1
å®è£
éè¦ç软件
yum install make gcc gmp-devel bison flex lsof wget libpcap-devel ppp policycoreutils
2
å®è£
Openswan
wget --no-check-certificate
http://www.openswan.org/download/openswan-2.6.35.tar.gztar -zxvf openswan-2.6.35.tar.gzcd openswan-2.6.35make programs install
3
é
ç½®IPSec
vi /etc/ipsec.conf
æ¾å°protostack=autoï¼ä¿®æ¹ä¸º
protostack=netkey
ç¶åå¨æåå ä¸ï¼
conn L2TP-PSK-NATrightsubnet=vhost:%privalso=L2TP-PSK-noNAT
conn L2TP-PSK-noNATauthby=secretpfs=noauto=addkeyingtries=3rekey=noikelifetime=8hkeylife=1htype=transportleft=YOUR.SERVER.IP.ADDRESSleftprotoport=17/1701right=%anyrightprotoport=17/%any
è®°å¾æYOUR.SERVER.IP.ADDRESSæ¹æä½ èªå·±æå¡å¨çIPå°åã
4
设置å
±äº«å¯é¥PSK
vi /etc/ipsec.secrets
å¡«å
¥ä»¥ä¸ä»£ç ï¼æYOUR.SERVER.IP.ADDRESSæ¹æä½ èªå·±æå¡å¨çIPå°åã
YOUR.SERVER.IP.ADDRESS %any: PSK "YourSharedSecret"
5
ä¿®æ¹å
转å设置ï¼ä¸é¢ä¸ºä¸¤æ®µä»£ç ï¼åå«è¿è¡
for each in /proc/sys/net/ipv4/conf/*doecho 0 > $each/accept_redirectsecho 0 > $each/send_redirectsdone
è¿æ¯å¦å¤ä¸æ®µä»£ç
echo 1 >/proc/sys/net/core/xfrm_larval_drop
ä¿®æ¹å
æ ¸è®¾ç½®
vi /etc/sysctl.conf
æ¾å°"net.ipv4.ip_forward"ï¼å°å
¶å¼æ¹ä¸º1ï¼ç¶åéå¯ä½¿å
¶çæã
sysctl -p
éå¯IPSec
/etc/init.d/ipsec restart
å®è£
xl2tpdårp-l2tp
wget
http://sourceforge.net/projects/rp-l2tp/files/rp-l2tp/0.4/rp-l2tp-0.4.tar.gztar -zxvf rp-l2tp-0.4.tar.gzcd rp-l2tp-0.4./configuremakecp handlers/l2tp-control /usr/local/sbin/mkdir /var/run/xl2tpd/ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
wget
http://www.xelerance.com/wp-content/uploads/software/xl2tpd/xl2tpd-1.3.0.tar.gztar -zxvf xl2tpd-1.3.0.tar.gzcd xl2tpd-1.3.0makemake install
建ç«xl2tpdé
ç½®æ件
mkdir /etc/xl2tpdvi /etc/xl2tpd/xl2tpd.conf
è¾å
¥
[global]ipsec saref = yes
[lns default]ip range = 10.82.88.2-10.82.88.254local ip = 10.82.88.1refuse chap = yesrefuse pap = yesrequire authentication = yesppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yes
é
ç½®pppï¼å»ºç«options.xl2tpdæ件
vi /etc/ppp/options.xl2tpd
è¾å
¥
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
设置æ¨å·ç¨æ·ååå¯ç
vi /etc/ppp/chap-secrets
æ ¹æ®è¯´æè¾å
¥ç¨æ·åãå¯ç çï¼ä¾å¦ï¼
jackie * jackie *
æ·»å iptables转åè§å
iptables --table nat --append POSTROUTING --jump MASQUERADE
ä¿åiptables转åè§å
/etc/init.d/iptables save
éå¯iptables
/etc/init.d/iptables restart
以debugæ¹å¼å¯å¨l2tpï¼æ¥çææ é误
xl2tpd -D
å¦æçå°"Listening on IP address 0.0.0.0, port 1701"说æé
ç½®æåäºï¼ä½æ¯æ¤æ¶ä½ ä¸ä¸å®è½è¿ä¸VPNï¼é
置好ä¹åéå¯ä¸ä¸æå¡å¨ã
设置å¼æºå¯å¨
vi /etc/rc.local
å¨rc.localä¸å å
¥
for each in /proc/sys/net/ipv4/conf/*doecho 0 > $each/accept_redirectsecho 0 > $each/send_redirectsdone
echo 1 >/proc/sys/net/core/xfrm_larval_drop
/etc/init.d/ipsec restart
/usr/local/sbin/xl2tpd