Configuration of the VPNPTP service with the protocol L2TP+IPsec

Windows 7
To configure a VPN connection with L2TP+IPsec:
1- Open network and center to share in the Control Panel
  • Go to the Windows Menu, then Control Panel
  • Click on Network and Internet
  • Click on Network and Sharing Center
2- Click on Configure a new connection or network
  • Set up a new connection or network
3- Choose Connect with a workplace then Next
  • Connect to a workplace (Set up dial-up or VPN connection)
4- Click on Use my Internet Connection (VPN)
  • Use my Internet connection (VPN)
5- In the Internet address field, see in the UCP
  • Go Home -> Config L2TP+IPsec -> Server Name -> Choose server
6- In the Destination name field, type a descriptive name "VPNPTP Service".
7- Check Do not connect now then click on Continue
8- Enter your Username and password in their respective fields; leave the Domain field blank
9- See Remember this password
10- Click Create and then Close
11- Open VPN Connection Properties
  • On the Network and the Share Center, click on the Change Adapter settings
  • Right-click on your new connection and click Properties
12- Configure for L2TP/IPsec
  • On the security tab, change Type of VPN from Automatic to Protocol Tunneling Layer with IPsec (L2TP/IPsec)
  • The IPSec password is in UCP, Go Home -> Config L2TP+IPsec -> Password IPsec
To connect:
  • In the Windows Taskbar, click on the Network icon
  • Click on your new connection, and then click on the Connect button
  • Enter your Username and Password in the respective fields and click Connect
To disconnect:
  • Click on the Network icon in the taskbar
  • Click on the name of your VPN connection, then, Disconnect
Configuration with images:

Windows 10

1- Go to the configuration menu

2- Go Network & Internet menu

3- Go VPN menu | Add a VPN connection

4- Configure the VPN


- Server name or address: Go to UCP - See step 1 of the following image

- VPN Type: L2TP/IPsec with pre-shared key

- Pre-shared key: Go to UCP - See step 2 of the following image


Mac OS X includes a native VPN client. You can use the MacOSX VPN client to make an L2TP + IPsec VPN connection.

Follow the following steps:

1- On the Apple menu, select System Preferences.
2- Click on the icon Network.
3- Click on the "+" icon in the lower left corner to create a new network interface.
4- In the drop-down list Interface, select VPN.
5- In the drop-down list VPN type , select L2TP by IPSec.
6- In the Service Name text box, enter a name for this VPN connection, for example "US1 VPNPTP".
7- Click on Create.
8- In the Server Address text box, enter the name of the VPNPTP server you want to connect to (example,, see servers in the UCP).
9- In the Account Name text box, enter your VPN username with L2TP.
10- Click Authentication settings.
11- In the Password text box, enter the user's password.
12- VPNPTP is configured to use a pre-shared key as the authentication method of IPSec:
  • Select pre-shared key.
  • In the Shared Secret text box, enter the pre-shared key for this tunnel. The pre-shared key is in the (UCP).
13- Click Apply to save the configuration changes.

Run the L2TP Connection:

The name of the VPN connection is the name of the service that you used when you configured the L2TP connection on your PC.
To start the L2TP connection:

1- On the Apple menu, select System Preferences.
2- Click on the Network icon.
3- Select the VPN connection that you created in the Network dialog box.
4- Click on Connect.


Follow the next steps, the commands must be executed as user "root":

- To configure the VPN client, first install the following packages:

# Ubuntu & Debian
apt-get update
apt-get -y install strongswan xl2tpd
# CentOS & RHEL
yum -y install epel-release
yum --enablerepo=epel -y install strongswan xl2tpd
# Fedora
yum -y install strongswan xl2tpd
Create the following of VPN variables:
VPN_SERVER_IP='The name of the VPN server'
VPN_IPSEC_PSK='IPsec pre shared key'
Configure strongSwan:
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - StrongSwan IPsec configuration file

# Basic configuration

config setup
# strictcrlpolicy=yes
# uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default

conn vpnptp_conn

cat > /etc/ipsec.secrets <<EOF

chmod 600 /etc/ipsec.secrets
# ONLY For customers CentOS/RHEL & Fedora
mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
ln -s /etc/ipsec.secrets /etc/strongswan/ipsec.secrets
Configure xl2tpd:
cat > /etc/xl2tpd/xl2tpd.conf < /etc/ppp/options.l2tpd.client < /var/run/xl2tpd/l2tp-control
Run ifconfig and verify the output. Now you should see a new ppp0 interface.

Check your existing default route:
ip route
Find this line in the output: by default through X.X.X.X .... Enter this IP of the gateway to use it in the two commands below.
Exclude the IP of your VPN server from the new default route (replace with the actual value):
route add YOUR_VPN_SERVER_IP gw X.X.X.X
If your VPN client is a remote server, you must also exclude the public IP from your local PC from the new default route, to prevent your SSH session from disconnecting (replace with the actual value):
Add a new default route to start routing traffic through the VPN server:
route add default dev ppp0
The VPN connection is now complete. Verify that your traffic is being routed correctly:
To stop routing traffic through the VPN server:
route of the default dev ppp0
To disconnect:
# Ubuntu & Debian
echo "d vpnptp_conn" > /var/run/xl2tpd/l2tp-control
    ipsec down vpnptp_conn
# CentOS/RHEL & Fedora
echo "d vpnptp_conn" > /var/run/xl2tpd/l2tp-control
    echo "d vpnptp_conn" > /var/run/xl2tpd/l2tp-control
    strongswan down vpnptp_conn


Go to Adjustments -> More Adjustments -> VPN

Note: In other versions of android, this could be in Settings> Connections> More connection settings or Settings> More ...> Networks and Wireless.

Tap the sign + for Add VPN

Set up the account:

Name: Write for example: "VPNPTP US1"
Type: L2TP/IPSec PSK
Server address: Enter one of the server addresses provided in the UCP. (for example:
L2TP Secret: (Leave blank)
Identifier IPSec: (Leave blank)
Pre-shared key: See UCP
Username: Name_of_user_count
Password: Password_of_the_account

Click on OK when finished!
Connect to the VPN!

VPN for IOS 7, 8 y 9

1- Start the Settings app, touch General, and then touch VPN

2- Click on Add VPN configuration ...

3- Press L2TP and enter the following information:

  • Description: "VPNPTP US1"
  • Server: Enter one of the servers in the LIST , for example:
  • Cuenta: Name_of_user_count
  • ContraseƱa: Password_of_the_account
  • Secreto: See UCP Pre-shared key.


We have to create a new L2TP interface:
/interface l2tp-client add name=VPNPTP_US1 \
user=VPNTP password=1234 use-ipsec=yes ipsec-secret=XXXX disabled=no
  • Name: name the VPN, "VPNPTP_US1"
  • Connect-to: Address of one of the VPNPTP servers, example:
  • User: Name_of_user_count
  • Password: Password_of_the_account
  • Use-IPSec: yes
  • IPSec-Secret: See UCP Pre-shared key.

Now we configure the rules of the firewall and the routing: We assume that our LAN is
/ip firewall nat
/add action=masquerade out-interface=VPNPTP_US1 chain=srcnat
/ip firewall mangle
/add chain=prerouting action=mark-routing new-routing-mark=vpnptp passthrough=no \
src-address= comment=VPNPTP_US1
/ip route
/add dst-address= gateway=VPNPTP_US1 routing-mark=vpnptp