CentOS Installation l2tp+ipsec Complete tutorial

CentOS installation l2tp+ipsec Complete tutorial L2TP compared to PPTP is another way of tunneling protocol, some networks under PPTP cannot connect, can try to L2TP, generally on the PC, the use of the experience is no different, The technical principle of the difference please refer to here. It is recommended to use PPTP on PC, it is not possible to try L2TP, the mobile side recommends using L2TP; Installation method: One, one click Script installation (recommended, simple installation) The package version installed is openswan-2.6.38, Xl2tpd-1.2.4vps is required based on Xen or KVM. Note: VPS Based on OpenVZ virtualization technology need to open tun/tap to normal use, when purchasing a VPS, please consult the service provider to open Tun/tap. Detects whether the Tun Module execution command is supported: 1cat/dev/net/tun If the return information is: Cat:/dev/net/tun:file Descriptor in bad state indicates whether the PPP module execution command is supported by normal detection: 1cat/dev/ PPP If the return information is: Cat:/dev/ppp:no Such device or address instructions to start the installation normally: Run the following command in terminal (run as root): 123456cd/rootwget/HTTP Perform wget http://lamp.teddysun.com/files/l2tp_ubuntu.sh lamp.teddysun.com/files/l2tp.sh #CentOS, Fedora, or Redhat system # Ubuntu system executes when this command is executed chmod +x *.sh./l2tp.sh #CentOS, Fedora, or redhat system./l2tp_ubuntu.sh #Ubuntu系统时执行此命令 </p> waiting to appear " Please input ip-range:"set the network segment, general carriage return"please input psk:"set your pre-shared key. After execution, it waits for success and displays the relevant configuration information. The generated password is random, needs to be modified, the implementation of 1vi/etc/ppp/chap-secrets Note: XP users use the L2TP method to log in, you may need to check the computer's IPSec service is turned on normally, if you close go to "Control Panel, management tools- > Services "open up. Second, complete DIY script (advanced user recommended) ① deployment IPSEC1, first install prerequisite dependency package 1yum install make GCC Gmp-devel Bison Flex Lsof2, installing Openswan1234wget HTTP://WWW.OPENSWAN.ORG/DOWNLOAD/OPENSWAN-2.6.38.TAR.GZTAR-ZXVF OPENSWAN-2.6.38.TAR.GZCD openswan-2.6.38make programs install3, edit config file/etc/ipsec.conf1vim/etc/ Ipsec.conf will Protostack=auto, modified to: Protostack=netkey4, at last add: 1234567891011121314151617conn l2tp-psk-natrightsubnet= Vhost:%privalso=l2tp-psk-nonat Conn L2tp-psk-nonatauthby=secretpfs=noauto=addkeyingtries=3rekey=noikelifetime= 8hkeylife=1htype=transportleft=your. SERVER. Ip. Addressleftprotoport=17/1701right=%anyrightprotoport=17/%any which "YOUR. SERVER. Ip. Address "for the external network IP, the same as. 5. Set the shared key PSK Edit Profile/etc/ipsec.secrets:1vim/etc/ipsec.secrets input: YOUR.SERVER.IP.ADDRESS%any:psk "Yoursharedsecret" Modify package forwarding settings 123456for each in/proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/SEND_REDIRECTSD One echo 1 >/proc/sys/net/core/xfrm_larval_drop modifies the kernel settings so that it supports forwarding, editing/etc/sysctl.conf files: 1vim/etc/sysctl.conf will " The value of Net.ipv4.ip_forward "is changed to 1. Make the modification effective: 1sysctl-p Restart Ipsec:1service IPSec Restart view the correct system IPSec installation and startupSex: 1ipsec Verify under normal circumstances do not report [FAILED] is OK. However, if forwarding has confirmed the configuration but still detects checking IP Forwarding failure, you can ignore this error first. ② deployment L2TP (using XL2TPD and RP-L2TP) xl2tpd The latest version already contains L2tp-control, The RP-L2TP does not need to be installed. Install dependent software First: 1yum install libpcap-devel PPP policycoreutils installation xl2tpd and Rp-l2tp:12345678wget http://sourceforge.net/ PROJECTS/RP-L2TP/FILES/RP-L2TP/0.4/RP-L2TP-0.4.TAR.GZTAR-ZXVF RP-L2TP-0.4.TAR.GZCD RP-L2TP-0.4./CONFIGUREMAKECP Handlers/l2tp-control/usr/local/sbin/mkdir/var/run/xl2tpd/ln-s/usr/local/sbin/l2tp-control/var/run/xl2tpd/ L2tp-control Installing Xl2tpd:12345wget http://www.xelerance.com/wp-content/uploads/software/xl2tpd/ XL2TPD-1.3.0.TAR.GZTAR-ZXVF xl2tpd-1.3.0.tar.gzcd xl2tpd-1.3.0makemake Install xl2tpd configuration file: 12mkdir/etc/xl2tpdvim/ etc/xl2tpd/xl2tpd.conf join: 123456789101112[global]ipsec saref = yes [lns default]ip range = 10.82.88.2-10.82.88.254local IP = 10.82.88.1refuse chap = Yesrefuse PAP = yesrequire authentication = YESPPP Debug = Yespppoptfile =/etc/ppp/options.x L2tpdlength bit = yes Configure PPP build OPTIONS.XL2TPD file: 1vim/etc/ppp/optiONS.XL2TPD join: 1234567891011121314#require-mschap-v2 #此处不是必须, Ms-dns 8.8.8.8ms-dns 8.8.4.4asyncmap in non-MS environments 0authcrtsctslockhide-passwordmodemdebugname l2tpdproxyarplcp-echo-interval 30lcp-echo-failure 4 Set Dial user name and password: 1vim/ Etc/ppp/chap-secrets note here that the second column of L2TPD is the name configured above, and if there are any changes, modify it here. 123# Secrets for authentication using chap# client server secret IP addressesmyusername l2tpd mypassword * Last add iptables forwarding rule and save restart 123iptables--table nat--append postrouting--jump masquerade/etc/init.d/iptables save/etc/init.d/iptables Restart start L2TP in debug mode to see if there is an error: 1xl2tpd-d to this point, all installation work has been completed. It is also recommended that the Conn L2tp-psk-nonat section in/etc/ipsec.conf, add the following to resolve a small number of cases connected to the service instability: 12345dpddelay=40dpdtimeout=130dpdaction= Clearleftnexthop=%defaultrouterightnexthop=%defaultroute Note: If the LAN has a second computer can not connect the situation, please restart the IPSec service, 2 units are connected, then the connection is normal. Related articles: 1, l2tp+ipsec One-click installation script: HTTP://TEDDYSUN.COM/135.HTML2, CENTOS LINUX installation configuration L2tp+ipsec http://www.fendou.info/ centos-linux-install-l2tp-ipsec-vpn/

　　

CentOS Installation l2tp+ipsec Complete tutorial