L2TP和PPTP在linux下的安裝

一：相關簡介
L2TP和PPTP都使用ppp協議對數據進行封裝，然後添加附加包頭用於數據在互聯網上的傳輸。以下是兩者的不同：
1.pptp要求互聯網絡爲Ip網絡。L2TP只要求隧道媒介提供面向數據包的點對點的連接。L2TP可以在ip，幀中繼永久虛擬電路，x.25虛擬電路或atm vcs網絡上使用。
2.pptp只能在兩端點建立單一隧道。L2TP支持在兩端點間使用多隧道
3.L2TP可以提供包頭壓縮

二：L2TP的安裝
系統使用centos5.5 ，關掉iptables和selinux
1.yum安裝ppp，xl2tpd
#yum install ppp xl2tpd -y

2.下載安裝openswan源碼包
#wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
#tar zxvf openswan-2.6.24.tar.gz
#cd openswan-2.6.24
#make program
#make install

3.配置文件
#vi /etc/ipsec.conf
    config setup
            nat_traversal=yes
               virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/24
            oe=off
               protostack=netkey

############以下爲手動添加#########
    # Add connections here
    conn L2TP-PSK-NAT
            rightsubnet=vhost:%priv
            also=L2TP-PSK-noNAT

    conn L2TP-PSK-noNAT
            authby=secret
            pfs=no
                auto=add
            keyingtries=3
            rekey=no
            ikelifetime=8h
            keylife=1h
            type=transport
            left=172.16.100.130    ----此處填寫本機服務器IP
            leftprotoport=17/1701
            right=%any
            rightprotoport=17/%any

4.新建/etc/ipsec.secrets文件
#vi /etc/ipsec.secrets
    機器IP    %any:    PSK    "想要的密鑰"
  172.16.100.130  %any:     PSK    "123456"

5.修改/etc/sysctl.conf
#vi /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    net.ipv4.conf.default.rp_filter = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.default.log_martians = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.icmp_ignore_bogus_error_responses = 1   

#sysctl -p
驗證ipsec運行狀態

#ipsec setup --restart
#ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path                                 [OK]
    Linux Openswan U2.6.24/K2.6.30 (netkey)
    Checking for IPsec support in kernel                            [OK]
    NETKEY detected, testing for disabled ICMP send_redirects       [OK]
    NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
    Checking for RSA private key (/etc/ipsec.secrets)               [OK]
    Checking that pluto is running                                  [OK]
    Pluto listening for IKE on udp 500                              [OK]
    Pluto listening for NAT-T on udp 4500                           [OK]
    Checking for 'ip' command                                       [OK]
    Checking for 'iptables' command                                 [OK]
    Opportunistic Encryption Support                                [DISABLED]


6.編輯/etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes

[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.15
refuse chap = yes
refuse pap = yes
require authentication = yes
name = Linux***server
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

7.配置用戶名密碼
#vi /etc/ppp/chap-secrets
    wangzx          *       123456                  *

8.重啓服務
#/etc/init.d/xl2tpd restart

9.客戶端創建***連接


三：PPTP的安裝
#yum install ppp pptpd

編輯/etc/pptpd.conf文件
#vi /etc/pptpd.conf
localip 172.16.100.143(***服務器IP)
remoteip 172.16.100.150-200(分配給客戶端的IP)

#vi /etc/ppp/pptpd-options
修改ms-dns 8.8.8.8

#vi /etc/ppp/chap-secrets
用戶     協議   密碼    IP
root     pptpd  123456   172.16.100.143

#echo 1 > /proc/sys/net/ipv4/ip_forward
#sysctl -p
#iptables -t nat -A POSTROUTING -s 172.16.100.0/24 -o eth0 -j MASQUERADE
#/etc/init.d/pptpd restart

在客戶機上連接***就可以了