Xl2tpd-strongswan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→PPP) |
|||
| (11 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 3: | Zeile 3: | ||
==strongswan== | ==strongswan== | ||
| − | ===ipsec.conf | + | ===ipsec.conf complete=== |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
conn l2tp | conn l2tp | ||
| − | + | keyexchange=ikev1 | |
| − | + | left=10.84.252.32 | |
| − | + | auto=add | |
| − | + | authby=secret | |
| − | + | type=transport | |
| − | + | leftprotoport=17/1701 | |
| − | + | rightprotoport=17/%any | |
| − | + | right=%any | |
| + | |||
| + | ===ipsec.secrets complete=== | ||
cat /etc/ipsec.secrets | cat /etc/ipsec.secrets | ||
| − | + | ||
| + | 10.84.252.32 %any : PSK "1234" | ||
| + | |||
| + | '''Wichtig dieser Eintrag muss am Ende stehen''' | ||
==XL2TP== | ==XL2TP== | ||
cat /etc/xl2tpd/xl2tpd.conf | cat /etc/xl2tpd/xl2tpd.conf | ||
| − | + | <pre> | |
[global] | [global] | ||
| − | |||
| − | |||
| − | |||
ipsec saref = yes | ipsec saref = yes | ||
debug avp = yes | debug avp = yes | ||
| Zeile 60: | Zeile 32: | ||
debug state = yes | debug state = yes | ||
debug tunnel = yes | debug tunnel = yes | ||
| − | + | ||
[lns default] | [lns default] | ||
ip range = 10.1.2.2-10.1.2.255 | ip range = 10.1.2.2-10.1.2.255 | ||
| Zeile 70: | Zeile 42: | ||
pppoptfile = /etc/ppp/options.xl2tpd | pppoptfile = /etc/ppp/options.xl2tpd | ||
length bit = yes | length bit = yes | ||
| + | </pre> | ||
==PPP== | ==PPP== | ||
cat /etc/ppp/options.xl2tpd | cat /etc/ppp/options.xl2tpd | ||
| − | + | <pre> | |
require-mschap-v2 | require-mschap-v2 | ||
ms-dns 192.168.240.21 | ms-dns 192.168.240.21 | ||
| Zeile 79: | Zeile 52: | ||
asyncmap 0 | asyncmap 0 | ||
auth | auth | ||
| − | crtscts | + | #crtscts nicht vorhanden in 5.6.2-1ubuntu2.4 |
| − | lock | + | #lock nicht vorhanden in 5.6.2-1ubuntu2.4 |
hide-password | hide-password | ||
| − | modem | + | #modem nicht vorhanden in 5.6.2-1ubuntu2.4 |
#for ppp3 | #for ppp3 | ||
unit 3 | unit 3 | ||
| Zeile 90: | Zeile 63: | ||
lcp-echo-interval 30 | lcp-echo-interval 30 | ||
lcp-echo-failure 4 | lcp-echo-failure 4 | ||
| − | + | </pre> | |
cat /etc/ppp/chap-secrets | cat /etc/ppp/chap-secrets | ||
| − | + | <pre> | |
xinux l2tpd "geheimes-passwort" * | xinux l2tpd "geheimes-passwort" * | ||
#l2tpd xinux "geheimes-passwort" * | #l2tpd xinux "geheimes-passwort" * | ||
| + | </pre> | ||
| + | |||
| + | =Starten= | ||
| + | *systemctl restart strongswan | ||
| + | *systemctl restart xl2tpd | ||
Aktuelle Version vom 12. November 2019, 11:48 Uhr
Installation
apt-get install xl2tpd ppp strongswan
strongswan
ipsec.conf complete
conn l2tp
keyexchange=ikev1
left=10.84.252.32
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/%any
right=%any
ipsec.secrets complete
cat /etc/ipsec.secrets
10.84.252.32 %any : PSK "1234"
Wichtig dieser Eintrag muss am Ende stehen
XL2TP
cat /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes debug avp = yes debug network = yes debug state = yes debug tunnel = yes [lns default] ip range = 10.1.2.2-10.1.2.255 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
PPP
cat /etc/ppp/options.xl2tpd
require-mschap-v2 ms-dns 192.168.240.21 ms-dns 192.168.240.22 asyncmap 0 auth #crtscts nicht vorhanden in 5.6.2-1ubuntu2.4 #lock nicht vorhanden in 5.6.2-1ubuntu2.4 hide-password #modem nicht vorhanden in 5.6.2-1ubuntu2.4 #for ppp3 unit 3 debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4
cat /etc/ppp/chap-secrets
xinux l2tpd "geheimes-passwort" * #l2tpd xinux "geheimes-passwort" *
Starten
- systemctl restart strongswan
- systemctl restart xl2tpd