CentOS release 6.8
libreswan-3.15-7.3
xl2tpd-1.3.8-1
# yum -y --enablerepo=epel install openswan xl2tpd
一番下に下記を追加
/etc/xl2tpd/xl2tpd.conf
[lns default] ip range = 192.168.1.128-192.168.1.254 local ip = 192.168.1.99 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
一番下に下記を追加
/etc/ppp/options.xl2tpd
netmask 255.255.255.0 persist require-mschap-v2 logfile /var/log/xl2tpd.log
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP # client server secret IP addresses "[username]" * "[password]" *
/etc/ipsec.d/default.secrets
: PSK "[共有鍵]"
# L2TP/IPsec iptables -A FORWARD -i ppp+ -j ACCEPT iptables -A FORWARD -o ppp+ -j ACCEPT iptables -A INPUT -p esp -j ACCEPT iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
一番下に下記を追加
/etc/sysctl.conf
net.core.xfrm_larval_drop = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.lo.rp_filter = 0
/sbin/service xl2tpd start /sbin/service ipsec start /sbin/chkconfig xl2tpd on /sbin/chkconfig ipsec on /sbin/sysctl -p