
https://computingforgeeks.com/build-ipsec-vpn-server-with-ipsec-l2tp-and-cisco-ipsec-linux/
https://github.com/hwdsl2/setup-ipsec-vpn



Setup IPsec VPN server on Ubuntu 18.04 / Ubuntu 16.04 / Debian

You should have updated your system packages before running the deployment script. 
This is a fully automated IPsec VPN server setup, no user input needed.

########}l

wget https://git.io/vpnsetup -O vpnsetup.sh 

sudo sh vpnsetup.sh


###U@B###U@B###U@B#####


Your VPN login details will be randomly generated and displayed on the screen when finished. 
If you would like to define your own VPN credentials, 
edit vpnsetup.sh before execution.


sudo vim vpnsetup.sh

Set your values inside single quotes

YOUR_IPSEC_PSK=''
YOUR_USERNAME=''
YOUR_PASSWORD=''

The run vpnsetup.sh

sudo sh vpnsetup.sh

Sample output:

************************** WARNING ***********************************
The ipsec service is currently disabled. To enable this service issue:
 systemctl enable ipsec.service
**********************************************************************
../../OBJ.linux.x86_64/testing/enumcheck/enumcheck -> /usr/local/libexec/ipsec/enumcheck

## Creating VPN configuration..
## Updating sysctl settings..
## Updating IPTables rules...
## Enabling services on boot...
## Starting services...
================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 159.88.127.33
IPsec PSK: EvA6M5wDZw4kbgL8
Username: vpnuser
Password: TNotmZ7EmGyRa2CY

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients

================================================


###U@B###U@B###U@B#####

Enable ipsec service to start on boot

sudo systemctl enable ipsec

This deployment Includes sysctl.conf optimizations for improved performance.

# Added by hwdsl2 VPN script
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0

net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912

All VPN traffic is encapsulated in UDP V does not need ESP protocol.

###U@B###U@B###U@B#####


Manage VPN Users

By default, a single user account for VPN login is created. 
If you wish to add, edit or remove users, 
read IPSec VPN User management.

The IPsec PSK (pre-shared key) is stored in./etc/ipsec.secrets 
All VPN users share the same IPsec PSK. 
You can set a new one by changing the line:

%any %any : PSK "your_new_ipsec_pre_shared_key"
For IPsec/L2TP, VPN users are specified in /etc/ppp/chap-secrets. The format of this file is:

"your_vpn_username_1" l2tpd "your_vpn_password_1" *
"your_vpn_username_2" l2tpd "your_vpn_password_2" *


For IPsec/XAuth ("Cisco IPsec"), 
VPN users are specified in /etc/ipsec.d/passwd. 
The format of this file is:

your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
... ...


Passwords in this file are salted and hashed. This step can be done using e.g. the openssl utility:

# The output will be your_vpn_password_1_hashed

####n########n########n####
Ncisco ipsec [K

openssl passwd -1 'your_vpn_password_1'


####n########n########n####
Finally, restart services if you changed to a new PSK. 

sudo service ipsec restart || sudo systemctl restart ipsec
sudo service xl2tpd restart || sudo systemctl restart xl2tpd


For add, edit or remove VPN users, 
a restart is normally not required.

sudo service ipsec restart || sudo systemctl restart ipsec
sudo service xl2tpd restart || sudo systemctl restart xl2tpd


###U@B###U@B###U@B#####


Connecting your Computer to the VPN
The final step is to connect your computer or device to use the VPN. Refer to the following guides for this.

Configure IPsec/L2TP VPN Clients

Configure IPsec/XAuth (Cisco IPsec) VPN Clients

How-To: IKEv2 VPN for Windows 7 and above

If you get an error when trying to connect, see Troubleshooting.

You have installed your very own IPSec VPN server with L2TP and Cisco IPsec on Ubuntu / CentOS / Debian. Enjoy using it.

