Post Friends My journal
uzverss

vpn l2tp debian12

Nov 27, 2016 18:26




заглянуть
https://unixforum.org/viewtopic.php?t=154566

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

sudo apt install strongswan xl2tpd

/etc/ipsec.conf

config setup
conn rw-base
fragmentation=yes
dpdaction=clear
dpdtimeout=90s
dpddelay=30s
conn l2tp-vpn
also=rw-base
ike=aes128-aes192-aes256-sha1-sha256-modp1024-modp3072
esp=aes128-aes192-aes256-sha1-sha256-modp1024-modp3072
leftsubnet=%dynamic[/1701]
rightsubnet=%dynamic
mark=%unique
leftauth=psk
rightauth=psk
type=transport
auto=add
left=%any
right=%any

openssl rand -base64 18 > mySharedKey

/etc/ipsec.secrets

%any %any : PSK "mySharedKey"

/etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
auth file = /etc/ppp/chap-secrets
access control = no
ipsec saref = yes
force userspace = yes

[lns default]
exclusive = no
ip range = 10.32.100.100-10.32.100.199
hidden bit = no
local ip = 10.32.100.1
length bit = yes
require authentication = yes
name = l2tp-vpn
pppoptfile = /etc/ppp/options.xl2tpd
flow bit = yes

/etc/ppp/options.xl2tpd

asyncmap 0
auth
crtscts
lock
hide-password
modem
mtu 1460
lcp-echo-interval 30
lcp-echo-failure 4
noipx
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
multilink
mppe-stateful
ms-dns 1.1.1.1
ms-dns 8.8.8.8
ms-dns 8.8.4.4

/etc/ppp/chap-secrets

пользователь1 l2tp-vpn пароль *
пользователь2 l2tp-vpn Pa$$word_1 10.2.2.99

systemctl restart strongswan-starter
systemctl restart xl2tpd
systemctl restart ipsec
systemctl list-units --type service --state running
systemctl list-units --type service --state failed

форвардинг
iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE # добавить при старте
iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE # удалить когда останавливается

https://gist.github.com/kimus/9315140
Если вам нужен ufw для NAT-подключений с внешнего интерфейса на внутренний, то решение довольно простое. В файле /etc/default/ufw измените параметр DEFAULT_FORWARD_POLICY
DEFAULT_FORWARD_POLICY="ACCEPT"

sudo apt install network-manager-l2tp network-manager-l2tp-gnome

проверка соединения
journalctl -f

vpn

Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.