L2TP/IPSEC VPN Server installation (Centos6)

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install strongswan xl2tpd

Install xl2tpd (l2tp) & strongswan (ipsec)via epel repo

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

Enable IP forward

vi /etc/sysconfig/iptables

## VPN L2TP/IPSEC (IKE,NAT-T, Force L2TP via IPSEC)
-A INPUT -p udp --dport 500 -j ACCEPT
-A INPUT -p udp --dport 4500 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT

*nat
# NAT postrouting
-A POSTROUTING -o eth0 -j MASQUERADE

/etc/init.d/iptables restart

Allow l2tp/ipsec in Firewall and postrouting

vim /etc/strongswan/ipsec.conf
config setup

conn vpnserver
type=transport
authby=secret
rekey=no
keyingtries=1
left=%any
leftfirewall=yes
right=%any
leftfirewall=yes
auto=add

Setup basic ipsec configuration

vi /etc/strongswan/ipsec.secrets
: PSK "secret"

Setup ipsec secret PSK number

vi /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
access control = no

[lns default]
ip range = 192.168.30.100-192.168.30.150
local ip = 192.168.30.1
require chap = yes
refuse pap = yes
require authentication = yes
name = vpnserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Setup basic xl2tp configuration

vim /etc/ppp/options.xl2tpd

noccp
auth
crtscts
mtu 1410
mru 1410
#nodefaultroute
lock
proxyarp
silent
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Setup xl2tpd in ppp configuration

vim /etc/ppp/chap-secrets
username * password *

Setup l2tp login ID/PW in chap ppp

/etc/init.d/strongswan start
/etc/init.d/xl2tpd start
chkconfig strongswan on
chkconfig xl2tpd on

Startup the services and make autostart

Now try l2tp client from window / IOS (remember setup L2TP & secret in client)