###U@B###U@B###U@B#####

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 1.160.17.66
IPsec PSK: kbtvpn57
Username: hckao
Password: kbt236

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients

================================================
















w˹L{





hckao@h96:~$ sudo sh vpnsetup.sh
[sudo] password for hckao:

## VPN setup in progress... Please be patient.


## Populating apt-get cache...

Hit:2 http://ports.ubuntu.com bionic InRelease
Get:3 http://ports.ubuntu.com bionic-security InRelease [88.7 kB]
Hit:4 http://ports.ubuntu.com bionic-updates InRelease
Hit:5 http://ports.ubuntu.com bionic-backports InRelease
Hit:1 https://apt.armbian.com bionic InRelease
Get:6 http://ports.ubuntu.com bionic-security/main armhf Packages [291 kB]
Get:7 http://ports.ubuntu.com bionic-security/main arm64 Packages [312 kB]
Get:8 http://ports.ubuntu.com bionic-security/universe armhf Packages [459 kB]
Get:9 http://ports.ubuntu.com bionic-security/universe arm64 Packages [507 kB]
Fetched 1658 kB in 4s (415 kB/s)
Reading package lists...

## Installing packages required for setup...

Reading package lists...
Building dependency tree...
Reading state information...
grep is already the newest version (3.1-2).
iproute2 is already the newest version (4.15.0-2ubuntu1).
iptables is already the newest version (1.6.1-2ubuntu2).
net-tools is already the newest version (1.60+git20161116.90da8a0-1ubuntu1).
sed is already the newest version (4.4-2).
dnsutils is already the newest version (1:9.11.3+dfsg-1ubuntu1.8).
wget is already the newest version (1.19.4-1ubuntu2.2).
openssl is already the newest version (1.1.1-1ubuntu2.1~18.04.3).
Suggested packages:
  gawk-doc
The following NEW packages will be installed:
  gawk
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 353 kB of archives.
After this operation, 1520 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com bionic/main arm64 gawk arm64 1:4.1.4+dfsg-1build1 [353 kB]
Fetched 353 kB in 2s (188 kB/s)
Selecting previously unselected package gawk.
(Reading database ... 46565 files and directories currently installed.)
Preparing to unpack .../gawk_1%3a4.1.4+dfsg-1build1_arm64.deb ...
Unpacking gawk (1:4.1.4+dfsg-1build1) ...
Setting up gawk (1:4.1.4+dfsg-1build1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

## Trying to auto discover IP of this server...

In case the script hangs here for more than a few minutes,
press Ctrl-C to abort. Then edit it and manually enter IP.

