Chinaunix首页 | 论坛 | 博客
  • 博客访问: 857303
  • 博文数量: 213
  • 博客积分: 5048
  • 博客等级: 大校
  • 技术积分: 1883
  • 用 户 组: 普通用户
  • 注册时间: 2008-04-14 10:14
文章分类

全部博文(213)

文章存档

2011年(4)

2010年(55)

2009年(47)

2008年(107)

我的朋友

分类: 系统运维

2010-05-22 17:34:02

服务器用ubuntu server10.04 +ipsec-tools + xl2tpd 搭建的。

参考:
http://blog.chinaunix.net/u2/66435/showart_2238552.html

客户端分为xp下和ubuntu10.04下

xp下l2tp over ipsec client

1 创建一个新的连接(for example, l2tp-ipsec)->连接到我的工作场所->虚拟专用网络连接->input your name ->input server ip address->不使用我的智能卡. 完成

2 启动 l2tp-ipsec, 在属性->安全->IPSec设置里输入psk密码(我的123456), 并且设置VPN类型为L2TP IPSec VPN.

3 输入用户名和密码, 连接成功.

ubuntu下l2tp over ipsec client
我选用openswan
1
sudo apt-get install xl2tp
sudo apt-get install openswan

2.修改/etc/ipsec.conf
conn L2TP-PSK-CLIENT
        authby=secret
        pfs=no
        rekey=yes
        keyingtries=3
        type=transport
        left=%defaultroute
        leftprotoport=17/1701
        right=192.168.0.109
        rightprotoport=17/1701
        auto=add

3.启动client端的ipsec
sudo ipsec auto --up L2TP-PSK-CLIENT
你应该看到类似这样的东西
"L2TP-PSK-CLIENT" #1: initiating Main Mode
"L2TP-PSK-CLIENT" #1: ignoring Vendor ID payload [KAME/racoon]
"L2TP-PSK-CLIENT" #1: received Vendor ID payload [RFC 3947] method set to=110
"L2TP-PSK-CLIENT" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"L2TP-PSK-CLIENT" #1: ignoring Vendor ID payload [KAME/racoon]
"L2TP-PSK-CLIENT" #1: I did not send a certificate because I do not have one.
"L2TP-PSK-CLIENT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"L2TP-PSK-CLIENT" #1: Main mode peer ID is ID_IPV4_ADDR: '123.123.123.123'
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
"L2TP-PSK-CLIENT" #2: initiating Quick Mode PSK+ENCRYPT+DONTREKEY+UP {using isakmp#1}
"L2TP-PSK-CLIENT" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
"L2TP-PSK-CLIENT" #1: received and ignored informational message
"L2TP-PSK-CLIENT" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"L2TP-PSK-CLIENT" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"L2TP-PSK-CLIENT" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x04d46325 <0xc851a16f xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
如果没有,此尝试sudo /etc/init.d/ipsec restart

4.修改/etc/xl2tpd/xl2tpd.conf
增加

[lac L2TPserver]
lns = 192.168.0.109
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = eelb
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.client
length bit = yes


5.添加/etc/ppp/options.xl2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
#proxyarp
connect-delay 5000

6.
链接服务器
echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control

这时ifconfig看一下,是不是多了一个虚拟的ppp端口
ping服务器的ppp地址
一切正常
阅读(5877) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~