l2tp搭建

0 安装

sudo yum install -y xl2tpd ppp

1 /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701

[lns default]
ip range = 192.168.42.10-192.168.42.250
local ip = 192.168.42.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

2 /etc/ppp/options.xl2tpd

+mschap-v2
ipcp-accept-local
ipcp-accept-remote
noccp
auth
mtu 1280
mru 1280
proxyarp
lcp-echo-failure 4
lcp-echo-interval 30
connect-delay 5000
ms-dns 8.8.8.8
ms-dns 8.8.4.4

3 /etc/ppp/chap-secrets

"vpnuser" l2tpd "aEDCm8AwcUPAh7ZJ" *

4 /etc/sysctl.conf

kernel.msgmnb = 65536
kernel.msgmax = 65536

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0

net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216

可以通过此代码查询

cat /etc/sysctl.conf | grep net.ipv4.ip_forward

主要是 net.ipv4.ip_forward = 1 如果没有就添加，添加完执行

sysctl -p

systemctl restart xl2tpd (重启xl2tp服务端)

此时, 无论”ip range = 192.168.4.211-192.168.4.220”中配置的啥一定都没有网(与pptp的不同之处).需要通过ipconfig查看自己网卡的名称,然后输入如下命令:(同pptp, 如果pptp配置了跳过)

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (eth0 为当前网络所用的网卡名称)

问题

启动xl2tpd服务：

sudo systemctl start xl2tpd
sudo systemctl enable xl2tpd

配置防火墙允许L2TP流量：

sudo firewall-cmd --permanent --add-service=l2tp
sudo firewall-cmd --reload