## Installing packages required for the VPN...

Reading package lists...
Building dependency tree...
Reading state information...
bison is already the newest version (2:3.0.4.dfsg-1build1).
flex is already the newest version (2.6.4-6).
make is already the newest version (4.1-9.1ubuntu1).
make set to manually installed.
gcc is already the newest version (4:7.4.0-1ubuntu2.3).
gcc set to manually installed.
ppp is already the newest version (2.4.7-2+2ubuntu1.1).
The following additional packages will be installed:
  libcurl3-nss libevent-2.1-6 libevent-core-2.1-6 libevent-extra-2.1-6 libevent-openssl-2.1-6
  libevent-pthreads-2.1-6 libnspr4 libnss3 libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5
  libsepol1-dev
Suggested packages:
  libcurl4-doc libidn11-dev libkrb5-dev libldap2-dev librtmp-dev libssh2-1-dev zlib1g-dev
The following NEW packages will be installed:
  libcap-ng-dev libcap-ng-utils libcurl3-nss libcurl4-nss-dev libevent-2.1-6 libevent-core-2.1-6
  libevent-dev libevent-extra-2.1-6 libevent-openssl-2.1-6 libevent-pthreads-2.1-6 libnspr4
  libnspr4-dev libnss3 libnss3-dev libnss3-tools libpam0g-dev libpcre16-3 libpcre3-dev
  libpcre32-3 libpcrecpp0v5 libselinux1-dev libsepol1-dev pkg-config xl2tpd
0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.
Need to get 4550 kB of archives.
After this operation, 20.6 MB of additional disk space will be used.
Get:1 http://ports.ubuntu.com bionic/main arm64 libcap-ng-dev arm64 0.7.7-3.1 [21.1 kB]
Get:2 http://ports.ubuntu.com bionic/universe arm64 libcap-ng-utils arm64 0.7.7-3.1 [14.3 kB]
Get:3 http://ports.ubuntu.com bionic/main arm64 libnspr4 arm64 2:4.18-1ubuntu1 [93.3 kB]
Get:4 http://ports.ubuntu.com bionic-security/main arm64 libnss3 arm64 2:3.35-2ubuntu2.2 [960 kB]
Get:5 http://ports.ubuntu.com bionic-security/main arm64 libcurl3-nss arm64 7.58.0-2ubuntu3.7 [185 kB]
Get:6 http://ports.ubuntu.com bionic-security/main arm64 libcurl4-nss-dev arm64 7.58.0-2ubuntu3.7 [274 kB]
Get:7 http://ports.ubuntu.com bionic/main arm64 libevent-2.1-6 arm64 2.1.8-stable-4build1 [109 kB]
Get:8 http://ports.ubuntu.com bionic/main arm64 libevent-core-2.1-6 arm64 2.1.8-stable-4build1 [70.7 kB]
Get:9 http://ports.ubuntu.com bionic/main arm64 libevent-extra-2.1-6 arm64 2.1.8-stable-4build1 [45.8 kB]
Get:10 http://ports.ubuntu.com bionic/main arm64 libevent-pthreads-2.1-6 arm64 2.1.8-stable-4build1 [5044 B]
Get:11 http://ports.ubuntu.com bionic/main arm64 libevent-openssl-2.1-6 arm64 2.1.8-stable-4build1 [9976 B]
Get:12 http://ports.ubuntu.com bionic/main arm64 libevent-dev arm64 2.1.8-stable-4build1 [246 kB]
Get:13 http://ports.ubuntu.com bionic/main arm64 libnspr4-dev arm64 2:4.18-1ubuntu1 [196 kB]
Get:14 http://ports.ubuntu.com bionic-security/main arm64 libnss3-dev arm64 2:3.35-2ubuntu2.2 [224 kB]
Get:15 http://ports.ubuntu.com bionic-security/universe arm64 libnss3-tools arm64 2:3.35-2ubuntu2.2 [738 kB]
Get:16 http://ports.ubuntu.com bionic-updates/main arm64 libpam0g-dev arm64 1.1.8-3.6ubuntu2.18.04.1 [107 kB]
Get:17 http://ports.ubuntu.com bionic/main arm64 libpcre16-3 arm64 2:8.39-9 [121 kB]
Get:18 http://ports.ubuntu.com bionic/main arm64 libpcre32-3 arm64 2:8.39-9 [113 kB]
