centos7部暑ipsec vpn
環境如下:
系統:centos7
外網地址:203.95.193.217
內網地址: 10.6.0.215
1、安裝 l2tp ipsec 所需要的軟件包
yum install epel-release -y
yum install openswan xl2tpd ppp lsof -y
2、設置ipsec
2.1、編輯 /etc/ipsec.conf
cat /etc/ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=203.95.193.217 #服務器外網地址
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
2.2、編輯/etc/ipsec.secrets
cat /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
cat /etc/ipsec.d/my.secrets
203.95.193.217 %any: PSK "ipsec" #服務器外網地址
2.3、修改/etc/sysctl.conf
cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
sysctl -p
2.4、驗證ipsec運行狀態
systemctl start ipsec
systemctl status ipsec
systemctl enable ipsec
ipsec verify
3、設置l2tp
3.1、編輯 /etc/xl2tpd/xl2tpd.conf
cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = 203.95.193.217
ipsec saref = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254 #這裡是VPN client的內網ip地址範圍
local ip = 192.168.1.99 #這裡是VPN server的內網地址
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
3.2、編輯 /etc/ppp/options.xl2tpd
cat /etc/ppp/options.xl2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
3.3、配置用戶名,密碼 編輯 /etc/ppp/chap-secrets
cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
admin * 123456 *
3.4、啟動xl2tp
systemctl start xl2tpd
systemctl status xl2tpd
4、win7 l2tp ipsec VPN連接設置
打開網絡連接,右擊打開【屬性】
設置完成 ,雙擊啟動
5、測試連接
ping vpn服務器內網地址
6、配置防火牆轉發
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -L
閱讀更多 愛踢人生 的文章