安裝需要的軟體:
$ sudo apt-get install pptpd openswan xl2tpd ppp
PPTP:
$ sudo vim /etc/pptpd.conf
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
$ sudo vim /etc/ppp/pptpd-options
# …
ms-dns 8.8.8.8
# …
logfile /var/log/pptpd.log
$ sudo touch /var/log/pptpd.log
$ sudo vim /etc/ppp/chap-secrets
# PPTP
username pptpd password *
# L2TP
username l2tpd password *
其中 username, password 都是明碼
IPSEC/L2TP:
$ sudo su
$ echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
$ echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf
$ echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf
$ for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
$ sysctl -p
$ sudo vim /etc/rc.local
for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
iptables --table nat --append POSTROUTING --jump MASQUERADE
$ sudo vim /etc/ipsec.conf
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=SERVER_IP
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
$ sudo vim /etc/ipsec.secrets
SERVER_IP %any: PSK "L2TP_PRIVATE_KEY"
$ sudo vim /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
;require chap = yes
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
$ sudo vim /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
重啟相關服務:
$ sudo service pptpd restart
Restarting PPTP:
Stopping PPTP: pptpd.
Starting PPTP Daemon: pptpd.
$ sudo service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.6.37...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
$ sudo service xl2tpd restart
Restarting xl2tpd: xl2tpd.
服務驗證:
$ sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.2.0-58-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
沒有留言:
張貼留言