Get:19 http://ports.ubuntu.com bionic/main arm64 libpcrecpp0v5 arm64 2:8.39-9 [15.1 kB]
Get:20 http://ports.ubuntu.com bionic/main arm64 libpcre3-dev arm64 2:8.39-9 [459 kB]
Get:21 http://ports.ubuntu.com bionic/main arm64 libsepol1-dev arm64 2.7-1 [293 kB]
Get:22 http://ports.ubuntu.com bionic/main arm64 libselinux1-dev arm64 2.7-2build2 [143 kB]
Get:23 http://ports.ubuntu.com bionic/main arm64 pkg-config arm64 0.29.1-0ubuntu2 [42.8 kB]
Get:24 http://ports.ubuntu.com bionic-updates/universe arm64 xl2tpd arm64 1.3.10-1ubuntu1 [62.2 kB]
Fetched 4550 kB in 6s (746 kB/s)
Selecting previously unselected package libcap-ng-dev.
(Reading database ... 46712 files and directories currently installed.)
Preparing to unpack .../00-libcap-ng-dev_0.7.7-3.1_arm64.deb ...
Unpacking libcap-ng-dev (0.7.7-3.1) ...
Selecting previously unselected package libcap-ng-utils.
Preparing to unpack .../01-libcap-ng-utils_0.7.7-3.1_arm64.deb ...
Unpacking libcap-ng-utils (0.7.7-3.1) ...
Selecting previously unselected package libnspr4:arm64.
Preparing to unpack .../02-libnspr4_2%3a4.18-1ubuntu1_arm64.deb ...
Unpacking libnspr4:arm64 (2:4.18-1ubuntu1) ...
Selecting previously unselected package libnss3:arm64.
Preparing to unpack .../03-libnss3_2%3a3.35-2ubuntu2.2_arm64.deb ...
Unpacking libnss3:arm64 (2:3.35-2ubuntu2.2) ...
Selecting previously unselected package libcurl3-nss:arm64.
Preparing to unpack .../04-libcurl3-nss_7.58.0-2ubuntu3.7_arm64.deb ...
Unpacking libcurl3-nss:arm64 (7.58.0-2ubuntu3.7) ...
Selecting previously unselected package libcurl4-nss-dev:arm64.
Preparing to unpack .../05-libcurl4-nss-dev_7.58.0-2ubuntu3.7_arm64.deb ...
Unpacking libcurl4-nss-dev:arm64 (7.58.0-2ubuntu3.7) ...
Selecting previously unselected package libevent-2.1-6:arm64.
Preparing to unpack .../06-libevent-2.1-6_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-2.1-6:arm64 (2.1.8-stable-4build1) ...
Selecting previously unselected package libevent-core-2.1-6:arm64.
Preparing to unpack .../07-libevent-core-2.1-6_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-core-2.1-6:arm64 (2.1.8-stable-4build1) ...
Selecting previously unselected package libevent-extra-2.1-6:arm64.
Preparing to unpack .../08-libevent-extra-2.1-6_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-extra-2.1-6:arm64 (2.1.8-stable-4build1) ...
Selecting previously unselected package libevent-pthreads-2.1-6:arm64.
Preparing to unpack .../09-libevent-pthreads-2.1-6_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-pthreads-2.1-6:arm64 (2.1.8-stable-4build1) ...
Selecting previously unselected package libevent-openssl-2.1-6:arm64.
Preparing to unpack .../10-libevent-openssl-2.1-6_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-openssl-2.1-6:arm64 (2.1.8-stable-4build1) ...
Selecting previously unselected package libevent-dev.
Preparing to unpack .../11-libevent-dev_2.1.8-stable-4build1_arm64.deb ...
Unpacking libevent-dev (2.1.8-stable-4build1) ...
Selecting previously unselected package libnspr4-dev.
Preparing to unpack .../12-libnspr4-dev_2%3a4.18-1ubuntu1_arm64.deb ...
Unpacking libnspr4-dev (2:4.18-1ubuntu1) ...
Selecting previously unselected package libnss3-dev:arm64.
Preparing to unpack .../13-libnss3-dev_2%3a3.35-2ubuntu2.2_arm64.deb ...
