1. Requirement:
l2tpd
openswan
ipsec-tools
ppp
2. Installation:
apt-get install openswan
apt-get install l2tpd
檢查是否已經安裝完成需要的package
dpkg --get-selections | grep -E "ipsec-tools|l2tp|openswan|ppp"
此時應該會出現
ipsec-tools install
l2tpd install
openswan install
ppp install
3. Configuration
設定帳號與密碼
vi /etc/ppp/chap-secrets
Ex : username * password *
設定l2tpd設定檔
vi /etc/l2tpd/l2tpd.conf
Ex :
[global]
auth file = /etc/ppp/chap-secrets
[lns default]
ip range = 192.168.1.1-192.168.1.20
local ip = 192.168.1.2
require chap = yes
refuse pap = yes
require authentication = yes
name = ubuntuVPNServer
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
flow bit = yes
設定/etc/ppp/options.l2tpd.lns
vi /etc/ppp/options.l2tpd.lns
Ex :
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.1.1
ms-dns 192.168.1.3
ms-wins 192.168.1.2
ms-wins 192.168.1.4
noccp
auth
crtscts
idle 1800
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/l2tpd.log
設定IPSec
ipsec newhostkey -outfile /etc/ipsec.secrets
vi /etc/ipsec.secrets
Ex :
include /etc/ipsec.d/*.secrets
10.1.233.233 %any : PSK "1234567890"
設定l2tp-psk.conf
cp /etc/ipsec.d/examples/l2tp-psk.conf /etc/ipsec.d/
chmod 755 /etc/ipsec.d/l2tp-psk.conf
4. Start Service
啟動L2TP Server
/etc/init.d/l2tpd restart
啟動IPSec
/etc/init.d/ipsec restart
5. Check IPSEC status
ipsec verify
如果出現
Two or more interfaces found, checking IP forwarding [FAILED]
檢查 /proc/sys/net/ipv4/ip_forward 裏面的值是不是1,如果是0的話
vi /etc/sysctl.conf
加入
net.ipv4.ip_forward = 1
sysctl -p
未完,待續
ref:
http://go-linux.blogspot.com/2007/08/setup-l2tp-over-ipsec-vpn-server-on.html
So far the vpn service has been pretty good.
ReplyDelete