Xl2tpd-strongswan: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
Zeile 23: Zeile 23:
  
 
  [global]
 
  [global]
#important when more then one ips on the nic
+
ipsec saref = yes
#listen-addr = XXX.XXX.XXX.XXX
+
debug avp = yes
+
debug network = yes
ipsec saref = yes
+
debug state = yes
debug avp = yes
+
debug tunnel = yes
debug network = yes
+
 
debug state = yes
+
[lns default]
debug tunnel = yes
+
ip range = 10.1.2.2-10.1.2.255
+
local ip = 10.1.2.1
[lns default]
+
refuse chap = yes
ip range = 10.1.2.2-10.1.2.255
+
refuse pap = yes
local ip = 10.1.2.1
+
require authentication = yes
refuse chap = yes
+
ppp debug = yes
refuse pap = yes
+
pppoptfile = /etc/ppp/options.xl2tpd
require authentication = yes
+
length bit = yes
ppp debug = yes
 
pppoptfile = /etc/ppp/options.xl2tpd
 
length bit = yes
 
  
 
==PPP==
 
==PPP==

Version vom 5. Juli 2017, 14:11 Uhr

Installation

apt-get install  xl2tpd ppp strongswan

strongswan

ipsec.conf complete

conn l2tp
    keyexchange=ikev1
    left=10.84.252.32
    auto=add
    authby=secret
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/%any
    right=%any



cat /etc/ipsec.secrets 
10.84.252.32 %any : PSK "1234"

XL2TP

cat /etc/xl2tpd/xl2tpd.conf 

[global]

ipsec saref = yes debug avp = yes debug network = yes debug state = yes debug tunnel = yes

[lns default] ip range = 10.1.2.2-10.1.2.255 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes

PPP

cat /etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 192.168.240.21
ms-dns 192.168.240.22
asyncmap 0
auth
crtscts
lock
hide-password
modem
#for ppp3 
unit 3
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

cat /etc/ppp/chap-secrets 

xinux        l2tpd       "geheimes-passwort"	       *
#l2tpd        xinux	  "geheimes-passwort"	       *
Abgerufen von „https://xinux.net/index.php?title=Xl2tpd-strongswan&oldid=13645