IPSEC / L2TP ×××
CentOS 5.5 安装 IPSEC / L2TP ×××
August 21st, 2010 继续折腾 Linode VPS , 上次成功的学会了 Linode VPS (LAMP+ PPTP ×××)配置笔记 ,更进一步,学习安装 IPSEC / L2TP ××× 。 在这里记录一下安装过程、与遇到的问题。 已经安装的工作环境为 Linode VPS + CentOS 5.5 32 bit一、部署IPSEC 、安装 openswan
1、关联包 yum install make gcc gmp-devel bison flex 2、编译安装 cd /usr/srcwget http://www.openswan.org/download/openswan-2.6.24.tar.gz
tar zxvf openswan-2.6.24.tar.gz
cd openswan-2.6.24
make programs install 3、配置 vi /etc/ipsec.conf config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.SERVER.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any 4、 设置 Shared Key vi /etc/ipsec.secrets YOUR.SERVER.IP.ADDRESS %any: PSK “YourSharedSecret” 5、 修改包转发设置 for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done 6、 重启 IPSec ,测试 /etc/init.d/ipsec restart
ipsec verify
.
二、安装 L2TP
1、关联包 yum install libpcap-devel ppp 2、编译安装 cd /usr/srcwget http://downloads.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control cd /usr/src
wget http://www.xelerance.com/software/xl2tpd/xl2tpd-1.2.4.tar.gz
tar zxvf xl2tpd-1.2.4.tar.gz
cd xl2tpd-1.2.4
make install 3、配置 mkdir /etc/xl2tpd
vi /etc/xl2tpd/xl2tpd.conf [global]
ipsec saref = yes [lns default]
ip range = 10.1.2.2-10.1.2.254
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes 4、修改 ppp 配置 vi /etc/ppp/options.xl2tpd require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4 5、添加用户名/密码 vi /etc/ppp/chap-secrets # user server password ip
username l2tpd userpass * 6、启用包转发 iptables --table nat --append POSTROUTING --jump MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward 7、修改/etc/sysctl.conf vi /etc/sysctl.conf net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296 8、启动 xl2tpd /usr/local/sbin/xl2tpd
.
三、扫尾
设置开机自动运行 vi /etc/rc.localiptables --table nat --append POSTROUTING --jump MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forwardfor each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
/usr/local/sbin/xl2tpd
.
四、已知问题
1、长宽之下连接不成功。 IP 地址被干扰了。就如同去 长宽用户在ip138.com 查不到实际 ip ( 但 Gmail 确能记录真实 ip )。 服务器端错误日志 the peer proposed: 服务器ip/32:17/1701 -> 175.189.178.120/32:17/0 peer proposal was reject in a virtual connection policy because a private network virtual IP was required, but the proposed IP did not match our list (virtual_private=)你可能想看:
远程桌面新体验-Windows Multipoint Server 2012 DiskProtectionWindows MultiPoint Server
VULTR日本VPS和AWS EC2日本速度测试对比vultr日本ip美国
SecureCRT python命令 secureclient支持什么命令
解决mongooseserverselectionerror: connect econnrefused ::1:27017错误的方法
php中的<?= ?>替换<?php echo ?>php mb,strlen
How to Check TLS Version in Linux: Secure Your Servers Easily and Avoid Security Risks
远程桌面新体验-Windows Multipoint Server 2012 简介Windows MultiPoint Server 2012
远程桌面新体验-Windows Multipoint Server 2012 VirtualDesktopWindows MultiPoint Server