Layer 2 Tunneling Protocol (L2TP) is an industry standard Internet tunneling protocol that uses UDP port 1701 for communication. L2TP itself does not have any encryption, but we can use IPSec to encrypt L2TP packets. L2TP VPN is more complicated than PPTP VPN.
First, install IPsec, Openswan is an implementation of IPsec on Linux systems. Official website: http://www.openswan.org/
1. Install the necessary software:
yum install make gcc gmp-devel bison flex lsof
make,gcc We all know what it is for. Gmp-devel: Development tools for the GNU MP arbitrary precision library.bison: A GNU general-purpose parser generator.flex: A tool for creating scanners (text pattern recognizers). Looks like it's all about the compiler?
2. Install Openswan: Since the version on the update source is 2.6.21-5.el5_6.4, the source code is installed here. The latest version is 2.6.35.
cd /tmpwget http://www.openswan.org/download/openswan-2.6.35.tar.gztar -zxvf openswan-2.6.35.tar.gzcd openswan-2.6.35make programs install
PS: Enter the openswan-2.6.35 directory to see that there is already a Makefile. Read INSTALL in the reading directory and write Building userland:make programs install
3. Configure IPSec to edit the configuration file /etc/Ipsec.conf:
cp /etc/ipsec.conf /etc/ipsec.conf.bakvim /etc/ipsec.conf
Find prostackack=auto, modify to:
protostack=netkey
Add at the end:
conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNATconn L2TP-PSK-noNAT authby=secret pfs=no Auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=YOUR.SERVER.IP.ADDRESS leftprotoport=17/1701 right=%any rightprotoport=17/%any“YOUR.SERVER .IP.ADDRESS” Replace the external network IP of the VPS. Some of the settings can refer to the contents of the /etc/ipsec.d/examples/l2tp-psk.conf file.
4. Set the shared key PSK edit configuration file /etc/ipsec.secrets:
vim /etc/ipsec.secrets
Enter:
YOUR.SERVER.IP.ADDRESS %any: PSK "YourSharedSecret"
5. Modify the package forwarding settings Copy the following two pieces of code to run in the terminal:
for each in /proc/sys /net/ipv4/conf/*doecho 0 > $each/accept_redirectsecho 0 > $each/send_redirectsdone
echo 1 >/proc/sys/net/core/xfrm_larval_drop
Modify Kernel settings to enable forwarding, edit the /etc/sysctl.conf file:
vim /etc/sysctl.conf
Change the value of <quo;net.ipv4.ip_forward” to 1 .
Make the changes take effect:
sysctl -p
6, restart IPSec:
/etc/init.d/ipsec restart
Check the correctness of the system IPSec installation and startup:
ipsec verify
No report [FAILED] is fine.
The VPS results I used are shown below:
Second, install L2TP (xl2tpd and rp-l2tp) xl2tpd is an l2tpd application maintained by Xelerance Corporation. However, xl2tpd does not have l2tp-control and needs to be extracted from rp-l2tp. So you have to install these two packages.
