一、定义第二层隧道协议(L2TP,Layer Two Tunneling Protocol)是一种数据链路层隧道协议,,通常用于虚拟专用网。L2TP协议自身不对传输的数据进行加密,但是可以和加密协议搭配使用,从而实现数据的加密传输。经常与L2TP协议搭配的加密协议是IPsec,当这两个协议搭配使用时,通常合称L2TP/IPsec。
二、安装过程1.安装配置openswan
apt-get install openswan //一直按回车即可
apt-get install libgmp3-dev gawk flex bison
wget
tar xf openswan-2.6.24.tar.gz
cd openswan-2.6.24
make programs
make install cat >/etc/ipsec.conf<<EOFversion 2.0config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey
conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=1.1.1.1 //替换成你的VPSIP leftid=1.1.1.1 //替换成你的VPSIP leftprotoport=17/1701 right=%any rightid=%any rightprotoport=17/%anyEOFcat >/etc/ipsec.secrets<<EOF
1.1.1.1 %any: PSK “jiaozhudotorg”EOF 修改sysctl.confnet.ipv4.ip_forward = 1net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.default.accept_redirects = 0sysctl -p //立即生效重启ipsec,验证是否配置成功!/etc/init.d/ipsec restartipsec verify 2.安装l2tpdapt-get install xl2tpdcat >/etc/xl2tpd/xl2tpd.conf<<EOF[global]port = 1701listen-addr =1.1.1.1; //替换ipsec saref = yes
[lns default]ip range = 10.168.2.5-10.168.2.254local ip = 10.168.2.1;require chap = yesrefuse chap = yesrefuse pap = yesrequire authentication = yesppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yesEOF
cat >/etc/ppp/options.xl2tpd<<EOFrequire-mschap-v2ms-dns 8.8.8.8ms-dns 8.8.4.4asyncmap 0authcrtsctslockhide-passwordmodemdebugname l2tpdproxyarpmtu 1410mru 1410nodefaultroutelcp-echo-interval 30lcp-echo-failure 6#idle 1800connect-delay 10000EOF
3.添加VPN的访问用户!cat >>/etc/ppp/chap-secrets<<EOF
user * 123456 * EOF重启l2tpd/etc/init.d/xl2tpd restart
补充:由于防火墙设置不当,启动xl2tpd之后造成nginx打开出现502的现象,添加下面一条记录后解决问题,照样将1.1.1.1替换成你vps的IP
iptables -t nat -A POSTROUTING -s 10.168.2.0/24 -j SNAT –to-source “1.1.1.1”
远离城市的喧嚣,寻找一份宁静,