不折腾会死人。记录 Linode VPS + CentOS 5.5 成功安装 IPSEC/ L2TP VPN 后的状态 。
1 、Linode VPS
2、 CentOS 5.5 32bit
more /proc/version
Linux version 2.6.32.16-linode28 (root@build.linode.com) (gcc version 4.3.3 (Ubu
ntu 4.3.3-5ubuntu4) ) #1 SMP Sun Jul 25 21:32:42 UTC 2010
3、IPSEC ~
openswan-2.6.28
4、L2TPD
xl2tpd-1.2.4
rp-l2tp-0.4
5、vi /etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkeyconn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNATconn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=1.2.3.4 //你的服务器IP
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
6、vi /etc/ipsec.secrets
YOUR.SERVER.IP.ADDRESS %any: PSK “YourSharedSecret
7、vi /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes[lns default]
ip range = 10.1.2.2-10.1.2.254
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
8、vi /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
9、vi /etc/ppp/chap-secrets
# user server password ip
username l2tpd userpass *
10、vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
11、vi /etc/rc.local
iptables --table nat --append POSTROUTING --jump MASQUERADEecho 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
/usr/local/sbin/xl2tpd