Android IPsec L2TP client

Quick command to create an L2TP/IPSEC server(Gentoo) / client (Android 2.2). Put the files ca.crt client.crt server.crt server.key (insecure version) inside /etc/racoon/crt.

CA generation (self signed) :

openssl req -new -x509 -out ca.crt -keyout ca.key -days 3065

Client key and certificate request : openssl req -new -keyout client.key -out client.csr -days 3065

CA signed client request : SAN="ipsec.client" openssl x509 -extfile ./x509v3.cnf -extensions x509v3_FQDN -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

Creating a p12 files to upload on android and add to certificate store : openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -name client -out client.p12

Server key and certificate request : openssl req -new -keyout server.key -out server.csr -days 3065

CA signed server request : SAN="ipsec.server" openssl x509 -extfile ./x509v3.cnf -extensions x509v3_FQDN -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt