DFT Wiki

Ubuntu 18.04 offers OpenVPN as the only already available VPN method in GNOME graphical interface.

sudo apt-get update
sudo apt-get install network-manager-l2tp
sudo apt-get install network-manager-l2tp-gnome

This will add to your Ubuntu network manager and GNOME all the L2TP features. Now just follow the steps:

1. Go to Settings -> Network -> VPN. Click the [+] button.
2. Select the Layer 2 Tunneling Protocol (L2TP).
3. Enter anything you like in the Name field: Router VPN
   • It can be any name.
4. Enter Your VPN Server Address for the Gateway: yourname.duckdns.org or IP.
   • If you don’t have a static IP is recommended to use a dynamic DNS service, such as DuckDNS [http://duckdns.org/] that is absolutely free forever!
5. Enter Your VPN Username for the User name: username
   • Configure the same user on the server-side.
6. Right-click the [?] in the Password field, select Store the password only for this user.
7. Enter Your VPN Password for the Password: *******
   • Configure the same password on the server-side.
8. Leave the NT Domain field blank.
9. Click the IPsec Settings button.
10. Check the Enable IPsec tunnel to L2TP host checkbox.
11. Leave the Gateway ID field blank.
12. Enter Your VPN IPsec PSK for the Pre-shared key: a2N4uPNl1s3zkiuCEkZrQKhphpoEGlsB
    • Has to be the same configured in the Server, you can use one random generator to define your key [https://cloud.google.com/vpn/docs/how-to/generating-pre-shared-key].
13. Expand the Advanced section.
14. Enter the Phase1 Algorithms: aes128-sha1-modp2048!
15. Enter the Phase2 Algorithms: aes128-sha1-modp2048!
16. Click OK, then click Add to save the VPN connection information.
17. Turn the VPN switch ON.

There are other sugestions for Phase1 and Phase2 Algorithms (steps 14 and 15):

Phase1: aes128-sha1-modp2048,3des-sha1-modp1024
Phase2: aes128-sha1,3des-md5

OR

Phase1: aes128-sha1-modp1024,3des-sha1-modp1024!
Phase2: aes128-sha1,3des-md5

If necessary, see more information about IPSec Negotiations in [https://www.watchguard.com/…/ipsec_vpn_negotiations_c.html].

Your VPN security will be defined by how strong are the User/Password, Pre-Shared Key and Phase1/2 Negotiations defined in your configuration. And of course, you have to find a balance between security and performance.

This tutorial works perfectly for the Quick VPN feature on D-Link devices, such as DIR-882 AC2600 [https://ca.dlink.com/…/dir-882-ac2600], by the way.