1, install the necessary software:
yum install libpcap-devel ppp policycoreutils
2, install xl2tpd and rp-l2tp:
cd /tmpwget Http://sourceforge.net/projects/rp-l2tp/files/rp-l2tp/0.4/rp-l2tp-0.4.tar.gztar -zxvf rp-l2tp-0.4.tar.gzcd rp-l2tp-0.4./configuremakecp Handlers/l2tp-control /usr/local/sbin/mkdir /var/run/xl2tpd/ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
xl2tpd Use the latest xl2tpd-1.3.0:
cd /tmpwget http://www.xelerance.com/wp-content/uploads/software/xl2tpd/xl2tpd-1.3.0.tar.gztar -zxvf xl2tpd-1.3.0.tar.gzcd xl2tpd-1.3.0makemake install
The following contents are displayed:
3. Create xl2tpd configuration file:
mkdir /etc/xl2tpdvim /etc/xl2tpd/xl2tpd.conf
Join:
[global]ipsec saref = yes
[lns default]ip range = 10.82.88.2- 10.82.88.254local ip = 10.82.88.1refuse chap = yesrefuse pap = yesrequire authentication = yesppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yes
4 Configure ppp to create the options.xl2tpd file:
vim /etc/ppp/options.xl2tpd
Join:
require-mschap-v2ms-dns 8.8.8.8ms-dns 8.8.4.4asyncmap 0authcrtsctslockhide-passwordmodemdebugname l2tpdproxyarplcp-echo-interval 30lcp-echo-failure 4
5. Set the dial-up username and password:
vim /etc/ppp/chap-secrets
6. Add iptables forwarding rules:
iptables --table nat --append POSTROUTING --jump MASQUERADE
Save iptables forwarding rules:
/etc/init.d/iptables save
Restart iptables:
/etc/init.d/iptables restart
7, start l2tp in debug mode, view There are no errors:
xl2tpd -D
is shown as follows: xl2tpd[9647]: Enabling IPsec SAref processing for L2TP transport mode SAsxl2tpd[9647]: IPsec SAref does not work with L2TP kernel mode yet , enabling forceuserspace=yesxl2tpd[9647]: setsockopt recvref[22]: Protocol not availablexl2tpd[9647]: This binary does not support kernel L2TP.xl2tpd[9647]: xl2tpd version xl2tpd-1.3.0 started on myserv Er.localdomain PID: 9647xl2tpd[9647]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.xl2tpd[9647]: Forked by Scott Balmos and David Stipp, (C) 2001xl2tpd[9647]: Inherited by Jeff McAdams , (C) 2002xl2tpd[9647]: Forked again by Xelerance (www.xelerance.com) (C) 2006xl2tpd[9647]: Listening on IP address 0.0.0.0, port 1701 indicates that the port is already listening. It is now possible to establish an L2TP dial-up connection on Windows.
Three, set boot start
vim /etc/rc.local
Join:
for each in /proc/sys/net/ipv4/Conf/*doecho 0 > $each/accept_redirectsecho 0 > $each/send_redirectsdone
echo 1 >/proc/sys/net/core/xfrm_larval_drop
/etc/init.d /ipsec restart
/usr/local/sbin/xl2tpd
Fourth, the problem encountered when establishing a connection Create a VPN connection under Windows, select the L2TP IPSec VPN for the attribute-network-VPN type. Security - IPSec Settings - Enter the shared secret.
Tip- ldquo; Error 768: Connection attempt failed because of encrypted data failure. ”IPSEC services were turned off. Start-Run-Enter services.msc, then enable “IPSEC services” in the service.
without splitting the hard disk Installing Linux is a bit scary for novices: partitions and some ma
Speaking of the command, you have to mention this special command vi it is not only a command, but a
diskless boot everyone should have heard of it, and now many Internet cafes and enterprises have use
win7 There are a lot of tricks, if used well, can make the win7 system get no small optimization. No
Scp copying between Linux hosts without entering a password
Linux operating system process knowledge
CentOS 6.X Installation Guide With Screenshots
Minicom can't input the problem solution
Comparison of ext4 and ext3 under Linux
The difference between the init function and the init process is
Linux shutdown command shutdown
About linux memory management Principles of knowledge
Win10 preview version 10159 upgrade download card at 0% how to do
Users of the remote login server for Windows 2003 & 2008
How Windows 8 uses IE10 tracking protection to filter advertisements
Win 7 system quickly get started experience (1)
Using Windows 2003 Deployment Software
How do you let NOD32 users run normally on Win 10?
Six popular Android mobile phone maps introduced
Brush Wizard: Mobile Phone Unlock Tutorial
Solve the problem that Windows8 system is not compatible with some software
Windows 7 Delete Unknown Account Protection System Security Tutorial