转自:http://wiki.openwrt.org/zh-cn/doc/howto/connect_by_l2tp
http://wiki.openwrt.org/doc/howto/connect_by_l2tp
许多在俄罗斯,乌克兰,以色列及其他一些国家的ISP提供L2TP(第二层隧道协议)的接入方式以连接Internet。在许多情况下,内部资源(FTP,论坛等)位于ISP提供的“本地”网络中。用户可以通过P2P程序在“本地”网络交换文件。“本地”网络是流量免费或者是不限速度的,但访问Internet则需要通过L2TP进行再次拨号,这就是所谓的双重接入。
而在天××××----×××××朝,大多数网友使用VPN的最主要目的是游戏加速或者是翻*××墙。
OpenWrt提供两个包来进行L2TP拨号:openl2tp和xl2tp。在这里只介绍xl2tp,因为这个包已经能和netifd完美配合。
准备工作
需要安装的包:
xl2tpd
opkg install xl2tpd
具体配置
由于是双重连接,所以需要新建一个接口用于第二连接,下面是对/etc/config/network添加接口的例子:
config interface 'vpn'
option ifname 'vpn1'
option proto 'l2tp' #与/lib/netifd/proto/l2tp.sh相关
option username 'usr' #l2tp拨号用户名
option password 'pwd' #l2tp拨号密码
option server 'xxx.xxx.xxx.xxx' #l2tp拨号服务器域名或IP地址
为了使L2TP隧道生效,还需要在/etc/config/firewall中的"wan"区域添加前面新建的接口:
config zone
option name 'wan'
option network 'wan vpn'
option input REJECT
option forward REJECT
option output ACCEPT
option masq 1
在确认第一连接已经正确建立并可以与L2tp拨号服务器正常通信的前提下,使用以下命令来建立l2tp连接:
ifup vpn
使l2tp可以开机自动拨号:
/etc/init.d/xl2tpd enable
故障排除
通过ifconfig或route命令查看连接是否正确建立。如果没有生成对应的接口或者没有到l2tp拨号服务器的默认路由,那连接就没有建立成功。
此时可以修改/etc/ppp/options打开PPP的日志文件以及调试开关:
debug 1
logfile /var/log/ppp.log
……
重新拨号再对拨号日志做详细分析。
Many ISP's in Russia, Ukraine, Israel and other countries offer connection using Layer 2 Tunneling Protocol. In many cases ISP provides a "local" network, where internal resources of ISP are located (ftp, forums, etc.) Also users can exchange files through "local" network by P2P programs, like Direct Connect|. Traffic in "local" network is free or not limited by speed. This is called Dual Access.
The only OpenWrt package which uses the kernel to pass L2TP traffic is openl2tp. This guide will help to configure OpenWrt to connect to ISP using this package.
Preparation
Required Packages
openl2tp-full
Installation
opkg install openl2tp-full
Configuration
Create openl2tpd script in /etc/init.d/
#!/bin/sh /etc/rc.common
START=90
STOP=10
USER='login'
# Next line L2TP server domain name or IP
L2TPSERVER=''
L2TP='openl2tpd'
OPTS='-u 1701'
CONF='l2tpconfig'
RPC='portmap'
MOD='pppol2tp'
export L2TP_HISTFILE='/dev/null'
start() {
echo -n "Checking for $L2TP... "
L2TP_PROG=`which $L2TP`
if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
echo "yes"
else
echo "no"
return 1
fi
echo -n "Checking for $CONF... "
CONF_PROG=`which $CONF`
if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
echo "yes"
else
echo "no"
return 1
fi
if ! pidof $RPC 1> /dev/null 2> /dev/null; then
echo -n "Starting $RPC... "
RPC_PROG=`which $RPC`
if [ -n "$RPC_PROG" ] && [ -x $RPC_PROG ] && start-stop-daemon -q -S -x $RPC_PROG; then
echo "done"
else
echo "failed"
return 1
fi
fi
echo -n "Checking WAN status..."