Unpacking libnss3-dev:arm64 (2:3.35-2ubuntu2.2) ...
Selecting previously unselected package libnss3-tools.
Preparing to unpack .../14-libnss3-tools_2%3a3.35-2ubuntu2.2_arm64.deb ...
Unpacking libnss3-tools (2:3.35-2ubuntu2.2) ...
Selecting previously unselected package libpam0g-dev:arm64.
Preparing to unpack .../15-libpam0g-dev_1.1.8-3.6ubuntu2.18.04.1_arm64.deb ...
Unpacking libpam0g-dev:arm64 (1.1.8-3.6ubuntu2.18.04.1) ...
Selecting previously unselected package libpcre16-3:arm64.
Preparing to unpack .../16-libpcre16-3_2%3a8.39-9_arm64.deb ...
Unpacking libpcre16-3:arm64 (2:8.39-9) ...
Selecting previously unselected package libpcre32-3:arm64.
Preparing to unpack .../17-libpcre32-3_2%3a8.39-9_arm64.deb ...
Unpacking libpcre32-3:arm64 (2:8.39-9) ...
Selecting previously unselected package libpcrecpp0v5:arm64.
Preparing to unpack .../18-libpcrecpp0v5_2%3a8.39-9_arm64.deb ...
Unpacking libpcrecpp0v5:arm64 (2:8.39-9) ...
Selecting previously unselected package libpcre3-dev:arm64.
Preparing to unpack .../19-libpcre3-dev_2%3a8.39-9_arm64.deb ...
Unpacking libpcre3-dev:arm64 (2:8.39-9) ...
Selecting previously unselected package libsepol1-dev:arm64.
Preparing to unpack .../20-libsepol1-dev_2.7-1_arm64.deb ...
Unpacking libsepol1-dev:arm64 (2.7-1) ...
Selecting previously unselected package libselinux1-dev:arm64.
Preparing to unpack .../21-libselinux1-dev_2.7-2build2_arm64.deb ...
Unpacking libselinux1-dev:arm64 (2.7-2build2) ...
Selecting previously unselected package pkg-config.
Preparing to unpack .../22-pkg-config_0.29.1-0ubuntu2_arm64.deb ...
Unpacking pkg-config (0.29.1-0ubuntu2) ...
Selecting previously unselected package xl2tpd.
Preparing to unpack .../23-xl2tpd_1.3.10-1ubuntu1_arm64.deb ...
Unpacking xl2tpd (1.3.10-1ubuntu1) ...
Setting up libsepol1-dev:arm64 (2.7-1) ...
Setting up libpam0g-dev:arm64 (1.1.8-3.6ubuntu2.18.04.1) ...
Setting up libevent-2.1-6:arm64 (2.1.8-stable-4build1) ...
Setting up libevent-core-2.1-6:arm64 (2.1.8-stable-4build1) ...
Setting up libcap-ng-utils (0.7.7-3.1) ...
Setting up libevent-openssl-2.1-6:arm64 (2.1.8-stable-4build1) ...
Setting up libcap-ng-dev (0.7.7-3.1) ...
Setting up libnspr4:arm64 (2:4.18-1ubuntu1) ...
Setting up libnspr4-dev (2:4.18-1ubuntu1) ...
Setting up pkg-config (0.29.1-0ubuntu2) ...
Setting up libevent-pthreads-2.1-6:arm64 (2.1.8-stable-4build1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.23) ...
Setting up xl2tpd (1.3.10-1ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up libpcrecpp0v5:arm64 (2:8.39-9) ...
Setting up libpcre32-3:arm64 (2:8.39-9) ...
Setting up libpcre16-3:arm64 (2:8.39-9) ...
Setting up libevent-extra-2.1-6:arm64 (2.1.8-stable-4build1) ...
Setting up libpcre3-dev:arm64 (2:8.39-9) ...
Setting up libnss3:arm64 (2:3.35-2ubuntu2.2) ...
Setting up libnss3-dev:arm64 (2:3.35-2ubuntu2.2) ...
Setting up libevent-dev (2.1.8-stable-4build1) ...
Setting up libnss3-tools (2:3.35-2ubuntu2.2) ...
Setting up libselinux1-dev:arm64 (2.7-2build2) ...
Setting up libcurl3-nss:arm64 (7.58.0-2ubuntu3.7) ...
Setting up libcurl4-nss-dev:arm64 (7.58.0-2ubuntu3.7) ...
Processing triggers for systemd (237-3ubuntu10.23) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

