2016-09-09 23:45:39 +02:00
# Manage VPN Users
2016-06-08 03:10:57 +02:00
*Read this in other languages: [English ](manage-users.md ), [简体中文 ](manage-users-zh.md ).*
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
2016-09-30 18:53:33 +02:00
**Note:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. This applies even if you create multiple users. For the above use case, try [OpenVPN ](https://github.com/Nyr/openvpn-install ).
2016-09-26 08:08:02 +02:00
2016-06-08 03:10:57 +02:00
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets` . To change to a new PSK, just edit this file.
```bash
< VPN Server IP > %any : PSK "< VPN IPsec PSK > "
```
For `IPsec/L2TP` , VPN users are specified in `/etc/ppp/chap-secrets` . The format of this file is:
```bash
"< VPN User 1 > " l2tpd "< VPN Password 1 > " *
"< VPN User 2 > " l2tpd "< VPN Password 2 > " *
... ...
```
You can add more users, use one line for each user. DO NOT use these characters within values: `\ " '`
For `IPsec/XAuth ("Cisco IPsec")` , VPN users are specified in `/etc/ipsec.d/passwd` . The format of this file is:
```bash
< VPN User 1 > :< VPN Password 1 ( hashed ) > :xauth-psk
< VPN User 2 > :< VPN Password 2 ( hashed ) > :xauth-psk
... ...
```
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
```bash
# The output will be <VPN Password 1 (hashed)>
openssl passwd -1 "< VPN Password 1 > "
```
2016-06-08 22:56:17 +02:00
When finished making changes, run these commands or reboot your server.
```bash
service ipsec restart
service xl2tpd restart
```
