Article Title: How to build l2tpvpn in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
L2tpd has been configured for the past few days, which is a vpn that supports the l2tp protocol,
However, most articles in China currently focus on the pptpd configuration method,
Here I will introduce how to configure l2tpd in linux,
I hope it will be useful to you:
Server: redhat 9.0 client: windows 2000
L2tpd is a set of linux development support l2tp protocol free software, you can go to the following URL to view detailed introduction to http://www.l2tpd.org
Linux configuration process:
1 download the l2tpd-0.69.tar.gzpackage from http://www.l2tpd.org/download.html
2. Test l2tpd-0.69.tar.gz in the desired installation directory (I am used to installing it in the/tmp/directory. Here I will take the/tmp/directory as an example)
3. Unzip the installation package:
Tar-xvzf l2tpd-0.69.tar.gz/* A l2tpd-0.69 package is generated at this time */
4. Compile:
Make/* The current directory is in/tmp/l2tpd-0.69 */
After this command is executed, an executable file l2tpd will be generated in the/tmp/l2tpd-0.69
5. Create an l2tpd configuration file
Mkdir/etc/l2tp
Cp/tmp/l2tpd-0.69/l2tpd. conf. sample/etc/l2tp/l2tpd. conf
Cp/tmp/l2tpd-0.69/l2tp-secrets.sample/etc/l2tp/l2tp-secrets
Cp/etc/ppp/options. l2tp
6. Content examples of configuration files:
6.1/etc/l2tp/l2tpd. conf content (the semicolon in the file is the annotator ):
[Global]; Global parameters:
Port = 1701; * Bind to port 1701
Auth file =/etc/ppp/chap-secrets; * The configuration file of the user account. Here we use the PPP chap authentication method.
[Lns vpnserver]; Our fallthrough LNS definition
Exclusive = yes; * Only permit one tunnel per host
Ip range = 192.168.254.202-192.168.254.210; * The ip range to be allocated to the remote user, which can be modified as needed
Lac = 0.0.0.0-255.255.255.255.255; the range of the accessible lac. This indicates no limit on the range.
Local ip = 192.168.10.1; * local ip Address
Length bit = yes; * Use length bit in payload?
Require chap = yes; * Require CHAP auth. by peer
Require authentication = yes; * Require peer to authenticate
Name = vpnserver; * local name
Ppp debug = yes; * Turn on PPP debugging
Pppoptfile =/etc/ppp/options. l2tp; * ppp options file
6.2/etc/ppp/options. l2tp content (this file mainly refers to the configuration of the ppp server. The parameter meanings in this file can be viewed using man pppd, which is not described here)
Name JXVPN
Lock
Auth
Debug
Dump
Logfile/var/log/l2tpd. log
Passive
Nodetach
Noccp
Novj
Novjccomp
Nopcomp
Noaccomp
6.3/etc/ppp/chap-secrets is the management file of the user account. You can use it to add and manage users (two examples are given in the file: User: test, password: 123456; user: 111, password: 222 ):
# Secrets for authentication using CHAP
# Client server secret IP addresses
Test * "123456 "*
111*"222 "*
7. Run l2tpd
D/tmp/l2tpd-0.69/
./L2tpd-D/* parameter D indicates that the l2tpd is run on the foreground, and the running information of the entire l2tpd is displayed,
If no D is added, l2tpd runs in the background; for other parameters, see/tmp/l2tpd-0.69/
README in the directory */
Windows 2000 client Configuration:
Because the vpn does not support ipsec, modify the registry of windows 2000:
Add a ProhibitIpSec = 1 "START"-> "run"-> "regedit"-> create a "dubyte value" named "ProhibitIpSec" in the registry ", the value is set to 1, and "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RasMan/Parameters"
Okay, now we can. Currently, the configuration does not support IPSec.
VPN, you can refer to this website:
Http://www.jacco2.dds.nl/
If the configuration is successful, share the configuration method. Thank you! ^_^
In addition, if the problem of access to a neighbor occurs,
It may be a problem with iptables,
Modify the iptables rules.
In addition, you must add an item in the options. l2tp file.
Proxyarp