之前写过一篇关于Centos 5-L2TP-VPN搭建流程的文章,琢磨着5都搞定了,那就搞搞6吧,不够专业,所以用了一键包。系统是OpenVZ的(Centos 6 32位)VPS。所以有了下文。流程如下:
1.用putty以root用户登陆VPS(当然也可以用其他用户,用su提权既可)
2.进入opt目录

cd /opt/

3.升级下软件包

rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm

4.手动安装pptpd

yum -y install pptpd

5.下载一键包

wget http://soft.kwx.gd/vpn/l2tp_CentOS.sh

6.赋予可执行权限

chmod +x l2tp_CentOS.sh

7.执行一键安装包选择1,进行安装。

./l2tp_CentOS.sh

8.安装完成后,编辑连接账号密码

vim /etc/ppp/chap-secrets

9.编辑密钥

vim /etc/ipsec.secrets

删除原有的语句。修改为

VPS的IP %any: PSK "你的VPN的密钥"

保存退出。
10.设置随机启动

 chkconfig pptpd on

11.重启服务

service pptpd restart

至此,L2TP的VPN就已经装好了。
directspace的VPS要去后台开一下PPP才可以哦。开启可以参考Directspace-VPS如何重装系统

依然是,分析一下l2tp_CentOS.sh的源码:

#!/bin/bash
function installVPN(){
echo "begin to install L2TP VPN services";

yum remove -y pptpd ppp
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp


#安装一些必要的程序
yum -y install openswan gcc libpcap-devel ppp
mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "/usr/local/sbin/xl2tpd" >> /etc/rc.local
cd /tmp/
wget http://soft.kwx.gd/vpn/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp -rf handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control

cd ..

wget -c http://soft.kwx.gd/vpn/xl2tpd-1.2.8.tar.gz
tar -zxf xl2tpd-1.2.8.tar.gz
cd xl2tpd-1.2.8
make install
mkdir /etc/xl2tpd
touch /etc/xl2tpd/xl2tpd.conf
touch /etc/ppp/options.xl2tpd

cat >/etc/xl2tpd/xl2tpd.conf<<END
[global]
ipsec saref = yes

[lns default]
local ip = 10.10.11.1
ip range = 10.10.11.2-10.10.11.245
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
END
cat >/etc/ppp/options.xl2tpd<<END
require-mschap-v2
#指定使用的DNS
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
END

pass=`openssl rand 6 -base64`
if [ "$1" != "" ]
then pass=$1
fi
#写入随机密码和账号vpn到/etc/ppp/chap-secrets
echo "vpn * ${pass} *" >> /etc/ppp/chap-secrets
iptables -t nat -A POSTROUTING -s 10.10.10/8 -o venet0 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
iptables -A FORWARD -s `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`/32 -o venet0 -j ACCEPT
service iptables save
#iptables xl2tpd设置随机启动
chkconfig iptables on

service iptables start
/usr/local/sbin/xl2tpd

echo "L2TP VPN service is installed, your L2TP VPN username is vpn, VPN password is ${pass}"

}
function repaireVPN(){
echo "begin to repaire VPN";
mknod /dev/ppp c 108 0
service iptables restart

}
function addVPNuser(){
echo "input user name:"
read username
echo "input password:"
read userpassword
echo "${username} * ${userpassword} *" >> /etc/ppp/chap-secrets
service iptables restart

}
echo "which do you want to?input the number."
echo "1. install VPN service"
echo "2. repaire VPN service"
echo "3. add VPN user"
read num
case "$num" in
[1] ) (installVPN);;
[2] ) (repaireVPN);;
[3] ) (addVPNuser);;
*) echo "nothing,exit";;
esac

PS:此方法搭建好的L2TP我测试只有windows 7可以连接……安卓和iOS都连接失败,貌似openvz始终无法正常启动IPsec。启动IPsec后,使用 ipsec verify,报错一直如下:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38/K(no kernel code presently loaded)
Checking for IPsec support in kernel                            [FAILED]
 SAref kernel support                                           [N/A]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [FAILED]
 Pluto listening for NAT-T on udp 4500                          [FAILED]

看起来是和内核有关的,他哥刚接触linux不久,暂时放弃了……

Related Posts: Centos 6-L2TP-VPN搭建流程 :