北京建站免费模板,个人备案 做网站,公司网站后台怎么上传视频,龙游住房和城乡建设局网站记得开放允许访问 UDP 500、1701、4500共3个端口
1. 服务器安装软件:
yum -y install openswan xl2tpd ppp2. 服务器配置文件 /etc/ipsec.conf 修改内容如下#xff0c;云服务器一般网卡地址填私网地址:
config setupprotostacknetkeylogfile/var/log/ipsec.logvirtual_pri…记得开放允许访问 UDP 500、1701、4500共3个端口
1. 服务器安装软件:
yum -y install openswan xl2tpd ppp2. 服务器配置文件 /etc/ipsec.conf 修改内容如下云服务器一般网卡地址填私网地址:
config setupprotostacknetkeylogfile/var/log/ipsec.logvirtual_private%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10conn L2TP-PSKauthbysecretpfsnoautoaddkeyingtries3dpddelay30dpdtimeout120dpdactionclearrekeynoikelifetime8hkeylife1htypetransportleft网卡地址leftprotoport17/1701right%anyrightprotoport17/%anyrightsubnetvhost:%priv3. 设置 VPN 共享密钥服务器配置文件 /etc/ipsec.secrets 修改内容如下密钥自定义:
%any: PSK 密钥4. 修改服务器内核参数服务器配置文件 /etc/sysctl.conf 修改或者添加内容如下:
net.ipv4.ip_forward 1
net.ipv4.conf.default.rp_filter 0
net.ipv4.conf.all.rp_filter 0
net.ipv4.conf.all.send_redirects 0
net.ipv4.conf.default.send_redirects 0
net.ipv4.conf.all.accept_redirects 0
net.ipv4.conf.default.accept_redirects 0
net.core.xfrm_larval_drop 15. 服务器执行命令修改内核参数立即生效:
sysctl -p6. 执行脚本
for each in /proc/sys/net/ipv4/conf/*
doecho 0 $each/accept_redirectsecho 0 $each/send_redirectsecho 0 $each/rp_filter
done7. 防火墙添加规则:
iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu8. 服务器启动 ipsec 服务:
RHEL/CentOS 6系列:
service ipsec startRHEL/CentOS 7系列:
systemctl start ipsec9. 服务器检查 ipsec 服务:
ipsec verify运行结果显示类似如下除两行不是 [OK] 表明正常
Verifying installed system and configuration filesVersion check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 3.10.0-123.9.3.el7.x86_64
Checking for IPsec support in kernel [OK]NETKEY: Testing XFRM related proc valuesICMP default/send_redirects [OK]ICMP default/accept_redirects [OK]XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]Pluto listening for IKE on udp 500 [OK]Pluto listening for IKE/NAT-T on udp 4500 [OK]Pluto ipsec.secret syntax [OK]
Checking ip command [OK]
Checking iptables command [OK]
Checking prelink command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]10. 服务器配置文件 /etc/xl2tpd/xl2tpd.conf 修改内容如下
[global]
ipsec saref yes[lns default]
ip range VPN客户端内网起始IP地址-VPN客户端内网结束IP地址
local ip VPN服务器内网IP地址
require chap yes
refuse pap yes
require authentication yes
name VPN Server
ppp debug yes
pppoptfile /etc/ppp/options.xl2tpd
length bit yes11. 服务器配置文件 /etc/ppp/options.xl2tpd 修改内容如下
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns DNS服务器地址1
ms-dns DNS服务器地址2
noccp
noipv6
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
noproxyarp
connect-delay 5000
lcp-echo-interval 0
lcp-echo-failure 0
logfile /var/log/xl2tpd.log12.服务器启动 xl2tpd 服务
RHEL/CentOS 6系列
service xl2tpd startRHEL/CentOS 7系列
systemctl start xl2tpd13. 服务器配置文件 /etc/ppp/chap-secrets 添加账号格式如下
账号 * 密码 *Windows 7及以上系统连接 L2TP over IPSec VPN 不稳定解决方法
新建 .reg 后缀名的文件将下列内容添加至该文件并双击运行之后重启电脑
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
AssumeUDPEncapsulationContextOnSendRuledword:00000002
