Configure l2tp and ipsec for centos6

Configure l2tp and ipsec for centos6

Some time ago, I had an l2tp + ipsec server. It is summarized as follows.

I. Software Installation

1. Install openswan

Install openswan in yum to install the dependent packages together.

Yum install openswan

2. Install xl2tpd

It is best to use yum for installation, but install the epel source before installation. For specific settings, refer to my previous blog.

Yum install xl2tpd

3. Install ppp

Yum install ppp

Ii. Software Configuration phase

Because I use centos6.2, the kernel is up to date. No need to modify the kernel.

1. Edit the/etc/sysctl. conf file.

Vi/etc/sysctl. conf

Find the following two items:

Net. ipv4.ip _ forward = 0

Net. ipv4.conf. default. rp_filter = 1

Changed:

Net. ipv4.ip _ forward = 1

Net. ipv4.conf. default. rp_filter = 0

Run: sysctl-p to make it take effect

2. Configure ipsec

Vi/etc/ipsec. conf

Change the content in the file to the following:

You may put your configuration (. conf) file in the "/etc/ipsec. d/" and uncomment this.
# Include/etc/ipsec. d/*. conf

Conn % default
Forceencaps = yes

Conn L2TP-PSK-NAT
Rightsubnet = vhost: % no, % priv
Also = L2TP-PSK-noNAT

Conn L2TP-PSK-noNAT
Authby = secret
Pfs = no
Auto = add
Keyingtries = 3
Rekey = no
Ikelifetime = 8 h
Keylife = 1 h
Type = transport
Left = your public ip Address

Leftid = your public ip Address

Leftprotoport = 17/1701
Right = % any
Rightid = % any
Rightprotoport = 17/% any

Set PSK shared key

Vi/etc/ipsec. secrets

Add the following content:

Your server's public ip % any: PSK "your shared key"

3. Adjust network policies

For each in/proc/sys/net/ipv4/conf /*

Do

Echo 0> $ each/accept_redirects

Echo 0> $ each/send_redirects

Done

At the same time, copy the above Code to/etc/rc. local to make it take effect each time.

The edited code is as follows:

! /Bin/sh
#
# This script will be executed * after * all the other init scripts.
# You can put your own initialization stuff in here if you don't
# Want to do the full Sys V style init stuff.

Touch/var/lock/subsys/local
Iptables -- table nat -- append POSTROUTING -- jump MASQUERADE
For each in/proc/sys/net/ipv4/conf /*
Do
Echo 0> $ each/accept_redirects
Echo 0> $ each/send_redirects
Done

/Etc/init. d/ipsec restart

/Etc/init. d/xl2tpd restart
Restart ipsec

Service ipsec restart

Check whether OPENSWAN works properly.

Ipsec verify

Check whether all output results are OK, except that the last one is DISABLED.

4. Configure xl2tpd

Vi/etc/xl2tpd/xl2tpd. conf

[Lns default]
Ip range = 192.168.81.100-192.168.81.150 // your intranet ip address segment
Local ip = 192.168.81.60 // your intranet Port
Require chap = yes
Refuse pap = yes
Require authentication = yes
Name = LinuxVPNserver
Ppp debug = yes
Pppoptfile =/etc/ppp/options. xl2tpd
Length bit = yes

5. Configure ppp

Vi/etc/ppp/chap-secrets

Add username and password:

The format is as follows:

Username * "password "*

Restart xl2tpd.

Service xl2tpd restart

6. Configure iptables

Iptables -- table nat -- append POSTROUTING -- jump MASQUERADE

Restart the server and test it.