openwrt使用l2tp

1、配置openwrt

cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
  # strictcrlpolicy=yes
  # uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  authby=secret
  ike=aes128-sha1-modp1024,3des-sha1-modp1024!
  esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn myvpn
  keyexchange=ikev1
  left=%defaultroute
  auto=add
  authby=secret
  type=transport
  leftprotoport=17/1701
  rightprotoport=17/1701
  right=47.100.171.251
EOF


cat > /etc/ipsec.secrets <<EOF
: PSK "xindoo.me"
EOF

cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac myvpn]
lns = 47.100.171.251
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF

cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name Test1
password test1
EOF

chmod 600 /etc/ppp/options.l2tpd.client

ipsec restart
ipsec up myvpn

2、参考

配置l2tp服务器:

https://blog.csdn.net/xindoo/article/details/52830609

配置l2tp客户端:
https://blog.csdn.net/rainforest_c/article/details/71171237
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#linux

OpenWrt中配置***进行以下步骤: 1. 安装必要的软件包:在OpenWrt设备上安装必要的软件包,包括xl2tpd和ipsec-tools。可以使用以下命令进行安装: ```shell opkg update opkg install xl2tpd ipsec-tools ``` 2. 配置IPsec:编辑/etc/ipsec.conf文件,添加IPsec配置。可以参考以下示例配置: ```shell config setup protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v6:fd00::/8,%v6:fe80::/10 conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any ``` 3. 配置L2TP:编辑/etc/xl2tpd/xl2tpd.conf文件,添加L2TP配置。可以参考以下示例配置: ```shell [global] ipsec saref = yes [lns default] ip range = 192.168.1.2-192.168.1.254 local ip = 192.168.1.1 require chap = yes refuse pap = yes require authentication = yes name = l2tpd ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes ``` 4. 配置PPP选项:编辑/etc/ppp/options.xl2tpd文件,添加PPP选项配置。可以参考以下示例配置: ```shell require-mschap-v2 ms-dns 192.168.100.99 auth mtu 1200 mru 1000 crtscts hide-password modem name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 ``` 5. 配置用户凭据:编辑/etc/ppp/chap-secrets文件,添加L2TP用户凭据。可以参考以下示例配置: ```shell # Secrets for authentication using CHAP # client server secret IP addresses username * password * ``` 6. 启动服务:启动IPsec和xl2tpd服务,并设置开机自启动。可以使用以下命令进行操作: ```shell /etc/init.d/ipsec start /etc/init.d/xl2tpd start /etc/init.d/ipsec enable /etc/init.d/xl2tpd enable ```***根据客户端的不同,配置连接参数,包括服务器IP地址、用户名和密码等。
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值