kmod-ipsec4
  • kmod-ipsec6
  • kmod-ipt-ipsec
  • kmod-crypto-aes

Configuring kernel modules loading

Create the following file:


Configuring openswan

Adding the following connection section to the bottom of the /etc/ipsec.conf file:

And edit the virtual_private line in the config setup section above:

Finally, you should create a Shared Secret Passphrase for IPsec. Cretae the /etc/ipsec.secrets file:

OK, now IPsec configuration is done, you only have to enable ipsec service at boot time: /etc/init.d/ipsec enable

Configuring xl2tpd

You should configure the xl2tpd L2TP daemon. Please edit the /etc/xl2tpd/xl2tpd.conf file:

Next, you should set up the PPPD options for xl2tpd. Edit the /etc/ppp/options.xl2tpd file:

Finally, you should setup the user/password pairs for each users. You could do that in /etc/ppp/chap-secrets file:

OK, now L2TP configuration is done, yo only have to enable xl2tpd service at boot time: /etc/init.d/xl2tpd enable

Firewall configuration

The essential configuration you could to do in the /etc/config/firewall file:

Although, you should adding some additional rules manually in the /etc/firewall.user file:


Unfortunately, I had some stability issues with xl2tpd and openswan. I solved this, by restarting of the daemons. First of all, I restarted them after boot (after everything initiated). To do this I added the following to the /etc/rc.local file:

Next, I restarted them after each disconnection. To do this I created a new file at /etc/ppp/ip-down.d/99-l2tp-restart:

Router configuration

You should open the following port on your router:

  • 500
  • 4500
  • 1701


It works great with Mac OS X (Lion) and Android (HTC Wildfire).



Unknown said...

Thanks for sharing an informative blog keep rocking bring more details
mobile application development training online
mobile app development course
mobile application development training
mobile app development course online
mobile application development course
online mobile application development
learn mobile application development

it has said...

Great Article android based projects

Java Training in Chennai Project Center in Chennai Java Training in Chennai projects for cse The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training Project Centers in Chennai

Post a Comment

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Top WordPress Themes