l2tp vpn server搭建教程

时间:2024-10-06 07:17:02

安装l2tp

sudo apt install xl2tpd

sudo apt install strongswan

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp

sudo apt install network-manager-l2tp

修改配置文件

然后是配置部分了,需要用sudo权限来修改下面几个文件:

(1) 编辑/etc/

conn L2TP-IPSEC

    authby=secret

    auto=add

    keyingtries=3

    ikelifetime=8h

    keylife=1h

    ike=aes128-sha256-modp3072

    esp=aes128-sha256

    type=transport

    #Replace IP address with your current IP used for L2TP connection

    left=192.168.10.162

    leftsubnet=192.168.10.0/24[17/1701]

    #Replace IP address with the remote end to connect this server

    right=192.168.2.0/24

    rightsubnet=192.168.2.0/24[17/%any]

    dpddelay=30s

    dpdtimeout=150s

dpdaction=clear

(2) 编辑/etc/,设置ipsec的预共享秘钥

# This file holds shared secrets or RSA private keys for authentication.

 

# RSA private key for this host, authenticating it to any other host

# which knows the public part.

#the selector is optional

192.168.10.162 192.168.2.0/24 : PSK "anyk-xgpon-unicom"

(3) 编辑/etc/ppp/options.xl2tpd.  l2tp是为PPPpoint to point protocol)提供隧道服务的,所以ppp相关的配置也要设置。

require-mschap-v2

refuse-mschap

ms-dns 127.0.0.53

asyncmap 0

auth

crtscts

idle 1800

mtu 1410

mru 1410

hide-password

local

modem

lock

name l2tpd

connect-delay 5000

lcp-echo-interval 30

lcp-echo-failure 4

4)编辑/etc/xl2tpd/

[global]

ipsec saref = no

debug tunnel = no

debug avp = no

debug network = no

debug state = no

access control = no

rand source = dev

port = 1701

auth file = /etc/ppp/chap-secrets

 

[lns default]

ip range = 192.168.18.1 - 192.168.18.254

local ip = 192.168.18.162

name = l2tp

pass peer = yes

refuse pap = yes

refuse chap = yes

require authentication = yes

ppp debug = no

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

lns是指L2TP network server,即本机。和它对应的另一端是lac,即L2TP access concentrator,可以理解为客户端。

ip range是指lns在和lac建立连接后,将给其分配的地址区间。

local ip是指lns给本机分配的ip address

5)编辑/etc/ppp/chap-secrets,填写客户端连接时的用户名和密码

# Secrets for authentication using CHAP

# client        server        secret                  IP addresses

  test           *          123456                   *

最后,重启xl2tpdipsec服务

$sudo service xl2tpd restart
$sudo service ipsec restart 

 这个l2tp服务器应该已经运行起来了。查看其运行状态

$sudo service xl2tpd status