前面一篇本博客已经提到--OpenVZ VPS怎样搭建PPTP VPN
今天在这里给大家介绍下l2tp ipsec vpn的搭建教程。下面说下我们需要的一些载体:
运行环境:centos 5.7 32bit【redhat系都可以用】
1、首先安装必要的包。
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced2、下载安装openswan.
wget http://www.openswan.org/download/openswan-2.6.24.tar.gztar zxvf openswan-2.6.24.tar.gz cd openswan-2.6.24 make programs install3、安装xl2tpd。[这里可能有的筒子们用的编译的,不过安装扩展源之后直接安装岂不是更方便]
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm [centos 5x] rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm [centos 6x]
yum install xl2tpd4、各种修改配置文件了。编辑 /etc/ipsec.conf 注意$vpsip替换成你机器的ip,贴出配置文件,大家修改就好了。
config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=$vpsip leftprotoport=17/1701 right=%any rightprotoport=17/%any5、编辑 /etc/ipsec.secrets注意$vpsip替换成你机器的ip, $psk缓存你想设置的密钥
$vpsip %any: PSK "$psk"6、修改/etc/sysctl.conf,添加转发补丁等功能。注意这里的你参照你文件内容的改,没有的添加。
net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 17、修改完成后,运行如下命令使之生效。
sysctl -p8、验证ipsec运行。
ipsec setup restart ipsec verify输出以下内容就表示配置成功了
Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K2.6.32.16-linode28 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]9、编辑 /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes listen-addr = $vpsip [lns default] ip range = 10.1.88.2-10.1.88.254 local ip = 10.1.88.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes10、编辑 /etc/ppp/options.xl2tpd
require-mschap-v2 ms-dns 208.67.222.222 ms-dns 208.67.220.220 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 411、设置用户名,密码:编辑 /etc/ppp/chap-secrets
# user server password ip username * userpass * #改成你的用户名 密码12、重启xl2tpd
service xl2tpd restart13、设置iptables。
iptables --table nat --append POSTROUTING --jump MASQUERADE
service iptables save service iptables restart
chkconfig xl2tpd on chkconfig iptables on chkconfig ipsec on好吧,搭建完成,现在测试一下吧,有条件的筒子们可以把有限的资源提供给无尽的网络,提供免费vpn哦,如果有任何配置上的问题,可以联系我,我们共同研究!
原文:http://www.seevpn.com/article-127.html
--
Posted By GFW BLOG 功夫网与翻墙 to GFW BLOG(功夫网与翻墙) at 3/31/2013 04:47:00 PM --
--
1、翻墙利器赛风3下载地址: http://dld.bz/caonima326 ,http://dld.bz/caonima745/
2、我们的订阅地址:http://feeds2.feedburner.com/chinagfwblog
3、停止订阅,请发邮件到
gfw-blog+unsubscribe@googlegroups.com
翻越防火长城,你可以到达世界上的每一个角落。(Across the Great Firewall, you can reach every corner in the world.)
---
您收到此邮件是因为您订阅了 Google 网上论坛的"GFW Blog"论坛。
要退订此论坛并停止接收此论坛的电子邮件,请发送电子邮件到 gfw-blog+unsubscribe@googlegroups.com。
要查看更多选项,请访问 https://groups.google.com/groups/opt_out。
没有评论:
发表评论