Install ipsec and l2tp protocol tools

1.Sudo yum install libreswan xl2tpd 

Configuration file

 1.# /etc/ipsec.d/work.conf 

 3.Config setup 
 4.Keep-alive=300 

 6.Conn Work 
 7.Authby=secret 
 8.Pfs=yes 
 9.Auto=add 
10.Keyingtries=%forever 
11.Dpddelay=30 
12.Dpdtimeout=120 
13.Dpdaction=restart 
14.Rekey=yes 
15.Rekeymargin=1h 
16.Ikelifetime=8h 
17.Keylife=1h 
18.Type=transport 
19.Left=%defaultroute 
20.Leftprotoport=udp/l2tp 
21.Right=civnet.vicp.net 
22.Rightprotoport=udp/l2tp 
23.ike=aes_ctr, aes_cbc, camellia_cbc, serpent_cbc, twofish_cbc, 3des, 3DES-SHA1; MODP1024 
24.Phase2alg=aes-HMAC_SHA1,3DES-HMAC_SHA1 
25.Sha2-truncbug=yes 

 1.# cat /etc/ipsec.d/Work.secrets 

 3.% any civnet.vicp.net : PSK "civvpn.vicp.net" 

1.# cat /etc/xl2tpd/xl2tpd.conf 

3.[lac Work] 
4.Lns = civnet.vicp.net 
5.Ppp debug = yes 
6.Pppoptfile=/etc/ppp/options.ppp 
7.Length bit = yes 
8.Redial = yes 

  1.# cat /etc/ppp/options.ppp 

  3.Ipcp-accept-local 
  4.Ipcp-accept-remote 
  5.Refuse-eap 
  6.Require-mschap-v2 
  7.Noccp 
  8.Noauth 
  9.Idle 86400 
  10.Mtu 1400 
  11.Mru 1400 
  12.Nodefaultroute 
  13.Debug 
  14.Connect-delay 5000 
  15.Name gitlabserver 
  16.Password gitlabserver 

View log

  1.Sudo tail -f /var/log/messages | grep -v "journal" 

Start the ipsec service

  1.Sudo systemctl start ipsec 

Log output

1.Sep 7 20:05:55 gitlabserver systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... 
2.Sep 7 20:05:55 gitlabserver whack: 002 shutting down 
3.Sep 7 20:05:55 gitlabserver systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... 
4.Sep 7 20:05:55 gitlabserver ipsec: nflog ipsec capture disabled 
5.Sep 7 20:05:55 gitlabserver systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. 

Start the xl2tpd service

  1.Sudo systemctl start xl2tpd 

Log output
 
  1.Sep 7 20:08:38 gitlabserver pppd[8312]: Sent 714675 bytes, received 3429972 bytes. 
  2.Sep 7 20:08:38 gitlabserver pppd[8312]: Overriding mtu 1500 to 1400 
  3.Sep 7 20:08:38 gitlabserver pppd[8312]: Overriding mru 1500 to mtu value 1400 
  4.Sep 7 20:08:38 gitlabserver pppd[8312]: Terminating on signal 15 
  5.Sep 7 20:08:38 gitlabserver NetworkManager[898]: <info> [1536322118.7692] device (ppp0): state change: disconnected -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external') 
  6.Sep 7 20:08:44 gitlabserver pppd[8312]: Connection terminated. 
  7.Sep 7 20:08:44 gitlabserver avahi-daemon[830]: Withdrawing workstation service for ppp0. 
  8.Sep 7 20:08:44 gitlabserver pppd[8312]: Modem hangup 
  9.Sep 7 20:08:44 gitlabserver pppd[8312]: Exit. 
  10.Sep 7 20:08:44 gitlabserver systemd: Unit xl2tpd.service entered failed state. 
  11.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Not looking for kernel SAref support. 
  12.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Using l2tp kernel support. 
  13.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: xl2tpd version xl2tpd-1.3.8 started on gitlabserver.localdomain PID:31374 
  14.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. 
  15.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Forked by Scott Balmos and David Stipp, (C) 2001 
  16.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Inherited by Jeff McAdams, (C) 2002 
  17.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 
  18.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Listening on IP address 0.0.0.0, p

Create a connection

1.Sudo ipsec auto --up work 
2.Sudo xl2tpd-control connect work 

Log output
 
  
 1Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Connecting to host civnet.vicp.net, port 1701 
 2.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Connection established to 171.113.154.63, 1701. Local: 45773, Remote: 36724 (ref=0/0). 
 3.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Calling on tunnel 45773 
 4.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Call established with 171.113.154.63, Local: 31692, Remote: 20120, Serial: 1 (ref=0/0) 
 5.Sep 7 20:12:24 gitlabserver pppd[31767]: Plugin pppol2tp.so loaded. 
 6.Sep 7 20:12:24 gitlabserver pppd[31767]: pppd 2.4.5 started by root, uid 0 
 7.Sep 7 20:12:24 gitlabserver NetworkManager[898]: <info> [1536322344.5696] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/470) 
 8.Sep 7 20:12:24 gitlabserver pppd[31767]: Using interface ppp0 
 9.Sep 7 20:12:24 gitlabserver pppd[31767]: Connect: ppp0 <--> 
 10.Sep 7 20:12:24 gitlabserver pppd[31767]: Overriding mtu 1500 to 1400 
 11.Sep 7 20:12:24 gitlabserver pppd[31767]: Overriding mru 1500 to mtu value 1400 
 12.Sep 7 20:12:27 gitlabserver pppd[31767]: CHAP authentication succeeded: Access granted 
 13.Sep 7 20:12:27 gitlabserver pppd[31767]: CHAP authentication succeeded 
 14.Sep 7 20:12:27 gitlabserver pppd[31767]: local IP address 10.1.0.2 
 15.Sep 7 20:12:27 gitlabserver pppd[31767]: remote IP address 10.1.0.1 
 16.Sep 7 20:12:27 gitlabserver NetworkManager[898]: <info> [1536322347.5741] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external') 
 17.Sep 7 20:12:27 gitlabserver NetworkManager[898]: <info> [1536322347.5746] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external') 

Check the route. After the connection is successful, a ppp0 network interface will be added to the system route.

 
  1.[[email protected] ~]$ route -n 
  2.Kernel IP routing table 
  3.Destination Gateway Genmask Flags Metric Ref Use Iface 
  4.0.0.0.0 192.168.12.252 0.0.0.0 UG 100 0 0 enp2s0 
  5.10.1.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 
  6.172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 
  7.192.168.12.0 0.0.0.0 255.255.255.0 U 100 0 0 enp2s0 
  8.192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0