apt-get install strongswan xl2tpd
/etc/ipsec.secrets
%any %any : PSK "sharedKeyyyyy"
/etc/ppp/chap-secrets
"client1" l2tpserver "PassW0rd!33313" "192.168.3.10"
"client2" l2tpserver "zPassW0rd!3331f!!!" "192.168.3.11"
"client3" l2tpserver "AsfjePas9DsW0rd!3331" "192.168.3.12"
/etc/xl2tpd/xl2tpd.conf
[global]
port = 1701
access control = no
ipsec saref = yes
force userspace = yes
auth file = /etc/ppp/chap-secrets
[lac hostname]
lns = !!!!!!!!SERVER IP!!!!!!!!
[lns default]
ip range = 192.168.3.5-192.168.3.255
local ip = 192.168.3.1
name = l2tpserver
pppoptfile = /etc/ppp/options
flow bit = yes
exclusive = no
hidden bit = no
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
/etc/ipsec.conf
config setup
nat_traversal=yes
protostack=netkey
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
conn l2tpvpn
forceencaps=yes
type=transport
authby=secret
pfs=no
rekey=no
keyingtries=1
left=%any
leftprotoport=udp/l2tp
[email protected]
right=%any
rightprotoport=udp/%any
auto=add
/etc/ppp/options
ipcp-accept-local
ipcp-accept-remote
noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
#defaultroute
#usepeerdns
lock
noproxyarp
silent
modem
asyncmap 0
hide-password
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
iptables_setup.sh
#!/bin/bash
IF_EXT="eth0"
IF_INT="ppp+"
NET_INT="192.168.3.1/24"
iptables -F
iptables -F -t nat
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ${IF_INT} -s ${NET_INT} -j ACCEPT
iptables -A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -p ah -j ACCEPT
iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s ${NET_INT} -j ACCEPT
iptables -t nat -A POSTROUTING -s ${NET_INT} -j MASQUERADE -o ${IF_EXT}
iptables -A FORWARD -i ${IF_INT} -o ${IF_EXT} -s ${NET_INT} -j ACCEPT
iptables -A FORWARD -i ${IF_EXT} -o ${IF_INT} -d ${NET_INT} -m state --state RELATED,ESTABLISHED -j ACCEPT
service xl2tpd restart && service strongswan restart
Комментарии ()