参考 : http://longtimenoc.com/archives/centos%E4%B8%8Al2tp%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE
准备
编译会用到的库
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
安装openswan
wget https://download.openswan.org/openswan/openswan-latest.tar.gz
tar zxf openswan-latest.tar.gz
cd openswan-2.6.48
make programs install
安装xl2tpd
yum install xl2tpd
配置
配置/etc/ipsec.conf
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip #改你服务器的IP
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
配置 /etc/ipsec.secrets
你的服务器IP %any: PSK "你的密码"
编辑 /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
使sysctl生效
sysctl -p
验证配置
ipsec setup restart
ipsec verify
验证后输出
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.48/K3.10.102-1.el6.elrepo.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/docker0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/veth2bad97f/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/virbr0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/virbr0-nic/rp_filter [ENABLED]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [IP XFRM BROKEN]
Checking 'iptables' command [OK]
ipsec verify: encountered errors
注意一堆红色的 居然不影响… 使用我没有管,继续下一步
配置 xltpd
编辑 /etc/xl2tpd/xltpd.conf
[global]
ipsec saref = yes
listen-addr = $vpsip ;服务器地址
[lns default]
ip range = 192.168.12.10-192.168.12.100 ;分配给连接的IP
local ip = 192.168.12.1; ;网关IP
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
编辑 /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
mtu 1500
mru 1500
编辑连接用户文件/etc/ppp/chap-secrets
# user server password ip
username * userpass * #改成你的用户名 密码
重启XL2TPD
service xl2tpd restart
iptables配置
iptables -A INPUT -p 50 -j ACCEPT
iptables -A INPUT -p udp -d 服务器IP --dport 500 -j ACCEPT
iptables -A INPUT -p udp -d 服务器IP --dport 4500 -j ACCEPT
iptables -A INPUT -p udp -d 服务器IP --dport 1701 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -o eth0 -j MASQUERADE
service iptables save
servie iptables restart
增加自启动
chkconfig xl2tpd on
chkconfig iptables on
chkconfig ipsec on
其他
安装squid代理
yum install squid
「真诚赞赏,手留余香」
我的乐与怒
真诚赞赏,手留余香
使用微信扫描二维码完成支付