while [ -z "$(uci_get_state network wan up)" ] ; do
sleep 1
done
echo "done"
echo -n "Starting $L2TP... "
if ! start-stop-daemon -q -S -x $L2TP_PROG -- $OPTS; then
start-stop-daemon -q -K -x $L2TP_PROG
fi
echo "done"
echo -n "Establishing tunnel... "
( echo "peer profile modify profile_name=default lac_lns=lac"
echo "ppp profile modify profile_name=default mtu=1460 auth_pap=no auth_eap=no default_route=yes auth_none=no lcp_echo_interval=10"
echo "tunnel create tunnel_name=corbina dest_ipaddr=$L2TPSERVER framing_caps=sync"
echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
if [ $? -ne 0 ]; then
echo "failed"
rm -f /var/run/$L2TP.pid
return 1
fi
( echo "session create tunnel_name=corbina session_name=corbina user_name=$USER"
echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
if [ $? -ne 0 ]; then
echo "failed"
rm -f /var/run/$L2TP.pid
return 1
fi
echo "done"
}
stop() {
echo -n "Checking for $L2TP... "
L2TP_PROG=`which $L2TP`
if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
echo "yes"
else
echo "no"
return 1
fi
echo -n "Checking for $CONF... "
CONF_PROG=`which $CONF`
if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
echo "yes"
else
echo "no"
return 1
fi
echo -n "Deleting tunnel... "
( echo "session delete tunnel_name=corbina session_name=corbina"
echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
if [ $? -ne 0 ]; then
echo "failed"
else
( echo "tunnel delete tunnel_name=corbina"
echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
if [ $? -ne 0 ]; then
echo "failed"
else
echo "done"
fi
fi
echo -n "Stopping $L2TP... "
if ! start-stop-daemon -q -K -x $L2TP_PROG; then
echo "not running"
return 1
else
rm -f /var/run/$L2TP.pid
echo "done"
fi
}
restart() {
stop
sleep 10
start
}
The sсript has a lot of debug, which can be removed.
Insert your username and server name or IP address into this script.
Give permission to execute the script:
chmod 755 /etc/init.d/openl2tpd
Enter user name and password to /etc/ppp/chap-secrets:
"username" * "password"
Create scripts to add and delete routes to L2TP server
/etc/ppp/ip-up.d/addroute
#!/bin/sh
. /etc/functions.sh
. /lib/network/config.sh
GW="$(uci_get_state network wan gateway)"
WAN="$(uci_get_state network wan ifname)"
route add $PPP_REMOTE gw $GW dev $WAN
route del $PPP_REMOTE dev $PPP_IFACE
/etc/ppp/ip-down.d/delroute
#!/bin/sh
route del $PPP_REMOTE
Give permissions to execute these scripts:
chmod 755 /etc/ppp/ip-up.d/addroute
chmod 755 /etc/ppp/ip-down.d/delroute
Add string replacedefaultroute and ipparam vpn to /etc/ppp/options. (ipparam is not needed for trunk).
Create new interface in /etc/config/network
...
config 'interface' 'vpn'
option 'ifname' 'ppp0'
option 'proto' 'none'
...
Add reqopts to wan section of /etc/config/network (msstaticroutes option works only in trunk).
option reqopts 'staticroutes msstaticroutes'
They are needed to get static routes from ISP. Which reqopts to choose depends on ISP. They mean which dhcp option to use.
* "staticroutes" = option 121
* "msstaticroutes" = option 249
* "routes" = option 33 (This is non yet implemented in default.script See Ticket 10294).
Add vpn interface to zone wan in /etc/config/firewall:
option network 'wan vpn'
Now after reboot you can start openl2tp.
/etc/init.d/openl2tpd start
To start openl2tp on boot
/etc/init.d/openl2tpd enable
Keepalive
Option persist in pppd not always works correctly. that is why I made a keepalivel2tp script to reconnect.
/etc/ppp/keepalivel2tp
#!/bin/sh
if [ ! -f /var/run/openl2tpd.pid ]; then
while [ ! -f /var/run/ppp0.pid ]; do
{
/etc/init.d/openl2tpd restart
sleep 60
}
done
fi
To use this script you need to give permission to execute the script and setup cron to start it periodically.