티스토리 뷰

VPN

ipsec XAUTH (with xl2tpd, openswan)

초보의 CHOMAN 2015.06.12 12:00

ipsec xauth ipsec.conf

: 현재 ipsec xauth 설정 되지 않음


  config setup

    plutostderrlog=/var/log/ipsec.log

    plutodebug=all

    nat_traversal=yes

    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24

    oe=off

    protostack=netkey

    uniqueids=no


conn L2TP-PSK-NAT

    rightsubnet=vhost:%priv

    also=L2TP-PSK-noNAT


conn L2TP-PSK-noNAT

    authby=secret

    pfs=no

    auto=add

    keyingtries=3

    rekey=no

    dpddelay=30

    dpdtimeout=120

    dpdaction=clear

    ikelifetime=8h

    keylife=1h

    type=transport

    left=211.234.6.29

    leftprotoport=17/1701

    right=%any

    rightprotoport=17/%any

    forceencaps=yes


conn IPSEC-XAUTH-NAT

    rekey=no

    pfs=no

    type=transport

    aggrmode=no

    authby=secret

    auto=add

    keyingtries=3

    dpddelay=30

    dpdtimeout=120

    dpdaction=clear

    ikelifetime=8h

    keylife=1h

    keyexchange=ike

    ike=aes-sha1-modp1024

    left=211.234.6.29

    leftprotoport=17/%any

    leftxauthserver=yes

    leftxauthusername=smileman

    right=%defaultroute

    rightprotoport=17/%any

    rightxauthclient=yes

    right=%any

    forceencaps=yes


/etc/ppp/options.xl2tpd

refuse-mschap-v2

refuse-mschap

ms-dns 8.8.8.8

ms-dns 8.8.4.4

asyncmap 0

auth

crtscts

idle 1800

mtu 1200

mru 1200

lock

hide-password

local

name l2tpd

proxyarp

lcp-echo-interval 30

lcp-echo-failure 4 



/etc/ipsec.secrets

include /etc/ipsec.d/*.secrets

211.234.6.29 %any: PSK "smile1234"

@smileman : XAUTH "smile1234"

211.234.6.29 : PSK "smile1234" 




END

'VPN' 카테고리의 다른 글

l2tp on ipsec (with xl2tpd, racoon)  (0) 2015.06.12
L2TP on ipsec (with xl2tpd, openswan)  (0) 2015.06.12
ipsec XAUTH (with xl2tpd, openswan)  (0) 2015.06.12
PPTP VPN 접속자 (connections) 관련 설정  (0) 2015.06.12
PPTP,L2TP,IPSEC VPN LOG 관련 정리  (0) 2015.06.12
PPTP L2TP PAM 인증  (0) 2015.06.12
댓글
댓글쓰기 폼