centOS build l2tpd vpn server

Server requirements: Dual network card, as a gateway. If you use a single NIC server, bypass mode, you can also open and access resources, but in the actual application there will be some inexplicable network data transmission error, it is not recommended. The network refers to the following figure: Router----Firewall-----l2tp Server------- Core Switch l2tp Server Interface and Address: Eth0 192.166.1.2 --- l2tp Server --- Eth1 192.168.67.2 Server Network address planning: Eth0 192.166.1.2 mask 255.255.255.0 Access border firewall, border firewall interface is set to 192.166.1.1 mask 255.255.255.0Eth1 192.168.67.2 mask 255.255.255.0 Access core switch, core switch interface is set to 192.168.67.1 Mask 255.255.255.0Operating system
:centOS5.5L2tp service software: xl2tpd 1.2.7 The default service port is 1701. Install xl2tp1, install the libraries and packages required by CentOS: yum install libpcap-devel ppp2, Http://www.xelerance.com/software/xl2tpd/Download xl2tpd-1.2.7.tar.gz3, extract: tar -zxvf xl2tpd-1.2.7.tar.gz4, enter the decompression directory, then compile and install :cd xl2tpd-1.2.7makemake install5, modify /etc/xl2tpd/xl2tpd.conf, the content is as follows: first copy the default example configuration file to the corresponding directory: mkdir /etc/xl2tpdmkdir /var/run/xl2tpdcp examples/xl2tpd.conf /etc/xl2tpd/

Modify the file, pay attention to the red part: vi /etc/xl2tpd/xl2tpd.conf[global]listen-addr = 192.166.1.2; external dialing server address; requires openswan-3.1 or higher; ipsec saref = yes;; debug tunnel = Yes;port = 1701auth file = /etc/ppp/chap-secrets;file path for authentication username and password debug tunnel = yes[lns default]ip range = 192.168.67.3-192.168.67.254; assigned to users who have successfully dialed The address pool local ip = 192.168.67.2; the real IP address of the interface that forwards the packet internally require chap = yesrefuse pap = yesrequire authentication = yesname = xxbl2tpserverppp debug = yespppoptfile = /etc/ppp/options.xl2tpd; the configuration file path of the ppp protocol Length bit = yes6, modify /etc/ppp/options.xl2tpd, the content is as follows: cp examples/ppp-options.xl2tpd /etc/ppp/options.xl2tpdvi /etc/ppp/options.xl2tpdipcp-accept-localipcp-accept-remotems -dns 8.8.8.8ms-dns 221.7.17.21# Assign dns server address noccpauthcrtsctsidle 1800mtu 1500mru 1500nodefaultroutedebuglocklogfile /var/log/l2tpd.log# log file path proxyarpcon Nect-delay 5000#kdebug 2#record /var/log/l2tpdcontent.logreceive-allktune7, modify the user authentication file /etc/ppp/chap-secrets as follows # Secrets for authentication using CHAP# client server secret IP addresses# Secrets for Authentication using CHAP# client server secret IP addresses"test" * "test" *8, edit start and stop the service script /etc/init.d/xl2tpd file, the content is as follows: #!/bin/sh## xl2tpd This shell Script takes care of starting and stopping l2tpd.## chkconfig: - 80 30# description: Layer 2 Tunnelling Protocol Daemon (RFC 2661)## processname: xl2tpd# config: /etc/xl2tpd/xl2tpd.conf# pidfile: /var/Run/xl2tpd.pid#ServicenameSERVICE=xl2tpd# Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/networkif [ ${NETWORKING} = "no" ] Thenexit 0fi[ -x /usr/local/sbin/$SERVICE ]