centos7部暑ipsec vpn

環境如下：

系統：centos7

外網地址：203.95.193.217

內網地址: 10.6.0.215

1、安裝 l2tp ipsec 所需要的軟件包

yum install epel-release -y

yum install openswan xl2tpd ppp lsof -y

2、設置ipsec

2.1、編輯 /etc/ipsec.conf

cat /etc/ipsec.conf

config setup

protostack=netkey

dumpdir=/var/run/pluto/

nat_traversal=yes

#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

conn L2TP-PSK-NAT

rightsubnet=vhost:%priv

also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT

authby=secret

pfs=no

auto=add

keyingtries=3

dpddelay=30

dpdtimeout=120

dpdaction=clear

rekey=no

ikelifetime=8h

keylife=1h

type=transport

left=203.95.193.217 #服務器外網地址

leftprotoport=17/1701

right=%any

rightprotoport=17/%any

2.2、編輯/etc/ipsec.secrets

cat /etc/ipsec.secrets

include /etc/ipsec.d/*.secrets

cat /etc/ipsec.d/my.secrets

203.95.193.217 %any: PSK "ipsec" #服務器外網地址

2.3、修改/etc/sysctl.conf

cat /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.eth0.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

sysctl -p

2.4、驗證ipsec運行狀態

systemctl start ipsec

systemctl status ipsec

systemctl enable ipsec

ipsec verify

3、設置l2tp

3.1、編輯 /etc/xl2tpd/xl2tpd.conf

cat /etc/xl2tpd/xl2tpd.conf

[global]

listen-addr = 203.95.193.217

ipsec saref = yes

[lns default]

ip range = 192.168.1.128-192.168.1.254 #這裡是VPN client的內網ip地址範圍

local ip = 192.168.1.99 #這裡是VPN server的內網地址

require chap = yes

refuse pap = yes

require authentication = yes

name = LinuxVPNserver

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

3.2、編輯 /etc/ppp/options.xl2tpd

cat /etc/ppp/options.xl2tpd

require-mschap-v2

ipcp-accept-local

ipcp-accept-remote

ms-dns 8.8.8.8

ms-dns 8.8.4.4

noccp

auth

crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

3.3、配置用戶名,密碼 編輯 /etc/ppp/chap-secrets

cat /etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client server secret IP addresses

admin * 123456 *

3.4、啟動xl2tp

systemctl start xl2tpd

systemctl status xl2tpd

4、win7 l2tp ipsec VPN連接設置

打開網絡連接，右擊打開【屬性】

設置完成 ，雙擊啟動

5、測試連接

ping vpn服務器內網地址

6、配置防火牆轉發

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE

iptables -t nat -L

閱讀更多 愛踢人生 的文章

關鍵字: DNS 地址 部暑