-------------l2tp ×××--------------
1、搭建環境
yum install -y make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced man
yum install openswan ppp xl2tpd -y
2、安裝openswan
wget https://download.openswan.org/openswan/openswan-latest.tar.gz
tar xf openswan-latest.tar.gz
cd openswan-2.6.50/
make programs install
3、安裝xl2tpd和rp-l2tp
yum install libpcap-devel ppp policycoreutils
wget http://sourceforge.net/projects/rp-l2tp/files/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar xf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
wget https://github.com/xelerance/xl2tpd/archive/v1.3.8.tar.gz
tar xf v1.3.8.tar.gz
cd xl2tpd-1.3.8
make && make install
4、配置
(1)編輯配置檔案/etc/ipsec.conf
替換為如下内容,把下面0.0.0.0換成伺服器的外網ip(注意一定要有字元縮進,距離不要改變)
vim /etc/ipsec.conf
version 2.0
config setup
protostack=netkey
nhelpers=0
uniqueids=no
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.18.0/24
conn l2tp-psk
rightsubnet=vhost:%priv
also=l2tp-psk-nonat
conn l2tp-psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftid=10.0.0.121 //公網ip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
sha2-truncbug=yes
(2)設定共享密鑰psk 編輯配置檔案/etc/ipsec.secrets
vim /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
%any %any: psk "5dhj.com"
(3)修改核心設定,使其支援轉發,編輯/etc/sysctl.conf檔案并生效
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
sysctl -p
(4)驗證ipsec運作狀态;檢視系統ipsec安裝和啟動的正确性
service ipsec restart
ipsec verify
(5) 編輯xl2tpd配置檔案
vim /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
listen-addr = 172.16.2.162
[lns default]
ip range = 172.16.2.200-172.16.2.220
local ip = 172.16.2.162
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
bps = 1000000
配置ppp 建立options.xl2tpd檔案:
vim /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 114.114.114.114
ms-dns 8.8.8.8
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
(6)配置使用者名,密碼:編輯 /etc/ppp/chap-secrets
vim /etc/ppp/chap-secrets
(7)重新開機xl2tp
service xl2tpd restart
(8)添加自啟動
chkconfig ipsec on
chkconfig xl2tpd on
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)