位置:首页>SEO优化 > Google > 正文

[centos 7]centos l2tp/ipsec vpn 安装配置详解

时间:2020-09-17  来源:Google  阅读:

说到VPN,就会想到google,满心的疼。以前写过一篇关于vpn的文单,请参考:centos5.5 vpn 安装配置详解,这篇文章是讲pptp的,pptp走的是tcp,l2tp走的是udp。pptp用的时间长了,就会间断性的被墙。

一,安装xl2tpd openswan

# yum install xl2tpd openswan ppp 
如果没有安装包,安装epel源,在这里不多说了,在博客里面搜索一下

二,配置ipsec

1,配置ipsec.conf


[root@network ipsec.d]# cat /etc/ipsec.conf 
version 2.0 
 
config setup 
 nat_traversal=yes 
 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 
 oe=off 
 protostack=netkey 
 
conn L2TP-PSK-NAT 
 rightsubnet=vhost:%priv 
 also=L2TP-PSK-noNAT 
 
conn L2TP-PSK-noNAT 
 authby=secret 
 pfs=no 
 auto=add 
 keyingtries=3 
 rekey=no 
 ikelifetime=8h 
 keylife=1h 
 type=transport 
 left=192.168.10.202      //VPN服务端IP,填外网IP就行了 
 leftprotoport=17/1701 
 right=%any 
 rightprotoport=17/%any 

2,设置 PSK共享密钥


[root@network ipsec.d]# cat /etc/ipsec.secrets 
192.168.10.202 %any: PSK "sec123" 
外网IP,%any表示任何人可以连接,共享密码sec123,注意双引号

3,调整网络策略


# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1    //将0改为1 
 
# sysctl -p   //立马生效 
开启转发


# vim /etc/ipsec.d/net.sh  //加入以下内空 
for each in /proc/sys/net/ipv4/conf/* 
do 
echo 0 > $each/accept_redirects 
echo 0 > $each/send_redirects 
done 
 
# chmod +x /etc/ipsec.d/net.sh 
# sh /etc/ipsec.d/net.sh 

4,启动ipsec,并验证


[root@network ipv4]# /etc/init.d/ipsec start   
 
[root@network ipv4]# ipsec verify 
Checking your system to see if IPsec got installed and started correctly: 
Version check and ipsec on-path                                 [OK] 
Linux Openswan U2.6.32/K2.6.32-431.el6.x86_64 (netkey) 
Checking for IPsec support in kernel                            [OK] 
 SAref kernel support                                           [N/A] 
 NETKEY:  Testing for disabled ICMP send_redirects              [OK] 
NETKEY detected, testing for disabled ICMP accept_redirects     [OK] 
Checking that pluto is running                                  [OK] 
 Pluto listening for IKE on udp 500                             [OK] 
 Pluto listening for NAT-T on udp 4500                          [OK] 
Checking for "ip" command                                       [OK] 
Checking /bin/sh is not /bin/dash                               [OK] 
Checking for "iptables" command                                 [OK] 
Opportunistic Encryption Support                                [DISABLED] 
ipsec verify如果没有出现failed,就说明ipsec安装成功了。


三,配置xl2tpd


[root@network ipv4]# cat /etc/xl2tpd/xl2tpd.conf 
[global] 
ipsec saref = no 
 
[lns default] 
local ip = 192.168.10.202             //服务端IP, 
ip range = 192.168.0.128-192.168.0.254   //客户端IP段 
refuse chap = yes 
refuse pap = yes 
require authentication = yes 
ppp debug = yes 
pppoptfile = /etc/ppp/options.xl2tpd 
length bit = yes 
 
[root@network ipv4]# /etc/init.d/xl2tpd start  //启动 

四,配置ppp

1,配置options.xl2tpd


[root@network ipv4]# cat /etc/ppp/options.xl2tpd 
require-mschap-v2 
ms-dns 8.8.8.8 
ms-dns 8.8.4.4 
asyncmap 0 
auth 
crtscts 
lock 
hide-password 
modem 
debug 
name l2tpd 
proxyarp 
lcp-echo-interval 30 
lcp-echo-failure 4 
2,添加VPN用户
# cat >>/etc/ppp/chap-secrets< > vpnuser * 111111 * 
> EOF 

五,配置iptables snet

# iptables -t nat -I POSTROUTING 1 -j SNAT -s 192.168.0.0/24 --to 192.168.10.202 
# iptables-save 
六,加入开机启动
# chkconfig ipsec on 
# chkconfig xl2tpd on 
# cat >>/etc/rc.local< sh /etc/ipsec.d/net.sh 
EOF 
看一下,win7连接的效果图,l2tp客户 端连接比较麻烦的

[centos 7]centos l2tp/ipsec vpn 安装配置详解

http://m.bbyears.com/seo/99260.html

推荐访问:centos7关闭防火墙 centos下载 centos7安装

上一篇:[oracle数据库安装]oracle数据库错误ora-00600 恢复案例

下一篇:golang教程|Golang中seek使用方法详解

相关阅读 猜你喜欢
本类排行 本类最新