西部数码主机 | 阿里云主机| 虚拟主机 | 服务器 | 返回乐道官网
当前位置: 主页 > 开发教程 > linux教程 >

CentOS搭建L2TP VPN

时间:2016-10-16 19:43来源:未知 作者:好模板编辑 点击:
一、安装软件 yum install -y openswan ppp xl2tpd 二、配置ipsec 1.配置ipsec.conf cat /etc/ipsec.conf config setup protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0
一、安装软件
 
  yum install -y openswan ppp xl2tpd
 
二、配置ipsec
 
 1.配置ipsec.conf
  cat /etc/ipsec.conf
    config setup
        protostack=netkey
        nat_traversal=yes
     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
        oe=off
    conn %default
        Forceencaps=yes
    conn L2TP-PSK-NAT              [定义一个VPN的连接,L2TP-PSK-noNAT是这个连接的名字]
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT
    conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add                   [ipsec启动后,VPN1连接处于等待状态]
        keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=133.3.5.16          [外网ip]
        leftprotoport=17/1701      [vpn服务器端口]
        right=%any
        rightprotoport=17/%any
        dpddelay=40
        dpdtimeout=130
        dpdaction=clear
       
 2.配置IPSec预共享密钥
  cat /etc/ipsec.secrets
    121.46.20.249 %any: PSK "good321"
       [外网ip]             [共享秘钥]
 
 3.修改包转发设置
  for each in /proc/sys/net/ipv4/conf/*; do echo 0 > $each/accept_redirects; echo 0 > $each/send_redirects ; done
 4.重启IPSec并验证
  service ipsec restart
  ipsec verify  [输出以下内容则正常]
    Verifying installed system and configuration files
    Version check and ipsec on-path                   [OK]
    Libreswan 3.15 (netkey) on 2.6.32-279.el6.x86_64
    Checking for IPsec support in kernel              [OK]
    NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects              [OK]
         ICMP default/accept_redirects            [OK]
         XFRM larval drop                         [OK]
    Pluto ipsec.conf syntax                           [OK]
    Hardware random device                            [N/A]
    Two or more interfaces found, checking IP forwarding[OK]
    Checking rp_filter                                [OK]
    Checking that pluto is running                    [OK]
    Pluto listening for IKE on udp 500               [OK]
    Pluto listening for IKE/NAT-T on udp 4500        [OK]
    Pluto ipsec.secret syntax                        [OK]
    Checking 'ip' command                             [OK]
    Checking 'iptables' command                       [OK]
    Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options          [OK]
    Opportunistic Encryption                          [DISABLED]
 
  常见验证失败解决办法
 
  1.Two or more interfacesfound, checking IP forwarding [Failed] 
    echo 1 > /proc/sys/net/ipv4/ip_forward   [不需要重启服务]
    vi /etc/sysctl.conf   [修改成以下内容]
     net.ipv4.ip_forward = 1
     net.ipv4.conf.default.rp_filter = 0 
 
  2. Checking that pluto isrunning [Failed] 
    cd /var/run/pluto
    ipsec pluto      [生成pluto.ctl文件]
    ipsec verify
 
(责任编辑:好模板)
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
栏目列表
热点内容