## Installing Fail2Ban to protect SSH...

Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  mailx monit sqlite3
Recommended packages:
  python whois python3-pyinotify python3-systemd
The following NEW packages will be installed:
  fail2ban
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 329 kB of archives.
After this operation, 1739 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com bionic/universe arm64 fail2ban all 0.10.2-2 [329 kB]
Fetched 329 kB in 2s (180 kB/s)
Selecting previously unselected package fail2ban.
(Reading database ... 47697 files and directories currently installed.)
Preparing to unpack .../fail2ban_0.10.2-2_all.deb ...
Unpacking fail2ban (0.10.2-2) ...
Setting up fail2ban (0.10.2-2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service -> /lib/systemd/system/fail2ban.service.
Processing triggers for systemd (237-3ubuntu10.23) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

## Compiling and installing Libreswan...

2019-06-25 19:45:26 URL:https://codeload.github.com/libreswan/libreswan/tar.gz/v3.29 [3848730/3848730] -> "libreswan-3.29.tar.gz" [1]
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  libsystemd-dev
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 184 kB of archives.
After this operation, 738 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com bionic-updates/main arm64 libsystemd-dev arm64 237-3ubuntu10.23 [184 kB]
Fetched 184 kB in 2s (103 kB/s)
Selecting previously unselected package libsystemd-dev:arm64.
(Reading database ... 48122 files and directories currently installed.)
Preparing to unpack .../libsystemd-dev_237-3ubuntu10.23_arm64.deb ...
Unpacking libsystemd-dev:arm64 (237-3ubuntu10.23) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up libsystemd-dev:arm64 (237-3ubuntu10.23) ...
a - x509dn.o
a - asn1.o
a - oid.o
a - constants.o
a - alloc.o
a - diag.o
a - id.o
a - initaddr.o
a - initsaid.o
a - initsubnet.o
a - keyblobtoid.o
a - lex.o
a - lswconf.o
a - lswfips.o
a - rangetosubnet.o
a - sameaddr.o
a - secrets.o
a - subnettot.o
a - subnettypeof.o
a - ttoaddr.o
a - ttodata.o
a - ttoprotoport.o
a - ttosa.o
a - ttosubnet.o
a - ttoul.o
a - secitem_chunk.o
a - base64_pubkey.o
a - lswnss.o
a - lsw_passert_fail.o
a - alg_byname.o
a - certs.o
a - addr_lookup.o
a - log_ip.o
a - af_info.o
a - fd.o
a - kernel_alg.o
a - kernel_sadb.o
a - role.o
a - addrtot.o
a - addrtypeof.o
a - anyaddr.o
a - datatot.o
a - goodmask.o
a - satot.o
a - ultot.o
a - proposals.o
a - v1_proposals.o
a - v2_proposals.o
a - esp_info.o
a - ah_info.o
a - ike_info.o
a - ckaid.o
a - chunk.o
a - shunk.o
a - ip_address.o
a - ip_endpoint.o
a - ip_range.o
a - ip_subnet.o
a - lmod.o
a - lset.o
a - deltatime.o
a - realtime.o
a - monotime.o
a - debug.o
a - impair.o
a - keywords.o
a - dbg.o
a - DBG_dump.o
a - DBG_log.o
a - log_to_log.o
a - libreswan_exit_log_errno.o
a - libreswan_log_errno.o
a - libreswan_pexpect.o
a - libreswan_pexpect_log.o
a - libreswan_bad_case.o
a - rate_log.o
a - libreswan_log.o
a - libreswan_log_rc.o
a - fmtbuf.o
a - lswlog.o
a - lswlog_dbg.o
a - lswlog_nss_error.o
a - lswlog_nss_ckm.o
a - lswlog_nss_ckf.o
a - lswlog_nss_cka.o
a - lswlog_nss_secitem.o
a - lswlog_source_line.o
a - lswlog_sanitized.o
a - lswlog_errno.o
a - lswlog_bytes.o
a - lswlog_enum_lset_short.o
a - lswlog_realtime.o
a - lswlog_monotime.o
a - lswlog_to_file_stream.o
a - lswlog_pexpect.o
a - lswlog_passert.o
a - ike_alg.o
a - ike_alg_test.o
a - ike_alg_encrypt_chacha20_poly1305.o
a - ike_alg_encrypt_nss_aead_ops.o
a - ike_alg_encrypt_nss_cbc_ops.o
a - ike_alg_encrypt_nss_ctr_ops.o
a - ike_alg_encrypt_nss_gcm_ops.o
a - ike_alg_desc.o
a - ike_alg_3des.o
a - ike_alg_aes.o
a - ike_alg_camellia.o
a - ike_alg_dh.o
a - ike_alg_md5.o
a - ike_alg_none.o
a - ike_alg_serpent.o
a - ike_alg_sha1.o
a - ike_alg_sha2.o
a - ike_alg_twofish.o
a - nss_copies.o
a - sanitizestring.o
a - pfkey_sock.o
a - pfkey_error.o
a - pfkey_v2_build.o
a - pfkey_v2_ext_bits.o
a - pfkey_v2_parse.o
a - pfkey_v2_debug.o
a - /opt/src/libreswan-3.29/OBJ.linux.arm/lib/libswan/version.o
a - serpent.o
a - serpent_cbc.o
a - twofish.o
a - twofish_cbc.o
a - whacklib.o
a - aliascomp.o
a - confread.o
a - confwrite.o
a - starterwhack.o
a - starterlog.o
a - parser.tab.o
a - lex.yy.o
a - keywords.o
a - interfaces.o
a - lswlog.o
a - libreswan_exit.o
IN ipsec.secrets.in -> ../../OBJ.linux.arm/programs/configs/ipsec.secrets
IN ipsec.conf.in -> ../../OBJ.linux.arm/programs/configs/ipsec.conf
IN clear.in -> ../../OBJ.linux.arm/programs/configs/clear
IN clear-or-private.in -> ../../OBJ.linux.arm/programs/configs/clear-or-private
IN private-or-clear.in -> ../../OBJ.linux.arm/programs/configs/private-or-clear
IN private.in -> ../../OBJ.linux.arm/programs/configs/private
