티스토리 뷰

VPN

L2TP on ipsec (with xl2tpd, openswan)

초보의 CHOMAN 2015.06.12 13:56

설치

yum install make gcc gmp-devel bison flex lsof

rpm -ivH http://repo.nikoforge.org/redhat/el6/nikoforge-release-latest

yum -y install http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

yum install xl2tpd ppp

yum install openswan -y



vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.icmp_ignore_bogus_error_responses = 1 



vim /etc/rc.d/rc.local 아래 라인 추가

# AGIX IPSEC VPN

for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done

for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done



vim /etc/ipsec.secrets

include /etc/ipsec.d/*.secrets

"VPN서버아이피" %any: PSK "1234"



vim /etc/ppp/options.xl2tpd

ipcp-accept-local

ipcp-accept-remote

noccp

auth

crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

ms-dns 168.126.63.1

ms-dns 8.8.8.8

require-mschap-v2

asyncmap 0

crtscts

hide-password

modem

name l2tpd

proxyarp

lcp-echo-interval 10

lcp-echo-failure 100



vim /etc/ipsec.conf

version 2.0


config setup

        dumpdir=/var/run/pluto/

        nat_traversal=yes

        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:25.0.0.0/8,!%v4:10.0.1.0/24,%v6:fd00::/8,%v6:fe80::/10

        oe=off

        protostack=netkey


conn L2TP-PSK-NAT

    rightsubnet=vhost:%priv

    also=L2TP-PSK-noNAT


conn L2TP-PSK-noNAT

        authby=secret

        pfs=no

        auto=add

        keyingtries=3

        rekey=no

        dpddelay=10

        dpdtimeout=90

        dpdaction=clear

        ikelifetime=8h

        keylife=1h

        type=transport

        left="VPN 서버 아이피"

        leftprotoport=17/1701

        right=%any

        rightprotoport=17/%any 



[root@localhost etc]# ipsec verify

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.32/K2.6.32-504.3.3.el6.x86_64 (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing for disabled ICMP send_redirects              [OK]

NETKEY detected, testing for disabled ICMP accept_redirects     [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]


서비스 시작

chkconfig ipsec on

chkconfig xl2tpd on


service xl2tpd restart

service ipsec restart 


마찬가지로 pptp 와 동일하게 계정은 /etc/ppp/chap-secrets 이용함

보다 자세한 셋팅을 하자면 man ipsec.conf 참고


아이폰에서 접속 안되는 증상

"L2TP-PSK-NAT"[1] "클라이언트아이피" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level

"L2TP-PSK-NAT"[1] "클라이언트아이피" #1: sending notification INVALID_PAYLOAD_TYPE to "클라이언트아이피":500

ERROR: asynchronous network error report on eth0 (sport=500) for message to "클라이언트아이피" port 500, complainant "클라이언트아이피": Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] 


Centos6 64비트 기준 아이폰 VPN 접근

openswan-2.6.32-37.el6.x86_64.rpm : 아이폰 (IOS) 접근 안됨

openswan-2.6.32-27.4.el6_5.x86_64.rpm : 아이폰 (IOS) 접근 안됨

openswan-2.6.32-27.2.el6_5.x86_64 : 아이폰 (IOS) 접근 가능되는 최신 RPM  버젼



참고자료

https://help.ubuntu.com/community/L2TPServer

http://louwrentius.com/setting-up-a-vpn-with-your-iphone-using-l2tp-ipsec-and-linux.html

댓글
댓글쓰기 폼
공지사항
Total
662,876
Today
2
Yesterday
231
링크
«   2018/08   »
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
글 보관함