CentOS 配置PPTP和L2TP服务器

参考:
CentOS 5.5配置PPTP VPN服务端及客户端

IPSEC+L2TPD安装配置


1、安装OpenSwan

   # yum install openswan

配置/etc/ipsec.conf

内容如下:

version 2.0

config setup

    nat_traversal=yes

    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

    oe=off

    protostack=netkey

 

conn L2TP-PSK-NAT

    rightsubnet=vhost:%priv

    also=L2TP-PSK-noNAT

 

conn L2TP-PSK-noNAT

    authby=secret

    pfs=no

    auto=add

    keyingtries=3

    rekey=no

    ikelifetime=8h

    keylife=1h

    type=transport

    left=192.168.1.100

    leftprotoport=17/1701

    right=%any

    rightprotoport=17/%any

说明:192.168.1.100为VPN服务器外网IP

配置 PSK /etc/ipsec.secrets

内容如下:

    192.168.1.100 %any: PSK "pass"

配置包转发

 for i in /proc/sys/net/ipv4/conf/*

do

echo 0 > $i /accept_redirects

echo 0 > $i /send_redirects

   done

   echo 1 > /proc/sys/net/ipv4/ip_forward 

测试IPSEC是否成功

   # /etc/init.d/ipsec start

   # ipsec verify

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.32/K2.6.18-194.8.1.el5 (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing for disabled ICMP send_redirects              [OK]

NETKEY detected, testing for disabled ICMP accept_redirects     [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Two or more interfaces found, checking IP forwarding            [OK]

Checking NAT and MASQUERADEing                                  [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]


无FAIL,则配置成功

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/927305893f32095bc417b0285ae51d2c.html