centos7搭建xl2tpd

1、pptpyes

2、TUNcat: /dev/net/tun: File descriptor in bad state

cat /dev/net/tun

1、yumcentosxl2tpd,yum

yum install -y epel-release

2、xl2tpd

yum install -y xl2tpd libreswan lsof

3、xl2tpd

vim /etc/xl2tpd/xl2tpd.conf

[global]

[lns default]

ip range = 192.168.1.128-192.168.1.254

local ip = 192.168.1.99

require chap = yes

refuse pap = yes

require authentication = yes

name = LinuxVPNserver

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

4、ppp

vim /etc/ppp/options.xl2tpd

ipcp-accept-local

ipcp-accept-remote

name xl12tpd

#noccp

auth

#crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

#lock

proxyarp

connect-delay 5000

refuse-pap

refuse-mschap

require-mschap-v2

persist

logfile /var/log/xl2tpd.log

5、ipsec

config setup

include /etc/ipsec.d/*.conf

conn l2tp-psk

6、

vim /etc/ppp/chap-secrets

7、

vim /etc/ipsec.d/default.secrets

: PSK "YourPSK"

8、

iptables

*nat

:PREROUTING ACCEPT [2:104]

:INPUT ACCEPT [2:104]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -m policy --dir out --pol none -j MASQUERADE

-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

COMMIT

*filter

:INPUT ACCEPT [84:7150]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [49:10368]

-A INPUT -m policy --dir in --pol ipsec -j ACCEPT

-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT

-A INPUT -p udp -m udp --dport 500 -j ACCEPT

-A INPUT -p udp -m udp --dport 4500 -j ACCEPT

-A FORWARD -m policy --dir in --pol ipsec -j ACCEPT

-A FORWARD -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

COMMIT

iptables

9、

net.ipv4.ip_forward = 1

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.lo.rp_filter = 0

net.ipv4.conf.lo.send_redirects = 0

10、

ipsec

ipsec

ipsec

[root@iZj6c7krv4f28m7t3p2f2tZ ~]# ipsec verify

Verifying installed system and configuration files

Libreswan 3.25 (netkey) on 3.10.0-957.5.1.el7.x86_64

Two or more interfaces found, checking IP forwarding[OK]

Checking 'prelink' command does not interfere with FIPS[OK]

xl2tpd

xl2tpd

11、1701udp

12、VPNMac/etc/pppoptions

sudo vim /etc/ppp/options

options