2017-03-20 04:10:49 +01:00
# Manage VPN Users
2016-06-08 03:10:57 +02:00
*Read this in other languages: [English ](manage-users.md ), [简体中文 ](manage-users-zh.md ).*
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
2017-05-30 22:01:26 +02:00
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets` . To change to a new PSK, just edit this file. All VPN users will share the same IPsec PSK.
2016-06-08 03:10:57 +02:00
```bash
2017-05-30 22:01:26 +02:00
%any %any : PSK "your_ipsec_pre_shared_key"
2016-06-08 03:10:57 +02:00
```
For `IPsec/L2TP` , VPN users are specified in `/etc/ppp/chap-secrets` . The format of this file is:
```bash
2017-05-30 22:01:26 +02:00
"your_vpn_username_1" l2tpd "your_vpn_password_1" *
"your_vpn_username_2" l2tpd "your_vpn_password_2" *
2016-06-08 03:10:57 +02:00
... ...
```
2017-11-01 07:01:49 +01:00
You can add more users, use one line for each user. DO NOT use these special characters within values: `\ " '`
2016-06-08 03:10:57 +02:00
For `IPsec/XAuth ("Cisco IPsec")` , VPN users are specified in `/etc/ipsec.d/passwd` . The format of this file is:
```bash
2017-05-30 22:01:26 +02:00
your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
2016-06-08 03:10:57 +02:00
... ...
```
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
```bash
2017-05-30 22:01:26 +02:00
# The output will be your_vpn_password_1_hashed
openssl passwd -1 'your_vpn_password_1'
2016-06-08 03:10:57 +02:00
```
2018-02-11 07:37:00 +01:00
Finally, restart services if you changed to a new PSK. For add, edit or remove VPN users, a restart is normally not required.
2017-02-05 21:48:11 +01:00
```bash
service ipsec restart
service xl2tpd restart
```
