how to setup l2tp vpn on Debian 12

Connecting to an L2TP/IPsec VPN server on Debian 12 via terminal is possible using strongSwan and xl2tpd. The setup below provides secure tunneling withoutrequiring any graphical interface.

Step 1: Install VPN packages

Start by installing the required tools to support L2TP and IPsec protocols:

sudo apt update
sudo apt install strongswan xl2tpd -y

This gives your system everything needed to connect to an L2TP VPN.

Step 2: Configure IPsec

Now set up the IPsec connection used for securing the tunnel:

sudo nano /etc/ipsec.conf

Paste and edit this block:

config setup
  charondebug="ike 1, knl 1, cfg 0"

conn l2tp
  keyexchange=ikev1
  authby=secret
  type=transport
  left=%defaultroute
  leftprotoport=17/1701
  right=vpn.example.com
  rightprotoport=17/1701
  auto=start

Step 3: Add your shared secret

Set the IPsec PSK (pre-shared key) that matches your VPN server:

sudo nano /etc/ipsec.secrets

Add this line with your server and key:

%any vpn.example.com : PSK "your_shared_secret"

Step 4: Configure L2TP client

Define how the system will connect to the VPN once IPsec is active:

sudo nano /etc/xl2tpd/xl2tpd.conf

Paste this:

[global]
port = 1701

[ins default]
ip range = 192.168.100.10-192.168.100.20
local ip = 192.168.100.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tp client
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

Step 5: Set PPP options

Specify the authentication and DNS settings for the L2TP session:

sudo nano /etc/ppp/options.l2tpd.client

Use this config and update your credentials:

name vpnuser
password vpn pass
refuse-pap
require-chap
ms-dns 1.1.1.1
mtu 1410
mru 1410
persist
noauth