l2tp over ipsec with psk in linux server&client

l2tp over ipsec with psk in linux server&client,第1张

How To Install Setup L2TP over IPsec VPN in Debian Lenny Jan 11 wingloonLinux 5 Comments In this how to, I am going to share how to install setup L2TP over IPsec VPN in Debian Lenny using openswan and xl2tpd package. I am going to use Pre-Shared Key (PSK) in IPsec and CHAP as an authentication mechanism. This how to has been tested on iPad 2, Mac OS X Lion and Windows 7. However, if you tested this how to with other OSes and smartphones, I would like to hear from you in the comments. I am using Hostigation KVM (affiliate link) for this how to. Let’s get started and I am using root. 1. Install Openswan using command below in Debian Lenny (answer the default questions asked): - # aptitude install openswan 2. Add the below configuration to /etc/ipsec.conf file: - # basic configuration config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 nhelpers=0 protostack=netkey # Add connections here conn L2TP-PSK-CLIENTS authby=secret pfs=no auto=add keyingtries=3 rekey=no type=transport left=%defaultroute leftnexthop=%defaultroute leftprotoport=17/1701 right=%any rightsubnet=vhost:%priv,%no rightprotoport=17/%any dpddelay=40 dpdtimeout=130 dpdaction=clear #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf 3. Next, enter your prefer Pre-Shared Key (PSK) to /etc/ipsec.secrets file below: - YourIPHere %any: PSK "sharedsecrethere" 4. Then, restart IPsec service using command below: - # /etc/init.d/ipsec restart 5. Then, configure the Linux Kernel using command below: - # for each in /proc/sys/net/ipv4/conf/*do echo 0 >$each/accept_redirectsecho 0 >$each/send_redirectsdone 6. By now, IPsec configuration is done and you can verify it and you must get no errors using command below: - # ipsec verify 7. Install xl2tpd using the command below in Debian Lenny: - # aptitude install xl2tpd 8. Add the below xl2tpd configuration to /etc/xl2tpd/xl2tpd.conf file: - [lns default] ip range = 10.20.30.2-10.20.30.254 local ip = 10.20.30.1 require chap = yes require authentication = yes refuse pap = yes name = LinuxVPNserver hostname = YourVPNHostname ppp debug = yes length bit = yes pppoptfile = /etc/xl2tpd/ppp-options.xl2tpd 9. Add the below PPP configuration to /etc/xl2tpd/ppp-options.xl2tpd file: - crtscts idle 1800 mtu 1200 mru 1200 nodefaultroute debug lock proxyarp connect-delay 5000 ms-dns 8.8.4.4 ms-dns 8.8.8.8 name l2tpd lcp-echo-interval 30 lcp-echo-failure 4 logfile /var/log/ppp.log 10. Configure CHAP as the above xl2tpd configuration only require CHAP and not PAP by modify /etc/ppp/chap-secrets file as below: - username l2tpd password * 11. Next, enable routing in Linux Kernel using command below: - # echo 1 >/proc/sys/net/ipv4/ip_forward 12. Next, configure the Linux firewall (iptables) to enable masquerading (Internet sharing) using command below: - # iptables -t nat -A POSTROUTING -o eth0 -s 10.20.30.0/24 -j MASQUERADE Resources: �6�1Confounded Technology: Android IPSec PSK VPN – Nexus One with OpenSWAN �6�1Electic Security: Secure IPsec/L2TP VPN for on the road android devices


欢迎分享,转载请注明来源:夏雨云

原文地址:https://www.xiayuyun.com/zonghe/390605.html

(0)
打赏 微信扫一扫微信扫一扫 支付宝扫一扫支付宝扫一扫
上一篇 2023-05-17
下一篇2023-05-17

发表评论

登录后才能评论

评论列表(0条)

    保存