配置L2TP IPsec VPN (CentOS 6.5)

1. 安装相关包

yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enhanced

2. 下载和安装Openswan

https://download.openswan.org/openswan/old/openswan-2.6/openswan-2.6.38.tar.gz

进入解压后的目录,

make programs install

3. 安装xl2tpd

https://download.openswan.org/xl2tpd/old/xl2tpd-1.2.4.tar.gz

4. 配置

(1) /etc/ipsec.conf

config setup
    nat_traversal=yes
    virtual_private=%v4:,%v4:,%v4:
    oe=off
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=$tmpip
    leftid=$tmpip
    leftprotoport=/
    right=%any
    rightid=%any
    rightprotoport=/%any

(2) /etc/sysctl.conf

net.ipv4.ip_forward =
net.ipv4.conf.default.rp_filter = 0

刷新配置

sysctl -p

(3) /etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = yes
[lns default]
ip range = $iprange.-$iprange.
local ip = $iprange.
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

(4) /etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-
lcp-

(5) /etc/ppp/chap-secrets

密码文件,格式1行1个用户,{username} * {password} *

client1 *  *

(6) ipsec的服务密码

/etc/ipsec.secrets,在最下方添加

47.70.19.19 %any: PSK "serverPassword"

(7) /etc/sysconfig/iptables

*nat
:PREROUTING ACCEPT [:]
:POSTROUTING ACCEPT [:]
:OUTPUT ACCEPT [:]

-A POSTROUTING -s  -j MASQUERADE
-A POSTROUTING -s  -j MASQUERADE
-A POSTROUTING -s  -j MASQUERADE

COMMIT

(8)

touch /usr/bin/l2tpset
echo "#/bin/bash" >>/usr/bin/l2tpset
echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/l2tpset
echo "do" >>/usr/bin/l2tpset
echo "echo 0 > \$each/accept_redirects" >>/usr/bin/l2tpset
echo "echo 0 > \$each/send_redirects" >>/usr/bin/l2tpset
echo "done" >>/usr/bin/l2tpset
chmod +x /usr/bin/l2tpset

5. 启动服务

service iptables restartservice ipsec restart/usr/bin/l2tpset/usr/local/sbin/xl2tpd
 

6. 验证配置

ipsec verify
上一篇:GDI+_绘制QQ头像


下一篇:ubuntu 安装Elasticsearch5.0(Debian包)