1. 安装相关包
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enhanced
2. 下载和安装Openswan
https://download.openswan.org/openswan/old/openswan-2.6/openswan-2.6.38.tar.gz
进入解压后的目录,
make programs install
3. 安装xl2tpd
https://download.openswan.org/xl2tpd/old/xl2tpd-1.2.4.tar.gz
4. 配置
(1) /etc/ipsec.conf
config setup
nat_traversal=yes
virtual_private=%v4:,%v4:,%v4:
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$tmpip
leftid=$tmpip
leftprotoport=/
right=%any
rightid=%any
rightprotoport=/%any
(2) /etc/sysctl.conf
net.ipv4.ip_forward = net.ipv4.conf.default.rp_filter = 0
刷新配置
sysctl -p
(3) /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes [lns default] ip range = $iprange.-$iprange. local ip = $iprange. refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
(4) /etc/ppp/options.xl2tpd
require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp- lcp-
(5) /etc/ppp/chap-secrets
密码文件,格式1行1个用户,{username} * {password} *
client1 * *
(6) ipsec的服务密码
/etc/ipsec.secrets,在最下方添加
47.70.19.19 %any: PSK "serverPassword"
(7) /etc/sysconfig/iptables
*nat :PREROUTING ACCEPT [:] :POSTROUTING ACCEPT [:] :OUTPUT ACCEPT [:] -A POSTROUTING -s -j MASQUERADE -A POSTROUTING -s -j MASQUERADE -A POSTROUTING -s -j MASQUERADE COMMIT
(8)
touch /usr/bin/l2tpset echo "#/bin/bash" >>/usr/bin/l2tpset echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/l2tpset echo "do" >>/usr/bin/l2tpset echo "echo 0 > \$each/accept_redirects" >>/usr/bin/l2tpset echo "echo 0 > \$each/send_redirects" >>/usr/bin/l2tpset echo "done" >>/usr/bin/l2tpset chmod +x /usr/bin/l2tpset
5. 启动服务
service iptables restartservice ipsec restart/usr/bin/l2tpset/usr/local/sbin/xl2tpd
6. 验证配置
ipsec verify