{"id":229,"date":"2018-07-29T12:49:20","date_gmt":"2018-07-29T04:49:20","guid":{"rendered":"http:\/\/www.cloudy.pub\/?p=229"},"modified":"2019-02-25T18:08:50","modified_gmt":"2019-02-25T10:08:50","slug":"linux-shi-yong-xl2tpd-jian-li-l2tp-sui-dao-without-ipsec","status":"publish","type":"post","link":"https:\/\/www.0moon.com\/?p=229","title":{"rendered":"Linux \u4f7f\u7528 xl2tpd \u5efa\u7acb L2TP \u96a7\u9053\uff08WITHOUT IPSEC\uff09"},"content":{"rendered":"

Linux \u4f7f\u7528 xl2tpd \u5efa\u7acb L2TP \u96a7\u9053\uff08WITHOUT IPSEC\uff09<\/p>\n

\u51c6\u5907\u73af\u5883 ppp\u3001x2ltpd \uff08\u670d\u52a1\u5668\u7aef\u548c\u5ba2\u6237\u7aef\u5747\u9700\u8981\u5b89\u88c5\uff09<\/p>\n

1\u3001\u670d\u52a1\u5668\u7aef\u914d\u7f6e<\/strong><\/span><\/p>\n

1.1\u3001\u5728 xl2tpd.conf \u6587\u4ef6\u4e2d\u914d\u7f6e pppoptfile<\/p>\n

centos 7\u5b89\u88c5\u73af\u5883\uff1a<\/p>\n

yum <\/span>install <\/span>epel<\/span>-<\/span>release<\/span> -<\/span>y<\/span>\r\nyum <\/span>install <\/span>xl2tpd<\/span> -<\/span>y<\/span><\/pre>\n
vi \/etc\/xl2tpd\/xl2tpd.conf<\/p>\n
[lns default<\/span>]\r\nip range = 192.168<\/span>.0<\/span>.2<\/span>-192.168<\/span>.0<\/span>.20<\/span>\r\nlocal ip = 192.168<\/span>.0<\/span>.1<\/span>\r\nrequire<\/span> chap = yes<\/span>\r\nrefuse pap = yes<\/span>\r\nname = vpn_company\r\npppoptfile = \/etc\/ppp\/options.xl2tpd\r\nlength bit = yes<\/span>\r\n<\/code><\/pre>\n
1.2\u3001\u8bbe\u7f6e\u5b89\u5168\u8ba4\u8bc1<\/p>\n
vi \/etc\/ppp\/options.xl2tpd<\/p>\n
noccp<\/span>\r\nnoauth\r\nidle 1800<\/span>\r\nmtu 1410<\/span>\r\nmru 1410<\/span>\r\nnodefaultroute\r\nconnect-delay 5000<\/span>\r\n<\/code><\/pre>\n
1.3\u3001\u914d\u7f6e L2TP \u7528\u6237\u8ba4\u8bc1<\/p>\n
vi \/etc\/ppp\/chap-secrets<\/p>\n
#<\/span> Secrets for<\/span> authentication using CHAP<\/span>\r\n#<\/span> client    server  secret          IP addresses<\/span>\r\ntest    *   test    *\r\n\r\n\/etc\/init.d\/xl2tpd restart\r\n<\/code><\/pre>\n
1.4\u3001\u914d\u7f6e\u8f6c\u53d1\uff08\u8fde\u901a\u5916\u7f51eth1\uff09<\/p>\n
echo \"net.ipv4.ip_forward = 1\" >\u00a0\/etc\/sysctl.conf<\/code><\/p>\n
sysctl -p<\/code><\/pre>\n
iptables -t nat -A POSTROUTING -s 192.168.0.0\/24 -j MASQUERADE   \/\/\uff08centos6\uff09\r\n<\/span><\/span><\/code><\/pre>\n
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o eth1 -j MASQUERADE -s 192.168.0.0\/24<\/span><\/span><\/span><\/code><\/code><\/pre>\n
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT\r\nfirewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT\r\nfirewall-cmd --permanent --add-masquerade\r\nfirewall-cmd --reload\r\n<\/code><\/pre>\n
2\u3001\u5ba2\u6237\u7aef\u914d\u7f6e<\/span><\/strong><\/p>\n
2.1\u3001\u914d\u7f6e\u5ba2\u6237\u7aef\u8ba4\u8bc1\u4fe1\u606f<\/p>\n
vi \/etc\/ppp\/peers\/vpn_company<\/p>\n
