linode debian l2tp over ipsec
安装openswan
aptitude install openswan
安装过程中会提示是否安装x.509 我们选否就行
vi /etc/ipsec.conf
version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=服务器ip leftprotoport=17/1701 right=%any rightprotoport=17/%any # Apple iOS doesn't send delete notify so we need dead peer # detection to detect vanishing clients dpddelay=10 dpdtimeout=15 dpdaction=clear
vi /etc/ipsec.secrets
服务器ip %any: PSK "password"
/etc/init.d/ipsec restart
aptitude install xl2tpd ppp
vi /etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = yes [lns default] ip range = 10.1.2.2-10.1.2.255 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
vi /etc/ppp/options.xl2tpd
refuse-pap refuse-chap refuse-mschap require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd nodefaultroute proxyarp lcp-echo-interval 30 lcp-echo-failure 4 idle 1800 connect-delay 5000
vi /etc/ppp/chap-secrets
vpnusername l2tpd vpnpassword *
运行以下语句
echo1 > /proc/sys/net/ipv4/ip_forward for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done /etc/init.d/xl2tpd restart
以上语句请同时加在/etc/rc.local
iptables --table nat --append POSTROUTING --jump MASQUERADE
好了,大家可以使用win7的l2tp来vpn了