首先安装strongswan和xl2tpd:
1 yum install strongswan xl2tpd
记得开启IP转发,修改 /etc/sysctl.conf
修改如下:
1 2 3 4 5 6 net.ipv4 .conf .all .rp_filter = 0 net.ipv4 .conf .default .rp_filter = 0 net.ipv4 .conf .all .send_redirects = 0 net.ipv4 .conf .default .send_redirects = 0 net.ipv4 .conf .all .accept_redirects = 0 net.ipv4 .conf .default .accept_redirects = 0
并重启使之生效。(执行sysctl -p 应该也是可以的,但一定要验证一下是不是生效了,实在不行就重启吧。)
接下来修改 /etc/strongswan/ipsec.conf
文件,如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 config setup conn %default ikelifetime =60m keylife =20m rekeymargin =3m keyingtries =1 conn l2tp keyexchange =ikev1 # IKE版本 left =<对外IP> leftsubnet =0.0.0.0/0 leftprotoport =17/1701 authby =secret leftfirewall =no right =%any rightprotoport =17/%any type =transport auto =add
然后修改 /etc/strongswan/ipsec.secrets
文件(没有此文件就新建一个):
IPsec的部分就完成了,接下来是L2TP。
/etc/xl2tpd/xl2tpd.conf
文件的 [lns default]
部分如下:
1 2 3 4 5 6 7 8 9 10 11 [lns default] ip range = 10.10 .0.2 -10.10 .0.100 local ip = 10.10 .0.1 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes bps = 1000000
PPP的部分,这里只设定了chap验证 /etc/ppp/options.xl2tpd
:
1 2 3 4 5 6 7 8 9 10 11 12 13 ms -dns 8.8.8.8 ms -dns 8.8.4.4 noccp auth crtscts idle 600 mtu 1200 mru 1200 nodefaultroute debug lock proxyarp connect -delay 2500
连接密码文件 /etc/ppp/chap-secrets
:
还要记得开放500,1701和4500端口,并配置iptables转发规则。
注:没有开启firewalld的话,开启转发规则的命令如下:
1 iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE
然后开启服务:
1 2 systemctl start strongswan.service systemctl start xl2tpd.service
连接的时候选L2TP/IPSec VPN with pre-shared keys
,PSK就是刚刚配置文件中的<PSK>
,用户名和密码都在 /etc/ppp/chap-secrets
中。
参考链接:http://qiaodahai.com/setup-l2tp-ipsec-vpn-on-centos.html