L2TP: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
(Die Seite wurde geleert.)
 
(42 dazwischenliegende Versionen von 8 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=Server=
 
  
==Installation==
 
apt-get install  xl2tpd ppp openswan
 
==Openswan==
 
cat /etc/ipsec.conf
 
version 2.0
 
config setup
 
    nat_traversal=yes
 
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
 
    oe=off
 
    protostack=netkey
 
conn l2tp
 
    authby=secret
 
    pfs=no
 
    auto=add
 
    type=transport
 
    left=XXX.XXX.XXX.XXX
 
    leftprotoport=17/1701
 
    right=%any
 
    rightprotoport=17/%any
 
 
cat /etc/ipsec.secrets
 
XXX.XXX.XXX.XXX  %any : PSK "1234"
 
==XL2TP==
 
cat /etc/xl2tpd/xl2tpd.conf
 
 
[global]
 
ipsec saref = yes
 
 
[lns default]
 
ip range = 10.1.2.2-10.1.2.255
 
local ip = 10.1.2.1
 
refuse chap = yes
 
refuse pap = yes
 
require authentication = yes
 
ppp debug = yes
 
pppoptfile = /etc/ppp/options.xl2tpd
 
length bit = yes
 
 
==PPP==
 
cat /etc/ppp/options.xl2tpd
 
 
require-mschap-v2
 
ms-dns 192.168.240.21
 
ms-dns 192.168.240.22
 
asyncmap 0
 
auth
 
crtscts
 
lock
 
hide-password
 
modem
 
debug
 
name l2tpd
 
proxyarp
 
lcp-echo-interval 30
 
lcp-echo-failure 4
 
 
cat /etc/ppp/chap-secrets
 
 
xinux        l2tpd      "geheimes-passwort"       *
 
l2tpd        xinux   "geheimes-passwort"       *
 
 
=Client=
 
==Installation==
 
apt-get install  xl2tpd ppp openswan
 
==ipsec==
 
cat /etc/ipsec.conf
 
version 2.0 # conforms to second version of ipsec.conf specification
 
config setup
 
dumpdir=/var/run/pluto/
 
protostack=netkey
 
nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
 
oe=off
 
       
 
conn  yourconn
 
authby=secret
 
      pfs=no
 
      auto=add
 
      keyingtries=3
 
      dpddelay=30
 
      dpdtimeout=120
 
      dpdaction=clear
 
      rekey=yes
 
      ikelifetime=8h
 
      keylife=1h
 
      type=transport
 
      left=%defaultroute
 
      leftprotoport=17/1701
 
      right=yourvpnserver.com
 
      rightprotoport=17/1701
 
 
cat /etc/ipsec.secrets
 
%any yourvpnserver.com : PSK "pissespisse"
 
==xl2tp==
 
cat /etc/xl2tpd/xl2tpd.conf
 
[lac vpn-connection]
 
lns = yourvpnserver.com
 
ppp debug = yes
 
pppoptfile = /etc/ppp/options.l2tpd.client
 
length bit = yes
 
==ppp==
 
cat /etc/ppp/options.l2tpd.client
 
ipcp-accept-local
 
ipcp-accept-remote
 
refuse-eap
 
require-mschap-v2
 
noccp
 
noauth
 
idle 1800
 
mtu 1410
 
mru 1410
 
defaultroute
 
usepeerdns
 
debug
 
lock
 
connect-delay 5000
 
name xinux
 
password suxer
 
 
==Start Script==
 
#!/bin/bash
 
  case $1 in
 
start)
 
  /etc/init.d/ipsec restart
 
  sleep 1
 
  ipsec auto --up yourconn
 
  sleep 1
 
  /etc/init.d/xl2tpd start
 
  sleep 1
 
  echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
 
  sleep 5
 
  ip route add 192.168.240.0/21 via 172.28.6.1
 
;;
 
stop)
 
  ip route del 192.168.240.0/21
 
  echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control
 
  /etc/init.d/xl2tpd stop
 
  ipsec auto --down yourconn
 
  /etc/init.d/ipsec stop
 
;;
 
esac
 
 
 
Quellen:
 
*http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu
 
*http://pleasefeedthegeek.wordpress.com/2012/04/21/l2tp-ubuntu-server-setup-for-ios-clients/
 
*http://www.jacco2.dds.nl/networking/linux-l2tp.html
 
*https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup
 
*http://bailey.st/blog/2011/07/14/connecting-to-a-l2tpipsec-vpn-from-ubuntu-desktop/
 

Aktuelle Version vom 7. September 2017, 09:22 Uhr

Abgerufen von „https://xinux.net/index.php?title=L2TP&oldid=13892