remotename vpn_company\r\nuser \"test\"<\/span>\r\npassword \"test\"<\/span>\r\nipcp-accept<\/span>-local<\/span>\r\nipcp-accept<\/span>-remote\r\nrefuse-eap\r\nrequire<\/span>-mschap-v2\r\nnoccp\r\nnoauth\r\nnoipdefault\r\nmtu 1410<\/span>\r\nmru 1410<\/span>\r\nusepeerdns\r\ndebug\r\nconnect<\/span>-delay 5000<\/span>\r\n<\/code><\/pre>\n
2.2\u3001\u914d\u7f6e lac<\/p>\n
vi \/etc\/xl2tpd\/xl2tpd.conf<\/p>\n
[lac vpn_company]\r\nlns = 192.168.159.132\r\npppoptfile = \/etc\/ppp\/peers\/vpn_company\r\nppp debug = yes\r\n<\/code><\/pre>\n
lns \u4e3a\u8fdc\u7a0b VPN \u670d\u52a1\u5668\u5730\u5740\u3002<\/p>\n
\/etc\/init.d\/xl2tpd restart\r\n<\/code><\/pre>\n
3\u3001\u5728\u5ba2\u6237\u7aef\u5efa\u7acb L2TP \u8fde\u63a5<\/p>\n
\u8fde\u63a5\u5230\u6307\u5b9a lac<\/p>\n
echo<\/span> 'c vpn_company'<\/span> > \/var<\/span>\/run\/xl2tpd\/l2tp-control\r\n<\/code><\/pre>\n
vpn_conf \u4e3a \/etc\/xl2tpd\/xl2tpd.conf \u4e2d\u914d\u7f6e\u7684 lac \u540d\u79f0<\/p>\n
\u6210\u529f\u5efa\u7acb\u8fde\u63a5\u540e\uff0c\u53ef\u4ee5\u770b\u5230\u5982\u4e0b ppp \u7f51\u5361\u4fe1\u606f\u3002<\/p>\n
ppp0<\/span>      Link<\/span> encap<\/span>:\u70b9\u5bf9\u70b9\u534f\u8bae  \r\n          inet<\/span> \u5730\u5740:192.168.0.2<\/span>  \u70b9\u5bf9\u70b9:192.168.0.1<\/span>  \u63a9\u7801:255.255.255.255<\/span>\r\n          UP<\/span> POINTOPOINT<\/span> RUNNING<\/span> NOARP<\/span> MULTICAST<\/span>  MTU<\/span>:1410<\/span>  \u8dc3\u70b9\u6570:1<\/span>\r\n          \u63a5\u6536\u6570\u636e\u5305:4<\/span> \u9519\u8bef:0<\/span> \u4e22\u5f03:0<\/span> \u8fc7\u8f7d:0<\/span> \u5e27\u6570:0<\/span>\r\n          \u53d1\u9001\u6570\u636e\u5305:4<\/span> \u9519\u8bef:0<\/span> \u4e22\u5f03:0<\/span> \u8fc7\u8f7d:0<\/span> \u8f7d\u6ce2:0<\/span>\r\n          \u78b0\u649e:0<\/span> \u53d1\u9001\u961f\u5217\u957f\u5ea6:3<\/span> \r\n          \u63a5\u6536\u5b57\u8282:58<\/span> (58.0<\/span> B<\/span>)  \u53d1\u9001\u5b57\u8282:76<\/span> (76.0<\/span> B<\/span>)\r\n<\/code><\/pre>\n
\u5173\u95ed L2TP \u8fde\u63a5<\/p>\n
echo<\/span> \"d vpn_company\"<\/span> > \/var<\/span>\/run\/xl2tpd\/l2tp-control<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Linux \u4f7f\u7528 xl2tpd \u5efa\u7acb L2TP \u96a7\u9053\uff08WITHOUT IPSEC\uff09 \u51c6\u5907\u73af\u5883 ppp\u3001x2lt […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,13],"tags":[52,51],"class_list":["post-229","post","type-post","status-publish","format-standard","hentry","category-linux","category-study","tag-l2tp","tag-vpn"],"_links":{"self":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=229"}],"version-history":[{"count":9,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions"}],"predecessor-version":[{"id":355,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions\/355"}],"wp:attachment":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}