1 安装
安装l2tp和strongswan。
sudo apt install xl2tpd
sudo apt install strongswan
2 ipsec配置
1)编辑**/etc/ipsec.conf**
conn L2TP-IPSEC
authby=secret
auto=add
keyingtries=3ikelifetime=8h
keylife=1h
keyexchange=ikev2
ike=chacha20poly1305-sha512-curve25519-prfsha512
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1
# 连接类型 传输模式transport/隧道模式tunneltype=transport
# 服务器公网地址left=10.25.X.X
# 服务器子网网段leftsubnet=10.25.17.0/24[17/1701]# 客户端访问地址right=%any # right=10.25.16.0/24# rightsubnet=10.25.16.0/24[17/%any]dpddelay=30s
dpdtimeout=150s
dpdaction=clear
2)编辑**/etc/ipsec.secrets** , 设置ipsec的预共享秘钥
# This file holds shared secrets or RSA private keys for authentication.# RSA private key for this host, authenticating it to any other host# which knows the public part.: PSK "123456"
3 l2tp配置
编辑**/etc/xl2tpd/xl2tpd.conf**
[global]
ipsec saref = no
debug tunnel = no
debug avp = no
debug network = no
debug state = no
access control = no
rand source= dev
port =1701
auth file= /etc/ppp/chap-secrets
[lns default]# 分配给客户端的私有网络地址ip range =192.168.100.100 - 192.168.100.254
# 服务器私有网络地址 绑定网卡的实际网络地址localip=192.168.100.210
name = l2tp
pass peer =yes
refuse pap =yes
refuse chap =yes
require authentication =yes
ppp debug = no
# 指定PPP配置文件路径
pppoptfile = /etc/ppp/options.xl2tpd
length bit =yes
4 ppp配置
1) 编辑PPP配置文件(例如上文中的**/etc/ppp/options.xl2tpd**)。
require-mschap-v2
refuse-mschap
# DNS服务器地址
ms-dns 127.0.0.53
asyncmap 0
auth
crtscts
idle 1800
mtu 1410
mru 1410
hide-password
local
modem
lock
name l2tpd
connect-delay 5000
lcp-echo-interval 30
lcp-echo-failure 4
2)编辑**/etc/ppp/chap-secrets**,添加VPN访问用户密码
# Secrets for authentication using CHAP# client server secret IP addresses
root * root *
5 重启服务
#重启服务
$sudo service xl2tpd restart
$sudo service ipsec restart#确认服务状态
$sudo service xl2tpd status
$sudo service ipsec status
6 添加子网路由
当客户端可以连接到VPN服务器时,需要添加路由才可以访问私有网络中的其它机器。
# 添加访问192.168.100网段的路由
route add-net192.168.100.0/24 netmask 255.255.255.0 gw 192.168.100.1
本文转载自: https://blog.csdn.net/qq_38933606/article/details/133987136
版权归原作者 永不复还 所有, 如有侵权,请联系我们删除。
版权归原作者 永不复还 所有, 如有侵权,请联系我们删除。