yum remove -y openswan wget http://www.openswan.org/download/openswan-2.6.24.tar.gz tar zxvf openswan-2.6.24.tar.gz cd openswan-2.6.24 make programs install
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf sysctl -p for each in /proc/sys/net/ipv4/conf/* do echo0 > $each/accept_redirects echo0 > $each/send_redirects done iptables -t nat -A POSTROUTING -j MASQUERADE
验证ipsec配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
/etc/init.d/ipsec restart ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K2.6.32-71.29.1.el6.i686 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [N/A] Checking for'ip'command [OK] Checking for'iptables'command [OK] Opportunistic Encryption Support [DISABLED]
安装x2ltpd
1 2 3 4 5 6
wget http://www.xelerance.com/wp-content/uploads/software/xl2tpd/xl2tpd-1.3.0.tar.gz tar xvf xl2tpd-1.3.0.tar.gz make install mkdir /var/run/xl2tpd ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control mkdir /etc/xl2tpd
配置xl2tpd
修改/etc/xl2tpd/xl2tpd.conf
1 2 3 4 5 6 7 8 9 10 11 12
[global] listen-addr = $your_vps_ip#替换成你的vpsip ipsec saref = yes [lns default] ip range = 192.168.30.10-192.168.30.20 local ip = 192.168.30.1 require chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes