How to Build l2tpvpn in linux

Article Title: How to build l2tpvpn in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

L2tpd has been configured for the past few days, which is a vpn that supports the l2tp protocol,

However, most articles in China currently focus on the pptpd configuration method,

Here I will introduce how to configure l2tpd in linux,

I hope it will be useful to you:

Server: redhat 9.0 client: windows 2000

L2tpd is a set of linux development support l2tp protocol free software, you can go to the following URL to view detailed introduction to http://www.l2tpd.org

Linux configuration process:

1 download the l2tpd-0.69.tar.gzpackage from http://www.l2tpd.org/download.html

2. Test l2tpd-0.69.tar.gz in the desired installation directory (I am used to installing it in the/tmp/directory. Here I will take the/tmp/directory as an example)

3. Unzip the installation package:

Tar-xvzf l2tpd-0.69.tar.gz/* A l2tpd-0.69 package is generated at this time */

4. Compile:

Make/* The current directory is in/tmp/l2tpd-0.69 */

After this command is executed, an executable file l2tpd will be generated in the/tmp/l2tpd-0.69

5. Create an l2tpd configuration file

Mkdir/etc/l2tp

Cp/tmp/l2tpd-0.69/l2tpd. conf. sample/etc/l2tp/l2tpd. conf

Cp/tmp/l2tpd-0.69/l2tp-secrets.sample/etc/l2tp/l2tp-secrets

Cp/etc/ppp/options. l2tp

6. Content examples of configuration files:

6.1/etc/l2tp/l2tpd. conf content (the semicolon in the file is the annotator ):

[Global]; Global parameters:

Port = 1701; * Bind to port 1701

Auth file =/etc/ppp/chap-secrets; * The configuration file of the user account. Here we use the PPP chap authentication method.

[Lns vpnserver]; Our fallthrough LNS definition

Exclusive = yes; * Only permit one tunnel per host

Ip range = 192.168.254.202-192.168.254.210; * The ip range to be allocated to the remote user, which can be modified as needed

Lac = 0.0.0.0-255.255.255.255.255; the range of the accessible lac. This indicates no limit on the range.

Local ip = 192.168.10.1; * local ip Address

Length bit = yes; * Use length bit in payload?

Require chap = yes; * Require CHAP auth. by peer

Require authentication = yes; * Require peer to authenticate

Name = vpnserver; * local name

Ppp debug = yes; * Turn on PPP debugging

Pppoptfile =/etc/ppp/options. l2tp; * ppp options file

6.2/etc/ppp/options. l2tp content (this file mainly refers to the configuration of the ppp server. The parameter meanings in this file can be viewed using man pppd, which is not described here)

Name JXVPN

Lock

Auth

Debug

Dump

Logfile/var/log/l2tpd. log

Passive

Nodetach

Noccp

Novj

Novjccomp

Nopcomp

Noaccomp

6.3/etc/ppp/chap-secrets is the management file of the user account. You can use it to add and manage users (two examples are given in the file: User: test, password: 123456; user: 111, password: 222 ):

# Secrets for authentication using CHAP

# Client server secret IP addresses

Test * "123456 "*

111*"222 "*

7. Run l2tpd

D/tmp/l2tpd-0.69/

./L2tpd-D/* parameter D indicates that the l2tpd is run on the foreground, and the running information of the entire l2tpd is displayed,

If no D is added, l2tpd runs in the background; for other parameters, see/tmp/l2tpd-0.69/

README in the directory */

Windows 2000 client Configuration:

Because the vpn does not support ipsec, modify the registry of windows 2000:

Add a ProhibitIpSec = 1 "START"-> "run"-> "regedit"-> create a "dubyte value" named "ProhibitIpSec" in the registry ", the value is set to 1, and "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RasMan/Parameters"

Okay, now we can. Currently, the configuration does not support IPSec.

VPN, you can refer to this website:

Http://www.jacco2.dds.nl/

If the configuration is successful, share the configuration method. Thank you! ^_^

In addition, if the problem of access to a neighbor occurs,

It may be a problem with iptables,

Modify the iptables rules.

In addition, you must add an item in the options. l2tp file.

Proxyarp