Ubuntu下安装xl2tpd服务

前端之家收集整理的这篇文章主要介绍了Ubuntu下安装xl2tpd服务前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
  1. apt-get install openswan xl2tpd ppp lsof
  1. iptables -t nat -A POSTROUTING -j SNAT --to-source <IP地址> -o eth0
  1. echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
  2. echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf
  3. echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf
  4. echo "net.ipv4.conf.default.rp_filter = 0" | tee -a /etc/sysctl.conf
  5. echo "net.ipv4.conf.default.accept_source_route = 0" | tee -a /etc/sysctl.conf
  6. echo "net.ipv4.conf.default.send_redirects = 0" | tee -a /etc/sysctl.conf
  7. echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | tee -a /etc/sysctl.conf
  1. for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
  1. sysctl -p

编辑/etc/ipsec.conf

  1. version 2 # conforms to second version of ipsec.conf specification
  2.  
  3. config setup
  4. dumpdir=/var/run/pluto/
  5. #in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
  6.  
  7. nat_traversal=yes
  8. #whether to accept/offer to support NAT (NAPT,also known as "IP Masqurade") workaround for IPsec
  9.  
  10. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v6:fd00::/8,%v6:fe80::/10
  11. #contains the networks that are allowed as subnet= for the remote client. In other words,the address ranges that may live behind a NAT router through which a client connects.
  12.  
  13. protostack=netkey
  14. #decide which protocol stack is going to be used.
  15.  
  16. force_keepalive=yes
  17. keep_alive=60
  18. # Send a keep-alive packet every 60 seconds.
  19.  
  20. conn L2TP-PSK-noNAT
  21. authby=secret
  22. #shared secret. Use rsasig for certificates.
  23.  
  24. pfs=no
  25. #Disable pfs
  26.  
  27. auto=add
  28. #the ipsec tunnel should be started and routes created when the ipsec daemon itself starts.
  29.  
  30. keyingtries=3
  31. #Only negotiate a conn. 3 times.
  32.  
  33. ikelifetime=8h
  34. keylife=1h
  35.  
  36. ike=aes256-sha1,aes128-sha1,3des-sha1
  37. phase2alg=aes256-sha1,3des-sha1
  38. # https://lists.openswan.org/pipermail/users/2014-April/022947.html
  39. # specifies the phase 1 encryption scheme,the hashing algorithm,and the diffie-hellman group. The modp1024 is for Diffie-Hellman 2. Why 'modp' instead of dh? DH2 is a 1028 bit encryption algorithm that modulo's a prime number,e.g. modp1028. See RFC 5114 for details or the wiki page on diffie hellmann,if interested.
  40.  
  41. type=transport
  42. #because we use l2tp as tunnel protocol
  43.  
  44. left=服务器IP地址
  45. #fill in server IP above
  46.  
  47. leftprotoport=17/1701
  48. right=%any
  49. rightprotoport=17/%any
  50.  
  51. dpddelay=10
  52. # Dead Peer Dectection (RFC 3706) keepalives delay
  53. dpdtimeout=20
  54. # length of time (in seconds) we will idle without hearing either an R_U_THERE poll from our peer,or an R_U_THERE_ACK reply.
  55. dpdaction=clear
  56. # When a DPD enabled peer is declared dead,what action should be taken. clear means the eroute and SA with both be cleared.

编辑 /etc/ipsec.secrets 添加一行

  1. IP地址 %any: PSK "secure_password"

编辑/etc/xl2tpd/xl2tpd.conf

  1. [global]
  2. ipsec saref = yes
  3. saref refinfo = 30
  4.  
  5. ;debug avp = yes
  6. ;debug network = yes
  7. ;debug state = yes
  8. ;debug tunnel = yes
  9.  
  10. [lns default]
  11. ip range = 172.16.1.30-172.16.1.100
  12. local ip = 172.16.1.1
  13. refuse pap = yes
  14. require authentication = yes
  15. ;ppp debug = yes
  16. pppoptfile = /etc/ppp/options.xl2tpd
  17. length bit = yes

编辑/etc/ppp/options.xl2tpd

  1. require-mschap-v2
  2. ms-dns 8.8.8.8
  3. ms-dns 8.8.4.4
  4. auth
  5. mtu 1200
  6. mru 1000
  7. crtscts
  8. hide-password
  9. modem
  10. name l2tpd
  11. proxyarp
  12. lcp-echo-interval 30
  13. lcp-echo-failure 4

编辑/etc/ppp/chap-secrets

  1. Secrets for authentication using CHAP
  2. # client server secret IP addresses
  3. bob l2tpd DF98F09F74C06A2F *
  1. service ipsec restart
  2. service xl2tpd restart

猜你在找的Ubuntu相关文章