講真肤无,我已經(jīng)快被這個(gè)弄瘋了先蒋!不是電腦連不上就是手機(jī)連不上。PPTP也沒這么多問題巴鸾ァ竞漾! F**K!
先把我的配置放上來做個(gè)備份眯搭,慢慢改吧...
也希望有大神路過的時(shí)候幫幫我 /鞠躬
以下所有的 X.X.X.X 為服務(wù)器的IP地址
安裝依賴包
yum -y install make gcc gmp-devel bison flex lsof
安裝源
rpm -ivh http://mirrors.yun-idc.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
安裝openswan
wget http://www.openswan.org/download/openswan-2.6.40.tar.gz --no-check-certificate
tar -zxvf openswan-2.6.40.tar.gz
cd openswan-2.6.40
make programs install
安裝依賴文件
yum -y install libpcap-devel ppp policycoreutils
安裝rp-l2tp
wget http://sourceforge.net/projects/rp-l2tp/files/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz --no-check-certificate
tar -zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
安裝軟件
yum -y install xl2tpd
編輯 ipsec.conf
vi /etc/ipsec.conf (注意縮進(jìn))
config setup
nat_traversal=yes
protostack=netkey
oe=off
interfaces="%defaultroute"
dumpdir=/var/run/pluto/
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,,%v4:!10.152.2.0/24
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
dpddelay=40
dpdtimeout=130
dpdaction=clear
keylife=1h
type=transport
left=X.X.X.X
leftid=X.X.X.X
leftnexthop=%defaultroute
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
rightnexthop=%defaultroute
forceencaps=yes
ike=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
phase2alg=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
編輯ipsec.secrets
vi /etc/ipsec.secrets
****** 是預(yù)共享密鑰。
include /etc/ipsec.d/*.secrets
X.X.X.X %any: PSK "******"
啟動 ipsec 服務(wù)
service ipsec restart
檢查 ipsec 是否有錯(cuò)
ipsec verify
除了最后一行是 [DISABLED] 其他的都應(yīng)該是 [OK]
修改 xl2tpd.conf
vi /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = X.X.X.X
[lns default]
ip range = 192.168.30.20-192.168.30.254
local ip = 192.168.30.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
修改 options.xl2tpd
vi /etc/ppp/options.xl2tpd
refuse-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 119.29.29.29
asyncmap 0
modem
noccp
auth
crtscts
hide-password
idle 1800
mtu 1200
mru 1200
name l2tpd
debug
lock
local
proxyarp
connect-delay 100
lcp-echo-interval 30
lcp-echo-failure 4
添加用戶
vi /etc/ppp/chap-secrets
UserName1 l2tpd PassWord1 *
UserName2 l2tpd PassWord2 *
配置轉(zhuǎn)發(fā) sysctl.conf 與 防火墻設(shè)置
vi /etc/sysctl.conf
net.ipv4.ip_forward= 0
修改為
net.ipv4.ip_forward= 1
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
載入新配置
sysctl -p
報(bào) unknown key 錯(cuò)誤
解決辦法:
注:此錯(cuò)誤可以忽視业岁,也可以使用下面命令解決鳞仙。
modprobe bridge
lsmod |grep bridge
重新啟動服務(wù)
service ipsec restart
service xl2tpd restart
設(shè)置規(guī)則
iptables --table nat --append POSTROUTING --jump MASQUERADE
/etc/init.d/iptables save
/etc/init.d/iptables restart
設(shè)置開機(jī)啟動
vi /etc/rc.local
touch /var/lock/subsys/local
iptables-restore /etc/iptables
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
/usr/bin/l2tpset
/usr/local/sbin/xl2tpd
現(xiàn)在的問題呢,就是我的安卓手機(jī)連不上斑督蟆7痹! 我已經(jīng)困惑好久了...
/var/log/message 里顯示
xl2tpd[1369]: Maximum retries exceeded for tunnel 44122. Closing.
xl2tpd[1369]: Connection 34 closed to Y.Y.Y.Y, port 24259 (Timeout)
Y.Y.Y.Y 是我手機(jī)外網(wǎng)地址
