Update 24 Jan 2014: I just set up another VPN server, this time using SoftEther. Not only is it much easier to use than Openswan and friends, it also has the ability to create a virtual hub, a simulated group of local IP addresses that can be assigned to VPN clients. This is essential if your server is hidden behind a router. (On the other hand, SoftEther seems to be less mature than Openswan, which might mean it has more vulnerabilities. I am not a security researcher.)
Just for fun, I decided to set up a VPN on an Ubuntu server I have in my house. A VPN will secure otherwise unencrypted Internet traffic when you’re on public Wi-Fi, and it can allow you to bypass internet filters.
I followed Riobard Zhan’s instructions, but there were some changes I made to be compatible with the latest Apple devices and Ubuntu. The changes below were tested with an Ubuntu 12.04 server and iOS 5.1.1 and OS X 10.7.4 clients.
In the file /etc/ipsec.conf, under conn L2TP-PSK-noNAT, you need to enable dead-peer detection (DPD) so that you can connect to the VPN more than once without restarting IPsec and friends:
dpddelay = 15
dpdtimeout = 30
dpdaction = clear
Also, whenever there is something like
echo 1 > /proc/sys/net/ipv4/ip_forward
use this instead:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
because you don’t have permission to write to that file if you’re not logged in as root. Which you should not be doing.
If you are getting this error:
ipsec_setup: ERROR: Module xfrm4_mode_transport is in use
ipsec_setup: ERROR: Module esp4 is in use