服务器用ubuntu server10.04 +ipsec-tools + xl2tpd 搭建的。
参考:http://blog.chinaunix.net/u2/66435/showart_2238552.html
客户端分为xp下和ubuntu10.04下
xp下l2tp over ipsec client
1 创建一个新的连接(for example, l2tp-ipsec)->连接到我的工作场所->虚拟专用网络连接->input your name ->input
server ip address->不使用我的智能卡. 完成
2 启动 l2tp-ipsec, 在属性->安全->IPSec设置里输入psk密码(我的123456),
并且设置VPN类型为L2TP IPSec VPN.
3
输入用户名和密码, 连接成功.
ubuntu下l2tp over ipsec client
我选用openswan
1
sudo apt-get install xl2tp
sudo apt-get install openswan
2.修改/etc/ipsec.conf
conn L2TP-PSK-CLIENT
authby=secret
pfs=no
rekey=yes
keyingtries=3
type=transport
left=%defaultroute
leftprotoport=17/1701
right=192.168.0.109
rightprotoport=17/1701
auto=add
3.启动client端的ipsec
sudo ipsec auto --up L2TP-PSK-CLIENT
你应该看到类似这样的东西
"L2TP-PSK-CLIENT" #1: initiating Main Mode
"L2TP-PSK-CLIENT" #1: ignoring Vendor ID payload [KAME/racoon]
"L2TP-PSK-CLIENT" #1: received Vendor ID payload [RFC 3947] method set
to=110
"L2TP-PSK-CLIENT" #1: enabling possible NAT-traversal with method RFC
3947 (NAT-Traversal)
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"L2TP-PSK-CLIENT" #1: ignoring Vendor ID payload [KAME/racoon]
"L2TP-PSK-CLIENT" #1: I did not send a certificate because I do not
have one.
"L2TP-PSK-CLIENT" #1: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): no NAT detected
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"L2TP-PSK-CLIENT" #1: Main mode peer ID is ID_IPV4_ADDR:
'123.123.123.123'
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
"L2TP-PSK-CLIENT" #2: initiating Quick Mode PSK+ENCRYPT+DONTREKEY+UP
{using isakmp#1}
"L2TP-PSK-CLIENT" #1: ignoring informational payload, type
IPSEC_INITIAL_CONTACT
"L2TP-PSK-CLIENT" #1: received and ignored informational message
"L2TP-PSK-CLIENT" #2: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME
"L2TP-PSK-CLIENT" #2: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
"L2TP-PSK-CLIENT" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x04d46325 <0xc851a16f xfrm=AES_0-HMAC_SHA1 NATD=none
DPD=none}
如果没有,此尝试sudo /etc/init.d/ipsec restart
4.修改/etc/xl2tpd/xl2tpd.conf
增加
[lac L2TPserver]
lns = 192.168.0.109
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = eelb
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.client
length bit = yes
5.添加/etc/ppp/options.xl2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
#proxyarp
connect-delay 5000
6.链接服务器
echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control
这时ifconfig看一下,是不是多了一个虚拟的ppp端口
ping服务器的ppp地址
一切正常
阅读(5877) | 评论(0) | 转发(0) |