ubuntu(l2tp-ipsec)vpn连接方法
准备所需软件:
racoon
ppp
ipsec-tools
dhcp-client
xl2tpd
配置文件:
1. sudo gedit /etc/racoon/racoon.conf
代码:
log debug;
path pre_shared_key "/etc/racoon/psk.txt";
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
proposal_check obey;
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous {
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
2. sudo gedit /etc/racoon/psk.txt
代码:
10.0.255.246 ipsec-vpn
10.0.255.247 ipsec-vpn
10.0.255.248 ipsec-vpn
10.0.191.254 ipsec-vpn
10.0.191.253 ipsec-vpn
137.189.192.201 ipsec-vpn
137.189.192.204 ipsec-vpn
3. sudo gedit /etc/xl2tpd/xl2tpd.conf
代码:
[global]
port = 1701
auth file = /etc/ppp/pap-secrets
[lac connect]
lns = vpn.cuhk.edu.hk
; redial = yes
; redial timeout = 15
; max redials = 5
; hidden bit = yes
require pap = yes
ppp debug = yes
pppoptfile=/etc/ppp/options.xl2tpd
4. sudo gedit /etc/ppp/pap-secrets
代码:
yourID vpn.cuhk.edu.hk yourpassword
5. sudo gedit /etc/ppp/options.xl2tpd
代码:
noauth
lock
debug
mtu 1000
nobsdcomp
nodeflate
noaccomp
nopcomp
novj
defaultroute
replacedefaultroute (可以去掉)
name yourID
6. sudo mkdir /var/run/xl2tpd
启动连接:
sudo /etc/init.d/racoon start
(for archlinux: sudo racoon -f /etc/racoon/racoon.conf)
sudo /etc/init.d/xl2tpd start
(for archlinux: sudo /usr/local/sbin/xl2tpd)
sudo echo "c connect" > /var/run/xl2tpd/l2tp-control
切断连接:
sudo echo "d connect" > /var/run/xl2tpd/l2tp-control
sudo /etc/init.d/xl2tpd stop
sudo /etc/init.d/racoon stop
2条评论 ▼