sudo apt-get install strongswan xl2tpd ppp
/etc/ipsec.conf
conn L2TP-PSK
type=transport
authby=psk
keyexchange=ikev1
keyingtries=3
rekey=no
left=192.168.5.105 use local ip
right=%any
auto=add
/etc/ipsec.secrets
: PSK "12345678"
/etc/xl2tpd/xl2tpd.conf
[lns default] ; Our fallthrough LNS definition
ip range = 192.168.2.2-192.168.2.20 ; * Allocate from this IP range
local ip = 192.168.2.1 ; * Our local IP to use
length bit = yes ; * Use length bit in payload?
name = l2tpd ; * Report this as our hostname
ppp debug = yes ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file
/etc/ppp/options.l2tpd
require-mschap-v2
ms-dns 8.8.4.4
lcp-echo-interval 10
lcp-echo-failure 3
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
debug
logfile /var/log/xl2tpd.log
xl2tpd iptables
root #
iptables -t filter -A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport l2tp -j ACCEPT
root #
iptables -t filter -A INPUT -p udp -m udp --dport l2tp -j REJECT --reject-with icmp-port-unreachable
root #
iptables -t filter -A OUTPUT -p udp -m policy --dir out --pol ipsec -m udp --sport l2tp -j ACCEPT
root #
iptables -t filter -A OUTPUT -p udp -m udp --sport l2tp -j REJECT --reject-with icmp-port-unreachable
echo 1 > /proc/sys/net/ipv4/ip_forward
#修改/etc/sysctl.conf文件,让包转发功能在系统启动时自动生效:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -s 192.168.19.1/24 -o eth0 -j MASQUERADE
Add new comment