一、安装软件
yum install -y openswan ppp xl2tpd
二、配置ipsec
1.配置ipsec.conf
cat /etc/ipsec.conf
config setup
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
oe=off
conn %default
Forceencaps=yes
conn L2TP-PSK-NAT [定义一个VPN的连接,L2TP-PSK-noNAT是这个连接的名字]
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add [ipsec启动后,VPN1连接处于等待状态]
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=133.3.5.16 [外网ip]
leftprotoport=17/1701 [vpn服务器端口]
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
2.配置IPSec预共享密钥
cat /etc/ipsec.secrets
121.46.20.249 %any: PSK "good321"
[外网ip] [共享秘钥]
3.修改包转发设置
for each in /proc/sys/net/ipv4/conf/*; do echo 0 > $each/accept_redirects; echo 0 > $each/send_redirects ; done
4.重启IPSec并验证
service ipsec restart
ipsec verify [输出以下内容则正常]
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 2.6.32-279.el6.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding[OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]
常见验证失败解决办法
1.Two or more interfacesfound, checking IP forwarding [Failed]
echo 1 > /proc/sys/net/ipv4/ip_forward [不需要重启服务]
vi /etc/sysctl.conf [修改成以下内容]
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
2. Checking that pluto isrunning [Failed]
cd /var/run/pluto
ipsec pluto [生成pluto.ctl文件]
ipsec verify
(责任编辑:最模板) |
CentOS搭建L2TP VPN
时间:2016-10-16 19:43来源:未知 作者:最模板编辑 点击:次
一、安装软件 yum install -y openswan ppp xl2tpd 二、配置ipsec 1.配置ipsec.conf cat /etc/ipsec.conf config setup protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
- 热点内容
-
- CentOS无法正常启动提示invalid user:
CentOS测试一些功能,执行了一个程序,导致CentOS系统内存暴涨,...
- 为什么WDCP一直显示内存满掉几乎用
1、如图:在WDCP的首页显示系统信息处,可以看到内存使用几乎...
- ldap轻量级路径访问协议
支持TCP/IP协议,通过树状结构存储数据,方便访问 数据存储的基...
- centos7安装sphinx2.2.11
正常编译 cd /usr/local/src/sphinx ./configure --prefix=/usr/local/sphinx make...
- Nginx/Apache服务器屏蔽IP与IP段
服务器中需要针对某个IP或者某个IP段屏蔽,直接可以在Nginx和...
- CentOS无法正常启动提示invalid user:
- 随机模板
-
-
ecshop精仿京东商城模板2
人气:1362
-
仿麦包包shopex模板
人气:427
-
Destoon B2B行业分类29328条阿
人气:3376
-
ecshop蔬菜水果商城程序模
人气:2469
-
dedecms中英双语蓝简企业网
人气:676
-
ecshop高仿趣玩模板|ecshop礼
人气:988
-