之前写过一篇关于Centos 5-L2TP-VPN搭建流程的文章,琢磨着5都搞定了,那就搞搞6吧,不够专业,所以用了一键包。系统是OpenVZ的(Centos 6 32位)VPS。所以有了下文。流程如下:
1.用putty以root用户登陆VPS(当然也可以用其他用户,用su提权既可)
2.进入opt目录
cd /opt/
3.升级下软件包
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
4.手动安装pptpd
yum -y install pptpd
5.下载一键包
wget http://soft.kwx.gd/vpn/l2tp_CentOS.sh
6.赋予可执行权限
chmod +x l2tp_CentOS.sh
7.执行一键安装包选择1,进行安装。
./l2tp_CentOS.sh
8.安装完成后,编辑连接账号密码
vim /etc/ppp/chap-secrets
9.编辑密钥
vim /etc/ipsec.secrets
删除原有的语句。修改为
VPS的IP %any: PSK "你的VPN的密钥"
保存退出。
10.设置随机启动
chkconfig pptpd on
11.重启服务
service pptpd restart
至此,L2TP的VPN就已经装好了。
directspace的VPS要去后台开一下PPP才可以哦。开启可以参考Directspace-VPS如何重装系统
依然是,分析一下l2tp_CentOS.sh的源码:
#!/bin/bash
function installVPN(){
echo "begin to install L2TP VPN services";
yum remove -y pptpd ppp
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp
#安装一些必要的程序
yum -y install openswan gcc libpcap-devel ppp
mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "/usr/local/sbin/xl2tpd" >> /etc/rc.local
cd /tmp/
wget http://soft.kwx.gd/vpn/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp -rf handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd ..
wget -c http://soft.kwx.gd/vpn/xl2tpd-1.2.8.tar.gz
tar -zxf xl2tpd-1.2.8.tar.gz
cd xl2tpd-1.2.8
make install
mkdir /etc/xl2tpd
touch /etc/xl2tpd/xl2tpd.conf
touch /etc/ppp/options.xl2tpd
cat >/etc/xl2tpd/xl2tpd.conf<<END
[global]
ipsec saref = yes
[lns default]
local ip = 10.10.11.1
ip range = 10.10.11.2-10.10.11.245
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
END
cat >/etc/ppp/options.xl2tpd<<END
require-mschap-v2
#指定使用的DNS
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
END
pass=`openssl rand 6 -base64`
if [ "$1" != "" ]
then pass=$1
fi
#写入随机密码和账号vpn到/etc/ppp/chap-secrets
echo "vpn * ${pass} *" >> /etc/ppp/chap-secrets
iptables -t nat -A POSTROUTING -s 10.10.10/8 -o venet0 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
iptables -A FORWARD -s `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`/32 -o venet0 -j ACCEPT
service iptables save
#iptables xl2tpd设置随机启动
chkconfig iptables on
service iptables start
/usr/local/sbin/xl2tpd
echo "L2TP VPN service is installed, your L2TP VPN username is vpn, VPN password is ${pass}"
}
function repaireVPN(){
echo "begin to repaire VPN";
mknod /dev/ppp c 108 0
service iptables restart
}
function addVPNuser(){
echo "input user name:"
read username
echo "input password:"
read userpassword
echo "${username} * ${userpassword} *" >> /etc/ppp/chap-secrets
service iptables restart
}
echo "which do you want to input the number."
echo "1. install VPN service"
echo "2. repaire VPN service"
echo "3. add VPN user"
read num
case "$num" in
[1] ) (installVPN);;
[2] ) (repaireVPN);;
[3] ) (addVPNuser);;
*) echo "nothing,exit";;
esac
PS:此方法搭建好的L2TP我测试只有windows 7可以连接……安卓和iOS都连接失败,貌似openvz始终无法正常启动IPsec。启动IPsec后,使用 ipsec verify,报错一直如下:
Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.38/K(no kernel code presently loaded) Checking for IPsec support in kernel [FAILED] SAref kernel support [N/A] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [FAILED] Pluto listening for NAT-T on udp 4500 [FAILED]
看起来是和内核有关的,他哥刚接触linux不久,暂时放弃了……
20170823 博主留言:VPN协议基本都被吃透了,想出去的话,放弃VPN改用其他方式架设吧,比如Shadowsocks,自己搜博文。
如您从本文得到了有价值的信息或帮助,请考虑扫描文末二维码捐赠和鼓励。
如本文对您有用,捐赠和留言 将是对我最好的支持~(捐赠可转为站内积分)
如愿意,请向朋友推荐本站,谢谢。
尊重他人劳动成果。转载请务必附上原文链接,我将感激不尽。