IN block.in -> ../../OBJ.linux.arm/programs/configs/block
IN portexcludes.conf.in -> ../../OBJ.linux.arm/programs/configs/portexcludes.conf
IN _plutorun.in -> ../../OBJ.linux.arm/programs/_plutorun/_plutorun
IN _stackmanager.in -> ../../OBJ.linux.arm/programs/_stackmanager/_stackmanager
IN _secretcensor.in -> ../../OBJ.linux.arm/programs/_secretcensor/_secretcensor
IN _updown.in -> ../../OBJ.linux.arm/programs/_updown/_updown
IN _unbound-hook.in -> ../../OBJ.linux.arm/programs/_unbound-hook/_unbound-hook
IN auto.in -> ../../OBJ.linux.arm/programs/auto/auto
IN barf.in -> ../../OBJ.linux.arm/programs/barf/barf
IN verify.in -> ../../OBJ.linux.arm/programs/verify/verify
IN show.in -> ../../OBJ.linux.arm/programs/show/show
IN ipsec.in -> ../../OBJ.linux.arm/programs/ipsec/ipsec
IN look.in -> ../../OBJ.linux.arm/programs/look/look
IN newhostkey.in -> ../../OBJ.linux.arm/programs/newhostkey/newhostkey
IN setup.in -> ../../OBJ.linux.arm/programs/setup/setup
IN _updown.netkey.in -> ../../OBJ.linux.arm/programs/_updown.netkey/_updown.netkey
IN ipsec.service.in -> ../../OBJ.linux.arm/initsystems/systemd/ipsec.service
IN libreswan.conf.in -> ../../OBJ.linux.arm/initsystems/systemd/libreswan.conf
../../OBJ.linux.arm/programs/pluto/pluto -> /usr/local/libexec/ipsec/pluto
../../OBJ.linux.arm/programs/whack/whack -> /usr/local/libexec/ipsec/whack
../../OBJ.linux.arm/programs/addconn/addconn -> /usr/local/libexec/ipsec/addconn
../../OBJ.linux.arm/programs/configs/ipsec.conf -> /etc/ipsec.conf
../../OBJ.linux.arm/programs/configs/ipsec.secrets -> /etc/ipsec.secrets
../../OBJ.linux.arm/programs/configs/ipsec.conf -> /usr/local/share/doc/libreswan/ipsec.conf-sample
../../OBJ.linux.arm/programs/configs/ipsec.secrets -> /usr/local/share/doc/libreswan/ipsec.secrets-sample
../../OBJ.linux.arm/programs/configs/clear -> /etc/ipsec.d/policies/clear
../../OBJ.linux.arm/programs/configs/clear-or-private -> /etc/ipsec.d/policies/clear-or-private
../../OBJ.linux.arm/programs/configs/private-or-clear -> /etc/ipsec.d/policies/private-or-clear
../../OBJ.linux.arm/programs/configs/private -> /etc/ipsec.d/policies/private
../../OBJ.linux.arm/programs/configs/block -> /etc/ipsec.d/policies/block
../../OBJ.linux.arm/programs/configs/portexcludes.conf -> /etc/ipsec.d/policies/portexcludes.conf
../../OBJ.linux.arm/programs/_plutorun/_plutorun -> /usr/local/libexec/ipsec/_plutorun
../../OBJ.linux.arm/programs/_stackmanager/_stackmanager -> /usr/local/libexec/ipsec/_stackmanager
../../OBJ.linux.arm/programs/_secretcensor/_secretcensor -> /usr/local/libexec/ipsec/_secretcensor
../../OBJ.linux.arm/programs/_updown/_updown -> /usr/local/libexec/ipsec/_updown
../../OBJ.linux.arm/programs/_unbound-hook/_unbound-hook -> /usr/local/libexec/ipsec/_unbound-hook
../../OBJ.linux.arm/programs/auto/auto -> /usr/local/libexec/ipsec/auto
../../OBJ.linux.arm/programs/barf/barf -> /usr/local/libexec/ipsec/barf
../../OBJ.linux.arm/programs/verify/verify -> /usr/local/libexec/ipsec/verify
../../OBJ.linux.arm/programs/show/show -> /usr/local/libexec/ipsec/show
../../OBJ.linux.arm/programs/ipsec/ipsec -> /usr/local/sbin/ipsec
../../OBJ.linux.arm/programs/look/look -> /usr/local/libexec/ipsec/look
../../OBJ.linux.arm/programs/newhostkey/newhostkey -> /usr/local/libexec/ipsec/newhostkey
../../OBJ.linux.arm/programs/rsasigkey/rsasigkey -> /usr/local/libexec/ipsec/rsasigkey
../../OBJ.linux.arm/programs/setup/setup -> /usr/local/libexec/ipsec/setup
../../OBJ.linux.arm/programs/showhostkey/showhostkey -> /usr/local/libexec/ipsec/showhostkey
../../OBJ.linux.arm/programs/readwriteconf/readwriteconf -> /usr/local/libexec/ipsec/readwriteconf
../../OBJ.linux.arm/programs/_import_crl/_import_crl -> /usr/local/libexec/ipsec/_import_crl
../../OBJ.linux.arm/programs/algparse/algparse -> /usr/local/libexec/ipsec/algparse
../../OBJ.linux.arm/programs/cavp/cavp -> /usr/local/libexec/ipsec/cavp
../../OBJ.linux.arm/programs/_updown.netkey/_updown.netkey -> /usr/local/libexec/ipsec/_updown.netkey
running: systemctl --system daemon-reload
running: systemd-tmpfiles --create /usr/lib/tmpfiles.d/libreswan.conf
DESTDIR=''
************************** WARNING ***********************************
The ipsec service is currently disabled. To enable this service issue:
 systemctl enable ipsec.service
**********************************************************************
../../OBJ.linux.arm/testing/enumcheck/enumcheck -> /usr/local/libexec/ipsec/enumcheck
../../OBJ.linux.arm/testing/ipcheck/ipcheck -> /usr/local/libexec/ipsec/ipcheck
../../OBJ.linux.arm/testing/fmtcheck/fmtcheck -> /usr/local/libexec/ipsec/fmtcheck
../../OBJ.linux.arm/testing/timecheck/timecheck -> /usr/local/libexec/ipsec/timecheck

