Due to the company's network restrictions, a lot of information could not be found, so I decided to build a VPN over the wall, but the domestic VPN is really not flattering, stability is called a poor ~ A friend just recommended a foreign VPS host and checked it out. The node in Tokyo, Japan was very fast and he decided to start one. Based on the principle of self-help and rich clothes, after I built the Debian 7 System on VPS, I began to build my VPN Server. I have to say that this is not a difficult task, however, the configuration tutorial provided by Du Niang is too bad. I don't understand it, it's messy, and the layout is still messy. So I recorded my own configuration process today, I hope to help my friends who have the same requirements. OK. Go to the topic and Let's Go ~!
1. When installing OpenSWAN sudo apt-get install openswan, If you ask: Use an X.509 certificate for this host, the answer is NO. 1.1 configure the sysctl parameter sudo mv/etc/sysctl. conf/etc/sysctl. conf. baksudo vim/etc/sysctl. conf ----------- enter the following content ------------- net. ipv4.ip _ forward = 1net. ipv4.conf. all. accept_redirects = 0net. ipv6.conf. all. accept_redirects = 0net. ipv4.conf. all. send_redirects = 0
1.2 load the sysctl parameter sysctl-p
Sudo bash-c 'for each in/proc/sys/net/ipv4/conf /*
Do
Echo 0> $ each/accept_redirects
Echo 0> $ each/send_redirects
Done
'
1.3 generate iptables and configure sudo mv/etc/rc. local/etc/rc. local. bak
Sudo vim/etc/rc. local
----------- Enter the following content -------------
#! /Bin/sh-e
Iptables-t nat-a postrouting-s 10.1.1.0/24-o eth0-j MASQUERADE
Exit 0 # Add execution permission and run Configuration
Sudo chmod + x/etc/rc. local
Sudo/etc/rc. local
1.4 configure ipsec. secrets sudo mv/etc/ipsec. secrets/etc/ipsec. secrets. bak
Sudo vim/etc/ipsec. secrets
----------- Enter the following content -------------
# Replace the IP address and password with the server IP address and the Set Password
111.222.333.444% any: PSK "0123456" # The password here is the server's shared key, which is provided from time to time during connection.
1.5 configure ipsec. conf sudo mv/etc/ipsec. conf/etc/ipsec. conf. bak
Sudo vim/etc/ipsec. conf
----------- Enter the following content -------------
Version 2.0:
Config setup
Nat_traversal = yes
Virtual_private = % v4: 10.0.0.0/8, % v4: 192.168.0.0/16, % v4: 172.16.0.0/12
Oe = off
Protostack = netkey
Conn L2TP-PSK-NAT
Rightsubnet = vhost: % priv
Also = L2TP-PSK-noNAT
Conn L2TP-PSK-noNAT
Authby = secret
Pfs = no
Auto = add
Keyingtries = 3
Rekey = no
Ikelifetime = 8 h
Keylife = 1 h
Type = transport
Left = 111.222.333.444 # change to server ip Address
Leftprotoport = 17/1701
Right = % any
Rightprotoport = 17/% any 1.6 activate the ipsec service sudo update-rc.d ipsec defaults
2. install xl2tpd sudo apt-get install xl2tpd 2.1 and configure xl2tpd. conf sudo mv/etc/xl2tpd/xl2tpd. conf/etc/xl2tpd/xl2tpd. conf. bak
Sudo vim/etc/xl2tpd/xl2tpd. conf
----------- Enter the following content -------------
[Global]
Ipsec saref = yes
[Lns default]
Ip range = 10.1.1.2-10.1.1.255
Local ip = 10.1.1.1
Refuse chap = yes
Refuse pap = yes
Require authentication = yes
Ppp debug = yes
Pppoptfile =/etc/ppp/options. xl2tpd
Length bit = yes2.2 configure options. xl2tpd sudo mv/etc/ppp/options. xl2tpd/etc/ppp/options. xl2tpd. bak
Sudo vim/etc/ppp/options. xl2tpd
----------- Enter the following content -------------
Require-mschap-v2
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
Asyncmap 0
Auth
Crtscts
Lock
Hide-password
Modem
Debug
Name l2tpd
Proxyarp
Lcp-echo-interval 30
Lcp-echo-failure 4
2.3 configure chap-secrets sudo mv/etc/ppp/chap-secrets/etc/ppp/chap-secrets.bak
Sudo vim/etc/ppp/chap-secrets
----------- Enter the following content -------------
# User server password ip
User1 l2tpd 123456 *
User 2 l2tpd 123456 *
2.4 start L2TP server sudo invoke-rc.d xl2tpd restart
Sudo invoke-rc.d ipsec restart 2.5 verify server status sudo ipsec verify displays the following information: Checking your system to see if IPsec got installed and started correctly: version check and ipsec on-path [OK] Linux Openswan U2.6.28/K2.6.32.16-linode28 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'IP' command [OK] Checking for 'iptable' command [OK] Opportunistic Encryption Support [DISABLED]
In this way, the VPN configuration is successful. Next, you can log on with the two created users, ueer1 and user2. Select L2TP for logon ~~ Hey ~~ Now, the configuration is complete. It's very easy ~~!
This post is original. Please describe the source of this post. Thank you for your cooperation.
This post address: http://blog.csdn.net/sonsie007/article/details/16932017
Recommended reading: RoadWarrior mode for IPSecVPN using OpenSWAN in CentOS6.3