Connect to CloudRaya VPN on Linux

This guide explains how to connect a Linux device to CloudRaya VPN using L2TP/IPsec with a Pre-Shared Key (PSK).

CloudRaya VPN lets you securely access private IP resources inside your VPC, such as Virtual Machines, without exposing them to the public internet.

Before You Begin

Prepare the following from the CloudRaya Control Panel:

• VPN Public IP
• Pre-Shared Key (PSK)
• VPN Username
• VPN Password

Prerequisites:

• At least one active VM in the selected location
• VPN status is Enabled
• Root or sudo access on Linux
• Internet connection

Supported Linux Distributions

This guide applies to most modern distributions, including:

• Ubuntu
• Debian
• Rocky Linux
• AlmaLinux
• CentOS Stream

The steps use strongSwan (IPsec) and xl2tpd (L2TP), which are widely supported.

VPN Protocol Details

CloudRaya VPN configuration:

• Protocol: L2TP over IPsec
• Authentication: Username & Password
• IPsec Auth: Pre-Shared Key (PSK)
• PPP Auth: MS-CHAP v2

Step 1: Install Required Packages

Ubuntu / Debian

sudo apt update
sudo apt install -y strongswan xl2tpd ppp

RHEL-based (Rocky / Alma / CentOS)

sudo dnf install -y strongswan xl2tpd ppp

Step 2: Configure IPsec (strongSwan)

2.1 /etc/ipsec.conf

config setup
  charondebug="ike 1, knl 1, cfg 0"

conn cloudraya-vpn
  keyexchange=ikev1
  authby=psk
  type=transport
  left=%defaultroute
  leftprotoport=17/1701
  right=<VPN_PUBLIC_IP>
  rightprotoport=17/1701
  auto=add

Replace <VPN_PUBLIC_IP> with your CloudRaya VPN public IP.

2.2 /etc/ipsec.secrets

<VPN_PUBLIC_IP> : PSK "<PRE_SHARED_KEY>"

Replace <PRE_SHARED_KEY> with the PSK from CloudRaya.

Step 3: Configure L2TP (xl2tpd)

3.1 /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701

[lns cloudraya]
ip range = 10.10.10.2-10.10.10.10
local ip = 10.10.10.1
require chap = yes
refuse pap = yes
require authentication = yes
name = cloudraya
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

3.2 /etc/ppp/options.xl2tpd

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
mtu 1280
mru 1280
persist

3.3 /etc/ppp/chap-secrets

<VPN_USERNAME> cloudraya <VPN_PASSWORD> *

Replace <VPN_USERNAME> and <VPN_PASSWORD> with your CloudRaya VPN credentials.

Step 4: Start Services

sudo systemctl restart strongswan
sudo systemctl restart xl2tpd

Verify IPsec status:

sudo ipsec status

Step 5: Establish the VPN Connection

echo"c cloudraya" |sudotee /var/run/xl2tpd/l2tp-control

If successful, a new PPP interface (e.g. ppp0) will appear.

Verify the Connection

Check interface:

ip addr show ppp0

Test private IP access:

ping <PRIVATE_VM_IP>

If the ping succeeds, the VPN is connected correctly.

Disconnect the VPN

echo"d cloudraya" |sudotee /var/run/xl2tpd/l2tp-control

Common Issues and Fixes

Connection Fails Immediately

• Verify PSK and VPN Public IP
• Ensure IPsec ports are not blocked (UDP 500, 4500, 1701)

Cannot Access Private IPs

• Confirm the VM is running
• Ensure ACL rules allow internal traffic
• Make sure the VM is in the same VPC

xl2tpd Not Responding

sudo systemctl status xl2tpd
sudo journalctl -u xl2tpd

Important Notes

• VPN users can be reused across multiple VPCs
• VPN users cannot be shared across different locations
• VPN provides private network access, not internet tunneling
• VPN requires at least one active VM in the VPC

Related Pages

📄 Manage VPN

📄 Connect to CloudRaya VPN on Windows

📄 Connect to CloudRaya VPN on macOS

📄 Virtual Private Cloud (VPC)