# L2TP/IPSEC Client



## winsth77 (Sep 10, 2013)

Hi,

I need to connect to my company network from my FreeBSD server. My "problem" is that I (my server) need to access/read a specific file on the company network every ten minutes. I have all the information needed for the connection via L2TP/IPsec. I have tried the connection from a Windows PC and from a Mac. All good - I can access the file without problem thru through these manual connections.

I'm now trying to access the file from my FreeBSD 8.1 server. Most topics online on this subject concern how to set up a VPN server, not use it as a client. I'd be glad if anyone could point me in a good direction to start. I've been starting off a little bit with mpd5, but I'd like to know if that's the right way to go before I spend any more time trying to connect.

Thanks in advance!

[size=-1]Brgds,[/size]
Magnus


----------



## SirDice (Sep 10, 2013)

winsth77 said:
			
		

> I'm now trying to access the file from my FreeBSD 8.1 server.


Please upgrade to 8.4, FreeBSD 8.1 has been EoL since July 2012.

[thread=40469]Topics about unsupported FreeBSD versions[/thread]


----------



## gkontos (Sep 10, 2013)

Its a pain to configure, basically you need to recompile your kernel with:


```
options         IPSEC
options         IPSEC_NAT_T
device          crypto
```

Install security/ipsec-tools and net/mpd5.

Sample setkey.conf


```
flush;
spdflush;
spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in  ipsec esp/transport//require;
spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;
```

Sample mpd.conf


```
startup:
      # Set web self 127.0.0.1 5008
      # Set user vpntest vpntest admin
      # Set web open

default:
      load my_L2TP

my_L2TP:
      create bundle static L2TP
      set bundle disable compression
      set bundle disable round-robin
      set bundle disable encryption
      set bundle disable crypt-reqd
      set bundle disable bw-manage
      set bundle disable ipv6cp
      set bundle enable ipcp
      set ipcp no vjcomp
      set iface mtu 1460
      set iface idle 0
      set iface enable tcpmssfix
      set iface route 10.49.0.0/24
      create link static L2 l2tp
      set link action bundle L2TP
      set link latency 0
      set link max-redial 1
      set link disable incoming acfcomp protocomp magicnum check-magic shortseq
      set link deny chap-msv2 chap-msv1 eap acfcomp protocomp shortseq
      set link accept pap
      set link keep-alive 10 75
      set l2tp peer 192.168.10.1
      set auth authname "user"
      set auth password "password"
      open
```

Sample rc.conf


```
ipsec_enable="YES"
ipsec_program="/usr/local/sbin/setkey"
ipsec_file="/usr/local/etc/racoon/setkey.conf"
mpd_enable="YES"
```


----------



## KuiWang (Dec 12, 2013)

Have you done it well? Make freebsd work as L2tp client, I faced the same problem with U. I spent lots of time on it, but it can't work well.

Have you been able to fix it? I faced the same problem as you when trying to make FreeBSD work as an L2TP client. I spent lots of time on it, but couldn't make it work well.


----------



## bbzz (Dec 20, 2013)

Have you tried setting up OpenVPN?

Much easier, just as secure.


----------

