Skip to content
DocumentationSetupVPN

Configure Linux

Configure your Linux system to use WonderProxy's VPN

Linux VPN Configuration

The networking components for Linux vary widely by Linux distribution and system hardware. We include instructions for Debian-based desktops and servers here. If you have trouble configuring WonderProxy VPNs on your non-Debian system, drop us a line!

Desktop (NetworkManager) Configuration

If your system uses NetworkManager to configure your internet connection, these instructions will help you set up a WonderProxy VPN.

  1. Debian and Ubuntu do not include IPSec VPN functionality in their distributions by default, so you will need the NetworkManager plugin available on Launchpad for Ubuntu 14.04 (Trusty) and 16.04 (Xenial).

    On 14.04:
    sudo apt-add-repository ppa:seriy-pr/network-manager-l2tp
    sudo apt-get update
    sudo apt-get install network-manager-l2tp-gnome
    On 16.04:
    sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
    sudo apt-get update
    sudo apt-get install network-manager-l2tp-gnome
  2. The previous step will install and start the xl2tpd daemon. NetworkManager will handle that itself, so stop the daemon from running on system startup:

    sudo service xl2tpd stop
    sudo update-rc.d xl2tpd disable
  3. From the NetworkManager applet, navigate to the VPN Connections menu and choose Configure VPN...

    NetworkManager menu
  4. In the Network Connections window that opens, click the Add button

    Network Connections window
  5. In the Choose a Connection Type window, select the Layer 2 Tunneling Protocol option and click the Create button

    Choose connection type
  6. Configure the VPN connection as follows:

    • Enter any name that makes sense to you in the Connection name field
    • In the Gateway field, enter the VPN server you will use (for example, london.wonderproxy.com for our London server)
    • Enter your WonderProxy username and password in the User name and Password fields
    Configure VPN
  7. Click the IPSec settings... button

    • Check the box for Enable IPSec tunnel to L2TP host
    • Leave Group Name as is (it may be pre-populated with GroupVPN, or empty)
    • Enter (you must be logged in as a proxy user to view the shared secret) in the Pre-shared key field
    • Click OK to continue
    Configure IPSec
  8. Click the PPP Settings... button

    • In the Authentication list box, make sure that only PAP is selected
    • Click OK to continue
    Configure PPP
  9. Click Save... to save the connection
  10. Restart IPSec to load your changes:

    On 14.04:

    sudo service ipsec restart

    On 16.04:

    sudo ipsec restart
  11. Restart NetworkManager to load your changes. Note that restarting will temporarily disconnect your internet connection:

    sudo service NetworkManager restart

You may now connect to your new VPN through the NetworkManager menu.

Server (Manual) Configuration

These instructions mirror the setup we have on our servers. The file locations below are correct for Debian (and variants like Ubuntu), but should be similar for other distributions.

  1. First you'll need to install OpenSwan, xl2tpd, and ppp:
    apt-get install openswan xl2tpd ppp
  2. Next add the line below to /etc/ipsec.secrets
    : PSK "(you must be logged in as a proxy user to view the shared secret)"
  3. If you're only connecting to our VPNs then you can take our ipsec.conf. Otherwise you may copy the appropriate connection definition from ours; the connections are all the same except for the hostname.
  4. Now restart openswan so it finds the new connection definitions:

    /etc/init.d/ipsec restart
  5. At this point you should be able to establish an IPsec connection to one of our machines:

    ipsec auto --up london
    104 "london" #1: STATE_MAIN_I1: initiate
    003 "london" #1: ignoring unknown Vendor ID payload [4f45557d6068416e77737478]
    003 "london" #1: received Vendor ID payload [Dead Peer Detection]
    003 "london" #1: received Vendor ID payload [RFC 3947] method set to=109
    106 "london" #1: STATE_MAIN_I2: sent MI2, expecting MR2
    003 "london" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
    108 "london" #1: STATE_MAIN_I3: sent MI3, expecting MR3
    003 "london" #1: received Vendor ID payload [CAN-IKEv2]
    004 "london" #1: STATE_MAIN_I4: ISAKMP SA established ...
    117 "london" #2: STATE_QUICK_I1: initiate
    004 "london" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode...
    

    For additional information, you can use IPSec's diagnostic tool: ipsec verify. Note that you may safely ignore any failure messages about send_redirects or accept_redirects.

  6. The next step is to tell xl2tpd about your connections. Again you can grab our xl2tpd.conf or copy certain sections of it. If you use our file, make sure you change the name = stats line to name = your-wonderproxy-username. Then restart xl2tpd:

    /etc/init.d/xl2tpd restart
  7. Next we need to provide ppp with the password used to authenticate your user. The /etc/ppp/pap-secrets file contains the information defined as follow:

    username hostname "password"

    If you're only connecting to our machines you may replace hostname with *:

    username * "password"
  8. Next grab the ppp options file here and place it in /etc/ppp. The filename should match the filename specified in xl2tpd.conf. For example, if you setting up a connection to our London server, the filename should be options.l2tpd.client.london.

    Assuming you've left your IPsec connection active from above you should now be able to activate your l2tp/ppp connection by running:

    echo "c connection" > /var/run/xl2tpd/l2tp-control

    where connection is the name of the connection in xl2tpd.conf. If you are using our xl2tpd.conf, connection will be the name of the server. For example, to activate a connection to london.wonderproxy.com, you would replace connection with London:

    echo "c London" > /var/run/xl2tpd/l2tp-control

    After a few seconds a ppp# interface should appear in ifconfig (likely ppp0) and you should be able to ping 10.42.96.1. Congratulations, you're connected!

  9. The last step is to route your traffic over the tunnel. To show your current routing table you can run:

    ip route

    The first route you need to add is one to our proxy server via your current default interface otherwise your connection will disconnect.

    ip route add <VPN IP> via <gateway> # the gateway will be present in your routing table above

    Next delete your current default route:

    ip route del default

    And add the new one:

    ip route add default via 10.42.96.1

    Now all your traffic is flowing through the tunnel.

  10. To shut down the connection run:

    echo "d hostname" > /var/run/xl2tpd/l2tp-control

    Add your old default route:

    ip route add default via <gateway>

    Shut down the IPsec connection:

    ipsec auto --down london