LibreSwan
/etc/ipsec.d/xxx.com.secret
@vpn.l2tp %any : PSK “pass”
/etc/ipsec.d/xxx.com.conf
conn vpnserver
sha2-truncbug=yes
type=transport
authby=secret
pfs=no
rekey=no
keyingtries=1
left=%defaultroute
#leftnexthop=internet.ip server in nat
leftprotoport=udp/l2tp
leftid=@vpn.l2tp
right=%any
rightprotoport=udp/%any
auto=add
echo 1 > /proc/sys/net/ipv4/ip_forward
#修改/etc/sysctl.conf文件,让包转发功能在系统启动时自动生效:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -s 192.168.19.1/24 -o eth0 -j MASQUERADE
xl2tpd
root #iptables -t filter -A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport l2tp -j ACCEPT
root #iptables -t filter -A INPUT -p udp -m udp --dport l2tp -j REJECT --reject-with icmp-port-unreachable
root #iptables -t filter -A OUTPUT -p udp -m policy --dir out --pol ipsec -m udp --sport l2tp -j ACCEPT
root #iptables -t filter -A OUTPUT -p udp -m udp --sport l2tp -j REJECT --reject-with icmp-port-unreachable
FILE /etc/xl2tpd/xl2tpd.conf
[global]
port = 1701
access control = no
[lns default]
ip range = 172.21.118.2-172.21.118.254
local ip = 172.21.118.1
require authentication = yes
name = LinuxVPN
pppoptfile = /etc/ppp/options.xl2tpd
FILE /etc/ppp/options.xl2tpd
noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
silent
FILE /etc/ppp/chap-secrets
user * pass *
Add new comment