How to deploy and Configure L2TP & IPSec VPN on EC2 Ubuntu Server


L2TP and IPSec are two different protocol. An IPSec can encrypts your network communication. After using VPN, your internet traffic will be encrypted. This link will teach you more knowledge about L2TP & IPSec. This article will teach you how to deploy and configure L2TP & IPSec on EC2 Ubuntu Server.

Launch EC2

First, Choose Launch an Ubuntu Server, the version should be 16.04.

Lauch Ubuntu for deploy and Configure L2TP & IPSec VPN on EC2

Second, configure Security Group. You should open 3 ports. First one is TCP 22, which is SSH port. You can manage your server via ssh. Second and third one is UPD 500 and 4500, which is VPN’s port. You need to use these port to connect to your VPN and communicate with them.

Configure Security Group for deploy and Configure L2TP & IPSec VPN on EC2

Finally, after your machine is started, please use follow command to make sure your server is up to date.

apt-get update && apt-get dist-upgrade

Deploy VPN Server

First, you need to clone installation script.


Set-up script for deploy and Configure L2TP & IPSec VPN on EC2

Secondly, change the script permission to make sure it has “X” permission. You can use this command to give the permission.

chmod 755 ./

Then, run the command for installation.


Finally, it will give you a username and password for your VPN.

Finish deploy L2TP & IPSec VPN on EC2

Manage User

If you do not want to use this username and password for your L2TP and IPSec, you can change it by changing file content. It is very easy, you just need change a file and save it. Because this script install L2TP and IPSec. They are two different VPN, so it uses different files. Please make sure that you change file is match the protocol.

L2TP User Management

Edit file “/etc/ppp/chap-secrets” to add a user. The format is:

"VPN Username" l2tpd "VPN Password" *

user management for L2TP VPN on EC2

This password is plaintext.

Then, restart L2TP Serveice

service xl2tpd restart

IPSec User management

Due to IPSec’s password is encode, we need get the password first.

openssl passwd -1 "YourPassword"

user management for IPSec VPN on EC2

Then, Edit file /etc/ipsec.d/passwd to add a new user.

The format is:


user management for IPSec VPN on EC2

Finally, restart the service.

service xl2tpd restart

All Done, If you have any question or any error happened, please let me know! You can leave a reply to me.