L2TP: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→ipsec) |
(→ipsec) |
||
Zeile 89: | Zeile 89: | ||
left=%defaultroute | left=%defaultroute | ||
leftprotoport=17/1701 | leftprotoport=17/1701 | ||
− | right= | + | right=yourvpnserver.com |
rightprotoport=17/1701 | rightprotoport=17/1701 | ||
+ | |||
+ | cat /etc/ipsec.secrets | ||
+ | %any yourvpnserver.com : PSK "pissespisse" | ||
+ | ==xl2tp== | ||
+ | cat /etc/xl2tpd/xl2tpd.conf | ||
+ | [lac vpn-connection] | ||
+ | lns = yourvpnserver.com | ||
+ | ppp debug = yes | ||
+ | pppoptfile = /etc/ppp/options.l2tpd.client | ||
+ | length bit = yes | ||
+ | ==ppp== | ||
+ | cat /etc/ppp/options.l2tpd.client | ||
+ | ipcp-accept-local | ||
+ | ipcp-accept-remote | ||
+ | refuse-eap | ||
+ | require-mschap-v2 | ||
+ | noccp | ||
+ | noauth | ||
+ | idle 1800 | ||
+ | mtu 1410 | ||
+ | mru 1410 | ||
+ | defaultroute | ||
+ | usepeerdns | ||
+ | debug | ||
+ | lock | ||
+ | connect-delay 5000 | ||
+ | name xinux | ||
+ | password suxer | ||
==Start Script== | ==Start Script== |
Version vom 31. Oktober 2012, 23:56 Uhr
Server
Installation
apt-get install xl2tpd ppp openswan
Openswan
cat /etc/ipsec.conf version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn l2tp authby=secret pfs=no auto=add type=transport left=XXX.XXX.XXX.XXX leftprotoport=17/1701 right=%any rightprotoport=17/%any
cat /etc/ipsec.secrets XXX.XXX.XXX.XXX %any : PSK "1234"
XL2TP
cat /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes [lns default] ip range = 10.1.2.2-10.1.2.255 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
PPP
cat /etc/ppp/options.xl2tpd require-mschap-v2 ms-dns 192.168.240.21 ms-dns 192.168.240.22 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4
cat /etc/ppp/chap-secrets xinux l2tpd "geheimes-passwort" * l2tpd xinux "geheimes-passwort" *
Client
Installation
apt-get install xl2tpd ppp openswan
ipsec
cat /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification config setup dumpdir=/var/run/pluto/ protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off conn yourconn authby=secret pfs=no auto=add keyingtries=3 dpddelay=30 dpdtimeout=120 dpdaction=clear rekey=yes ikelifetime=8h keylife=1h type=transport left=%defaultroute leftprotoport=17/1701 right=yourvpnserver.com rightprotoport=17/1701
cat /etc/ipsec.secrets %any yourvpnserver.com : PSK "pissespisse"
xl2tp
cat /etc/xl2tpd/xl2tpd.conf [lac vpn-connection] lns = yourvpnserver.com ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes
ppp
cat /etc/ppp/options.l2tpd.client ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 noccp noauth idle 1800 mtu 1410 mru 1410 defaultroute usepeerdns debug lock connect-delay 5000 name xinux password suxer
Start Script
#!/bin/bash case $1 in start) /etc/init.d/ipsec restart sleep 1 ipsec auto --up yourconn sleep 1 /etc/init.d/xl2tpd start sleep 1 echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control sleep 5 ip route add 192.168.240.0/21 via 172.28.6.1 ;; stop) ip route del 192.168.240.0/21 echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control /etc/init.d/xl2tpd stop ipsec auto --down yourconn /etc/init.d/ipsec stop ;; esac
Quellen: