IPsec VPN server

Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.

An IPsec VPN encrypts your network traffic, so that nobody between you and the VPN server can eavesdrop on your data as it travels via the Internet. This is especially useful when using unsecured networks, e.g. at coffee shops, airports or hotel rooms.

We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider.

You may also want to learn about » IPsec VPN Server on Docker

Quick start

First, prepare your Linux server* with a fresh install of Ubuntu LTS, Debian or CentOS.

Use this one-liner to set up an IPsec VPN server:

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh

If using CentOS, replace the link above with https://git.io/vpnsetup-centos.

Your VPN login details will be randomly generated, and displayed on the screen when finished.

For other installation options and how to set up VPN clients, read the sections below.

* A dedicated server or virtual private server (VPS). OpenVZ VPS is not supported.


  • New: The faster IPsec/XAuth (“Cisco IPsec”) mode is supported
  • New: A pre-built Docker image of the VPN server is now available
  • Fully automated IPsec VPN server setup, no user input needed
  • Encapsulates all VPN traffic in UDP – does not need ESP protocol
  • Can be directly used as “user-data” for a new Amazon EC2 instance
  • Includes sysctl.conf optimizations for improved performance
  • Tested with Ubuntu 18.04/16.04/14.04, Debian 9/8 and CentOS 7/6


A newly created Amazon EC2 instance, from one of these images:


A dedicated server or KVM/Xen-based virtual private server (VPS), freshly installed with one of the above OS. OpenVZ VPS is not supported, users could instead try OpenVPN.

This also includes Linux VMs in public clouds, such as DigitalOcean, Vultr, Linode, Google Compute Engine, Amazon Lightsail, Microsoft Azure, IBM Cloud, OVH and Rackspace.

⚠️ DO NOT run these scripts on your PC or Mac! They should only be used on a server!


Ubuntu & Debian

First, update your system with apt-get update && apt-get dist-upgrade and reboot. This is optional, but recommended.

To install the VPN, please choose one of the following options:

Option 1: Have the script generate random VPN credentials for you (will be displayed when finished):

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh

Option 2: Edit the script and provide your own VPN credentials:

wget https://git.io/vpnsetup -O vpnsetup.sh

nano -w vpnsetup.sh

[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]

sudo sh vpnsetup.sh

Note: A secure IPsec PSK should consist of at least 20 random characters.

Option 3: Define your VPN credentials as environment variables:

# All values MUST be placed inside ‘single quotes’

# DO NOT use these special characters within values: ” ‘

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo




sh vpnsetup.sh

Note: If unable to download via wget, you may also open vpnsetup.sh (or vpnsetup_centos.sh) and click the Raw button. Press Ctrl-A to select all, Ctrl-C to copy, then paste into your favorite editor.


First, update your system with yum update and reboot. This is optional, but recommended.

Follow the same steps as above, but replace https://git.io/vpnsetup with https://git.io/vpnsetup-centos.


Configure a static IP Address to Konica Minolta 4000P

Note: The printer should be connected to a network or to a print server and navigate either to the Network card menu or TCP/IP menu.

Network Card menu

To access this menu, navigate to the following:

Network/Ports >Standard Network >STD NET SETUP >Network Card

TCP/IP menu

To access this menu, navigate to the following:

Network/Ports >Standard Network >STD NET SETUP >TCP/IP>IP address

Note: This menu is available only in network printers or printers connected to print servers

Then enter the appropriate values for

IP address, Network Mask, Default gateway.