티스토리 뷰

VPN

L2TP / IPSEC VPN Client 설정하기 (linux)

초보의 CHOMAN 2015.02.02 17:06

L2TP / IPSEC VPN Client 설정하기 (linux)

 


 

테스트 환경

 

 클라우드 서버 (floating nat 환경) , 물리서버 (static real ip)

 CENTOS7 64bit

 


 

패키지 설치


 yum install epel-release

 yum install libreswan xl2tpd kernel


 

디렉토리 생성


mkdir -p /var/run/xl2tpd


 

ipsec.conf 파일 설정


vim /etc/ipsec.conf


config setup

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

dumpdir=/var/run/pluto/

protostack=netkey

logfile=/var/log/pluto.log


conn koreavpn

        authby=secret

        pfs=no

        auto=add

        rekey=no

        left="%defaultroute"

        right= 접속할 VPN 서버 아이피

        type=transport

        leftprotoport=17/1701

        rightprotoport=17/1701

        dpddelay=15

        dpdtimeout=30

        dpdaction=clear


 

vim /etc/ipsec.secret


include /etc/ipsec.d/*.secrets

접속할 VPN 아이피 %any: PSK "test1234" 

 



vim /etc/xl2tpd/xl2tpd.conf


[lac koreavpn]

lns = 접속할 VPN 아이피

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd.client

length bit = yes



 


vim /etc/ppp/options.xl2tpd.client


ipcp-accept-local

ipcp-accept-remote

refuse-eap

require-mschap-v2

require-chap

noccp

auth

idle 1800

#mtu 1400

#mru 1400

defaultroute

noipdefault

usepeerdns

debug

connect-delay 5000

name VPN 계정 아이디

password VPN 계정 패스워드



 

명령어 실행


/etc/init.d/ipsec start

/etc/init.d/xl2tpd start

 

XL2TP 연결

echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control 

IPSEC 연결

ipsec auto --up L2TP-PSK

 

 


 

확인


# route


Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         VPN 아이피   0.0.0.0         UG    0      0        0 ppp0

로컬네트워크    *               255.255.255.0   U     1      0        0 eth0

VPN 아이피   *               255.255.255.255 UH    0      0        0 ppp0


ppp0      Link encap:Point-to-Point Protocol  

          inet addr:10.0.0.1  P-t-P:VPN아이피  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1

          RX packets:1342 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1456 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:429991 (429.9 KB)  TX bytes:188608 (188.6 KB)

 

L2TP 만 연결되었을때 패킷 덤프 ( TCP 1701 포트로패킷 교환 )

 

.55.xx.6.1701 > xx.68.xx.100.1701:  l2tp:[L](11358/49660) {IP 11.0.0.3 > 11.0.0.1: ICMP echo request, id 42827, seq 1, length 64}
E..|..@.2....7q.sD.d.....h..@..`,^.....!E..T..@.@.$...........e..K....&Z....-....................... !"#$%&'()*+,-./01234567

 

 

IPSEC이 추가 연동되면 패킷 덤프 ( TCP 1701 포트로패킷 교환 )

 

13:33:56.884247 IP xx.55.xx.6 > xx.68.xx.100: ESP(spi=0xb5a26f07,seq=0x1), length 148
E.....@.22.=.7q.sD.d..o......{...G%z8.&..p.C6..csT.0Y.a.:...o&%...6tT.D...........O...X...G."..F...
T..P.5.ciH........O     $^.9%.....b).....%.....M.J../...A.!+.,....T_|...

 

 

'VPN' 카테고리의 다른 글

windows 8 계열 PPTP clinet 설정하기  (0) 2015.02.28
PPTP VPN 속도는?  (0) 2015.02.04
pptp 와 openvpn 비교  (0) 2015.02.04
vpn 을 사용하는 이유? (경우)  (0) 2015.02.04
L2TP / IPSEC VPN Client 설정하기 (linux)  (0) 2015.02.02
Linux PPTP VPN Client 설정하기  (0) 2015.02.02
댓글
댓글쓰기 폼
공지사항
Total
662,876
Today
2
Yesterday
231
링크
«   2018/08   »
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
글 보관함