The following WLAN test is successful in ubuntu11.04:
Install L2TP IPSec VPN
We will use l2tp-ipsec-vpn software for Werner Jaeger
First, open the terminal and execute the following command to install the
1.L2TP the second-tier tunneling protocol is a way to access certificates. You need to install a certificate Server in the VPN server intranet, and then have the VPN server trust the certification authority, and then publish the Certificate Server and download the certificate. VPN clients need access need to download t
/IP-based data network to implement secure data transmission from a remote client to a dedicated Enterprise Server. PPTP supports creating on-demand, multi-protocol, and virtual private networks through public networks (such as the Internet. PPTP allows encrypted IP communication.Encapsulate the IP address header.
Ii. L2TP
Layer 2 Tunneling Protocol (L2TP) is a l
The concept of things here no longer repeat, there are too many online, a key installation script also has a lot, but many can not be used, can be used only in the CentOS6 under the use, CentOS7 basically did not see these installation scripts. Then spent some time to toss the test, write this script to facilitate the VPN after the installation of a key to build. The open source package is Openswan and xl2tpd, and there are many problems in the middle
Tags: cat dem protocol PPP span plugin send add IPSec1. Open Network Preferences2. Click +3. Enter the address and account number of the VPN4. Advanced--Tick send all traffic via VPN link5. Add DNS6. Because the corporate VPN is using the L2TP protocol and is not shared, MacOS needs some configuration to support it, otherwise it will prompt for the loss of the
security gateways between the start and end points of the tunnel. A VPN can be used to provide a VPN when a tunnel is used in combination with data confidentiality.
The encapsulated data packet is transmitted within the tunnel of the network. In this example, the network is Internet. A gateway can be a perimeter gateway between an external Internet and a private network. Perimeter gateways can be routers,
the L2TP or PPTPVPN tunneling technology on IPSec. The SSL protocol for www.2cto.com SSLVPN provides features such as data privacy, endpoint verification, and information integrity. The SSL protocol consists of many sub-protocols, two of which are handshake protocol and record protocol. The handshake protocol allows the server and client to confirm each other be
SSL: Specifies a Data Security score between the Application Protocol (HTTP, telnet, nntp, FTP) and TCP/IP.
Layer mechanism. Provides data encryption, server authentication, message integrity, and optional client authentication for TCP/IP connections.
.Difference between SSL and TLS: TLS can be seen as an upgraded version of SSL. The main difference is that the supported encryption algorithms are different.
SSH: SSH is a protocol used for secure remot
, pay attention to the network conditions between two encrypted tunnels. If there is a high latency or a large number of packet loss, select TCP as the underlying protocol, due to the absence of connection and retransmission mechanisms, UDP protocol is inefficient because it requires the upper-layer protocol to be retransmitted. OpenVPN is a pure application-layer VPN protocol based on SSL encryption. It is a type of ssl
:
2. Add IKE Security Policy
To add a corresponding security policy to the VPN >> IKE >> IKE security policy, you need to follow the following figure to select application Mode, ID type, security proposal, DPD detection, and other parameters, such as preshared key.
Set the following figure:
Click Add when Setup is complete.
Step three, set up IPSec security entries
1. Add
configured, the system prompts: the VPN connection is disconnected and the VPN service is stopped. Tail-f/var/log/syslog found the following error:
g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Solution:
$ sudo systemctl stop strongswan $ sudo ike-scan vpn.xxx.cn
Vpn.xxx.cn is your gateway address. View the output result, find the values of the Enc, Hash, and Group fields, and fil
In the front I sent an article "Juniper Firewall diagram L2TP VPN Configuration", we learned from that article how to configure. But we know that the L2TP VPN is only connected to our L2TP VPN server, but it doesn't encrypt our da
.
[3]
set up
L2TP
server
Click
on VPN > L2TP > L2TP Server , click, set as follows:
Note: The service interface is an outbound interface that can be connected to the Internet, and VPN clients use the IP address of the interface
connection, to tunnel guest ss the Internet to a VPN device on the PPTP server. the second connection requires the first connection because the tunnel between the VPN devices is establishedUsing the modem and PPP connection to the Internet.
The exception to this two-connection requirement is using PPTP to create a virtual private network between computers physically connected to the Private Enterprise Net
/etc/ppp/options. xl2tpd
The content is as follows:
Require-mschap-v2
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
Asyncmap 0
Auth
Crtscts
Lock
Hide-password
Modem
Debug
Name l2tpd
Proxyarp
Lcp-echo-interval 30
Lcp-echo-failure 4
7. edit/etc/ppp/chap-secrets
This configuration file is used to set the VPN user name and password:
Vim/etc/ppp/chap-secrets
The format is as follows:
# Secrets for authentication using CHAP
# Client
The simplest approach is to use a script to configure it step-by-step. I used a script written by Philplckthun, modified the way to get the server IP: the script file.Run under Ubuntu:sh setup. SHAfter the configuration configuration is complete, the server side is ready.Next the client I use Win7, but Win7 has a pit, that is, if there is a router attached, that is, behind the NAT, the default is not connected to
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.