## Creating VPN configuration...


## Updating sysctl settings...


## Updating IPTables rules...


## Enabling services on boot...


## Starting services...

================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: 36.230.17.62
IPsec PSK: kbtvpn57
Username: hckao
Password: kbt236
Write these down. You'll need them to connect!
Important notes:   https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================
hckao@h96:~$

Iާ@

########################################

Enable ipsec service to start on boot

sudo systemctl enable ipsec

This deployment Includes sysctl.conf optimizations for improved performance.

#####################################

The IPsec PSK (pre-shared key) is stored in.
/etc/ipsec.secrets All VPN users share the same IPsec PSK.
You can set a new one by changing the line:

%any %any : PSK "your_new_ipsec_pre_shared_key"

########################################

For IPsec/L2TP, VPN users are specified in
/etc/ppp/chap-secrets. The format of this file is:

"your_vpn_username_1" l2tpd "your_vpn_password_1" *
"your_vpn_username_2" l2tpd "your_vpn_password_2" *


###########################

For IPsec/XAuth ("Cisco IPsec"),
VPN users are specified in /etc/ipsec.d/passwd.
The format of this file is:

your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
... ...
Passwords in this file are salted and hashed.
This step can be done using e.g. the openssl utility:

# The output will be your_vpn_password_1_hashed

openssl passwd -1 'your_vpn_password_1'

######################################

Finally,
restart services if you changed to a new PSK.

For add, edit or remove VPN users, a restart is normally not required.

sudo service ipsec restart || sudo systemctl restart ipsec
sudo service xl2tpd restart || sudo systemctl restart xl2tpd

##########################


















