Every few months I have to set this up on a new machine, and it’s always very confusing because most VPN instructions are for Windows, Mac or mobile devices. Ubuntu’s GUI tool for managing VPNs is quite powerful, but not very intuitive. Here’s how to find all of the necessary options.
First, install the packages that you’ll need. As of Ubuntu 23.04, you can use the standard Ubuntu repositiories, no need for a PPA to get a more recent version. (I mention this because many old guides online still mention the PPA, but it throws an error if you try to use it with recent Ubuntu version.)
apt install network-manager-l2tp-gnome
Note that if you’re on XFCE/Xubuntu, you still need network-manager-l2tp-gnome. It depends on network-manager-l2tp, which should suffice if you’re on KDE.
Once the packages have installed, click on the network icon in the system tray. Select VPN Connections in the menu that pops up, followed by Add a VPN connection…. For Choose a VPN Connection Type, select Layer 2 Tunneling Protocol (L2TP) and then click Create….
You should now see the VPN configuration dialogue. The Connection name is arbitrary, choose anything that helps you remember what this connection is for. Skip the General tab, leaving everything at the default value. In the VPN tab, under the General section, the Gateway field is the hostname or IP address of your VPN server. You should have been sent this by your network administrator. Likewise, you should already have the details that you need for the User Authentication section. The key sections that weren’t immediately obvious to me were at the bottom: IPsec Settings… and PPP Settings….
Let’s start with IPsec Settings…. Click the button, and check Enable IPsec tunnel to L2TP host in the popup that appears. You’ll need to fill in the Machine Authentication section based on the information that you received from your network administrator. You can probably skip the Advanced section, everything worked for me with the defaults. Click Apply when you’re done filling in the popup.
Next, click PPP Settings…. This might be optional, but many VPNs I’ve used require stricter encryption settings than the default that Ubuntu selects for you. I needed to check Use Point-to-Point encryption (MPPE) and select 128-bit (most secure) in the Security dropdown. You can probably leave everything else at the default. Again, click Apply when you’re done.
You should now be able to save and use the VPN. However, when it’s enabled, all of your network traffic will go over the VPN. If you only need it for a few specific hosts, read on!
Select the IPv4 Settings tab on the main Editing <Connection name> dialogue. Click on the Routes… button at the bottom. Check the Use this connection only for resources on its network box. For each IP address that you need to access over the VPN, click the Add button next to the routing table. Fill in the Address field (sadly it only accepts IP addresses, not hostnames), and set Netmask to 255.255.255.255 for a single IP address. (You could also specify network blocks using the mask if you want.) Once you’ve added all of the addresses that you need, click OK. You can now save the VPN settings in the main dialogue and test it.
Reference
https://blog.rac.me.uk/2013/10/20/linux-setting-up-a-vpn-to-only-route-specific-ip-addresses/