前面一篇本博客已经提到–OpenVZ VPS怎样搭建PPTP VPN
今天在这里给大家介绍下l2tp ipsec vpn的搭建教程。下面说下我们需要的一些载体:
运行环境:centos 5.7 32bit【redhat系都可以用】
1、首先安装必要的包。
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
2、下载安装openswan.
wget http://www.openswan.org/download/openswan-2.6.24.tar.gztar zxvf openswan-2.6.24.tar.gz cd openswan-2.6.24 make programs install
3、安装xl2tpd。[这里可能有的筒子们用的编译的,不过安装扩展源之后直接安装岂不是更方便]
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm [centos 5x] rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm [centos 6x]
yum install xl2tpd
4、各种修改配置文件了。编辑 /etc/ipsec.conf 注意$vpsip替换成你机器的ip,贴出配置文件,大家修改就好了。
config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=$vpsip leftprotoport=17/1701 right=%any rightprotoport=17/%any
5、编辑 /etc/ipsec.secrets注意$vpsip替换成你机器的ip, $psk缓存你想设置的密钥
$vpsip %any: PSK "$psk"
6、修改/etc/sysctl.conf,添加转发补丁等功能。注意这里的你参照你文件内容的改,没有的添加。
net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1
7、修改完成后,运行如下命令使之生效。
sysctl -p
8、验证ipsec运行。
ipsec setup restart ipsec verify
输出以下内容就表示配置成功了
Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K2.6.32.16-linode28 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]
9、编辑 /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes listen-addr = $vpsip [lns default] ip range = 10.1.88.2-10.1.88.254 local ip = 10.1.88.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
10、编辑 /etc/ppp/options.xl2tpd
require-mschap-v2 ms-dns 208.67.222.222 ms-dns 208.67.220.220 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4
11、设置用户名,密码:编辑 /etc/ppp/chap-secrets
# user server password ip username * userpass * #改成你的用户名 密码
12、重启xl2tpd
service xl2tpd restart
13、设置iptables。
iptables --table nat --append POSTROUTING --jump MASQUERADE
service iptables save service iptables restart
chkconfig xl2tpd on chkconfig iptables on chkconfig ipsec on
好吧,搭建完成,现在测试一下吧,有条件的筒子们可以把有限的资源提供给无尽的网络,提供免费vpn哦,如果有任何配置上的问题,可以联系我,我们共同研究!
原文:http://www.seevpn.com/article-127.html
via 细节的力量 http://xijie.wordpress.com/2013/04/01/%e5%85%8d%e8%b4%b9vpn%e6%95%99%e7%a8%8b%e4%b9%8bl2tp-ipsec-vpn%e6%90%ad%e5%bb%ba/
No comments:
Post a Comment