With my beloved, and worn, day to day laptop having to go in for repair, I had to setup a temporary laptop to work on for a few weeks.
At work we use Cisco Meraki devices in many places, including the edge of network for our various offices. Whilst their main use is to form a mesh network around our offices and server infrastructure, we also use them to enable a lightweight Client VPN solution.
The Cisco Meraki Client VPN option provides a L2TP/IPsec based VPN using either its own internal user store, an LDAP Directory, Microsoft Active Directory, or a Radius server to authenticate users.
Cisco Meraki provide great instructions for Windows, Mac and mobile devices, but really old instructions for Linux. Therefore, I am posting this as much to remind me the next time I need to set it up as to help others.
By default, support for L2TP VPNs is not installed for Network Manager, so we need to install them:
Meraki Client VPN Setup Wizard Photo by Nathan Dumlao on Unsplash Deploying client VPN to Windows 10 machines on mass has been difficult and feature lacking. Hello All, I got free Meraki equipment from Meraki while attending a seminar, and I have it configured as my home network. I am starting to play with it and learn more about it, so I tried to setup a VPN connection and it looked easy while following the Meraki instructions.but when I tried to VPN through my phone as a test, It just keeps saying 'connecting' and then 'unsuccessful'.
You've had a look at the instructions on how to setup the Cisco Meraki Client VPN on Windows, but it is just 'too many clicks' or you have to do it on lots of computers and you just need a better way? VPN Client Configuration on Z3. This step will allow you to have your smart device, such as an iPhone to have a VPN client.Z3- Teleworker Gateway- Client VPN - “Enabled”.Z3- Teleworker Gateway- Client VPN - Authentication - “Meraki Cloud Authentication”.Z3- Teleworker Gateway- Client VPN - User Management- Add new user- and “Create a username and password”.
Network Manager spawns and manages its own instance of xl2tpd so if there is a system instance still running it will not be able to use UDP port 1701, and will instead use an ephemeral port (i.e. random high port).
To stop this from happening, we need to stop the deamon and disabling it from starting again:
Now you are ready to add your VPN connection. Having taken the steps above, we’ve Gnome Network Manager settings panel now includes the option to add L2TP VPN connections:
The main settings we need to customise to work with Cisco Meraki Client VPN are on the Identity tab.
We can give our VPN a name, set the VPN gateway, and add our user credentials (with optional NT Domain depending whether Active Directory is used as the authentication scheme).
We now need to set our IPsec and PPP settings.
IPsec Settings
In the IPsec Settings we need to tick the Enable IPsec tunnel to L2TP host checkbox , expand the Advanced settings, and then add three things:
Cisco Meraki Client Vpn Setup
- Pre-shared Key - adding the key provided by your network administrator
- Phase1 Algorithm - use the following 3des-sha1-modp1024
- Phase2 Algorithm - use the following 3des-sha1
Click OK to set this on the connection.
PPP Settings
Meraki Mx64 Client Vpn Setup
In the PPP Settings we need to make sure PPP is the only Authentication mechanism selected.
The other defaults should be OK, however I’ve included a screenshot to confirm against above.
Click OK to set this on the connection.
The VPN should now be available in the Gnome Settings panel:
and in the main Gnome Menu for quick connect/disconnect