One. PPPOE
1. Server (refer to http://laibulai.iteye.com/blog/1171898)
(1) Installing Rp-pppoe:yum install Rp-pppoe
(2) configuration/etc/ppp/pppoe-server-options, content:
# PPP options for the PPPoE server
# LIC:GPL
Require-pap
Require-chap
Login
Lcp-echo-interval 10
Lcp-echo-failure 2
Logfile/var/log/pppoe.log
<1> Modify/etc/xl2tpd/xl2tpd.conf
[Global]
listen-addr = 45.62.96.30 #改成自己本机的IPipsec saref = yes
[LNS default]ip range = 192.168.1.128-192.168.1.254 #分配的客户端IPlocal ip = 192.168.1.1 #本地IP do not change refuse ch AP = yes #改成refuserefuse pap = yesrequire authentication = Yesname = L2TPPPP Debug = Yespppoptfile =/ Etc/ppp/options.xl2tpdlength bit = yes
<2> Modify/ETC/PPP/OPTIONS.XL2TPD
Ipcp-accept-localipcp-accept-remotems-dns 8.8.8.8ms-dns 8.8.4.4noccpauthcrtsctsdebughide-passwordmodemlockproxyarp
<3> Modify/etc/ipsec.conf Add at the end (note: There are no spaces in front of Conn, other lines are tab blank)
Conn L2tp-psk-nat Rightsubnet=vhost:%priv Also=l2tp-psk-nonat
Conn L2tp-psk-nonat Authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=45.62.96.30 #这边替换成你的本机IP leftprotoport=17/1701 Right=%any rightprotoport=17/%any
<4> Add/etc/ipsec.secrets Pre-defined key (note: There are spaces in front of the PSK)
Vi/etc/ipsec.secrets
45.62.96.30%any:psk "test1234" #ip地址替换成你的本机ip
<5> set up a network policy (I don't understand that either)
Directly in the terminal input
For each in/proc/sys/net/ipv4/conf/*
Do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
Done
<6> Create an account file
Vi/etc/ppp/chap-secrets
Inside the format for (like my)
#用户名 * Password *
Lizhug * 1234567890 *
<7> Modify the System configuration file/etc/sysctl.conf at the end of the add
Net.ipv4.ip_forward = 1
Net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
Net.ipv4.conf.all.log_martians = 0
Net.ipv4.conf.default.log_martians = 0
Net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1 Execution sysctl-p is the above setting to take effect
<8> Modify firewall settings to execute directly at the terminal
Iptables-t nat-a postrouting-o eth0-j masqueradeservice iptables saveservice iptables restart
<9> Test Execution (note: The error of Faild initiallize NSS database was encountered here, the success of the update Nss-tools package was successful: Yum install nss-tools)
IPSec Setup Start
IPSec Verify
The following prompt is OK, if there is a failed, paste Google directly to find ways to modify
[[email protected] ~]# IPSec verify Checking your system to see if IPSec got installed and started correctly:version check and IPSec On-path [Ok]linux Openswan u2.6.32/k (no kernel code presently loaded) Checking for IPSec support in kernel [OK] Saref kernel support [n/a]checking, Pluto is running [OK] Pluto listening-IKE on UDP [OK] Pluto listening for NAT-T on UDP 4500 [ok]checking for ' IP ' command [ok]checking/bin/sh are Not/bin/dash [ok]checking for ' iptables ' command [OK] Opportunistic encryption support [DISABLED]
Restart XL2TP
Service XL2TPD Restart
<10> Open Ports and forwarding < reference:http://blog.csdn.net/musiccow/article/details/22904997>
Execute all of the following commands as they are,
#Allow IPSec trafficiptables-a input-m policy--dir in--pol ipsec-j acceptiptables-a forward-m policy--dir in--pol Ipsec-j accept#do not NAT VPN trafficiptables-t nat-a postrouting-m policy--dir out--pol none-j masquerade#forward ing rules for vpniptables-a forward-i ppp+-P all-m State--state new,established,related-j acceptiptables-a FORWARD -M state--state related,established-j accept#ports for openswan/xl2tpdiptables-a input-m policy--dir in--pol IPSec -p UDP--dport 1701-j acceptiptables-a input-p UDP--dport 500-j acceptiptables-a input-p UDP--dport 4500-j ACCEP T
Iptables-t nat-a postrouting-s 192.168.1.0/24-o Eth0-j Masquerade
