centos7部暑ipsec vpn
环境如下:
系统:centos7
外网地址:203.95.193.217
内网地址: 10.6.0.215
1、安装 l2tp ipsec 所需要的软件包
yum install epel-release -y
yum install openswan xl2tpd ppp lsof -y
2、设置ipsec
2.1、编辑 /etc/ipsec.conf
cat /etc/ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=203.95.193.217 #服务器外网地址
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
2.2、编辑/etc/ipsec.secrets
cat /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
cat /etc/ipsec.d/my.secrets
203.95.193.217 %any: PSK "ipsec" #服务器外网地址
2.3、修改/etc/sysctl.conf
cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
sysctl -p
2.4、验证ipsec运行状态
systemctl start ipsec
systemctl status ipsec
systemctl enable ipsec
ipsec verify
3、设置l2tp
3.1、编辑 /etc/xl2tpd/xl2tpd.conf
cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = 203.95.193.217
ipsec saref = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254 #这里是VPN client的内网ip地址范围
local ip = 192.168.1.99 #这里是VPN server的内网地址
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
3.2、编辑 /etc/ppp/options.xl2tpd
cat /etc/ppp/options.xl2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
3.3、配置用户名,密码 编辑 /etc/ppp/chap-secrets
cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
admin * 123456 *
3.4、启动xl2tp
systemctl start xl2tpd
systemctl status xl2tpd
4、win7 l2tp ipsec VPN连接设置
打开网络连接,右击打开【属性】
设置完成 ,双击启动
5、测试连接
ping vpn服务器内网地址
6、配置防火墙转发
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -L
閱讀更多 愛踢人生 的文章