Then do the following save Iptables
Service iptables saveservice iptables restart
11. Add a self-starter
Chkconfig xl2tpd onchkconfig iptables onchkconfig IPSec on
2.client
(1) Installation:
Yum Install xl2tpd
Yum Install PPP
(2) Configuration/etc/xl2tpd/xl2tpd.conf
[Lac Testvpn (VPN name)]
name = Wufuqiang; L2TP account
LNS = 192.168.20.10; IP of the L2TP server
Pppoptfile =/ETC/PPP/PEERS/TESTVPN.L2TPD; PPPD the configuration file used when dialing
PPP debug = Yes
(3) VI/ETC/PPP/PEERS/TESTVPN.L2TPD
RemoteName Testvpn
User Wufuqiang
Password 1234567890
Unit 0
Lock
Nodeflate
Nobsdcomp
Noauth
Persist
Nopcomp
Noaccomp
Maxfail 5
Debug
5, the configuration files are built, you can start xl2tpd, note that the start does not mean dialing
Run Mode 1: Run/ETC/INIT.D/XL2TPD start, this startup mode will automatically find/etc/xl2tpd/xl2tpd.conf this configuration file,
Run the way 2:# xl2tpd-c "/your/config_file/path", if you use this method, to ensure the existence of/var/run/xl2tpd/this directory, actually see/etc/init.d/xl2tpd This file can also be seen, If it does not exist, the script will create this directory
6. Start Dialing:
# echo ' C Testvpn ' >/var/run/xl2tpd/l2tp-control
If the dial succeeds, you can see a ppp0 interface through Ifconfig.
7. Disconnect:
# echo ' d testvpn ' >/var/run/xl2tpd/l2tp-control
8, start xl2tpd to dial, the whole process can view the log
Tail-f/var/log/message
Three. PPTN (reference http://www.dabu.info/centos6-4-structures-pptp-vpn.html)
1.server
(1) detection
#modprobe ppp-compress-18 && Echo OK
(2) Installing PPP and Iptables
#yum install-y perl PPP iptables//centos iptables and PPP are installed by default
Version to the Yum List installed PPP display version
PPP 2.4.4 —————— >pptpd 1.3.4
PPP 2.4.5 —————— >pptpd 1.4.0
(3) Installation pptpd
#rpm-UVH http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
#yum Install pptpd
(4) Modify The configuration/etc/ppp/options.pptpd, add the following content
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
(5) configuration file/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# Client Server Secret IP addresses
MyUserName pptpd MyPassword *
MyUserName is your VPN account, MyPassword is your VPN password, * indicates to any IP, remember not to lose this asterisk. I am here according to this format, assuming that my VPN account is Ksharpdabu, the password is sky. So, it should look like this:
Ksharpdabu pptpd Sky *
(6) configuration file/etc/pptpd.conf
Add the following two lines:
Localip 192.168.9.1
Remoteip 192.168.9.11-30//Indicates the VPN client gets the range of IP
Key points:pptpd.conf This configuration file must be guaranteed to end with a blank line, otherwise it will lead to the start of the PPTPD service, "Starting pptpd:", has been stuck on the problem, unable to start the service, remember!
(7) configuration file/etc/sysctl.conf
Change Net.ipv4.ip_forward = 0 to Net.ipv4.ip_forward = 1
Save the modified file
#/sbin/sysctl-p
(8) start PPTP VPN service and Iptables
#/sbin/service pptpd start or #service pptpd start
2.client (Reference https://linuxconfig.org/how-to-establish-pptp-vpn-client-connection-on-centos-rhel-7-linux)
(1) Installing PPTP
Yum Install PPTP
(2) PPTP support module
#modprobe NF_CONNTRACK_PPTP;
Or add a MPPE module:
Modprobe Ppp_mppe
(3) Configuration/etc/ppp/chap-secrets
Admin PPTP Password *
(4) Create the Linuxconfig file in the/etc/ppp/peers/directory, the following is the content
Pty "PPTP 192.168.20.10--NOLAUNCHPPPD"
Name Wfqgtxvpn
RemoteName pptpd
require-mppe-128
File/etc/ppp/options.pptp
Ipparam Linuxconfig
(5) connection
#pppd Call Linuxconfig
Viewing/var/log/messages logs, parsing errors
(6) Disconnect
#pkill PPPD
PPTP&L2TP&PPPOE Client and Server configure
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
