I want to set up a L2TP server on my Linode (i've already set up a PPTP using pptpd successfully). I followed a tutorial. Following are the root shell commands.
Code:
apt-get install openswan
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
ipsec verify
sudo /etc/init.d/ipsec restart
apt-get install xl2tpd
/etc/init.d/xl2tpd restart
iptables –table nat –append POSTROUTING –jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
content of ipsec.conf
Code:
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=XXX.XXX.XXX.XXX
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
content of ipsec.secrets
Code:
XXX.XXX.XXX.XXX %any: PSK “presharedSecret”
content of xl2tpd.conf
Code:
[global]
ipsec saref = yes
[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
;require chap = yes
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
content of options.xl2tpd
Code:
require-mschap-v2
ms-dns 208.67.222.222
ms-dns 208.67.220.220
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
The Openswan(2.6.24), IPSEC, xl2tpd all succeeded in starting. But none of my devices can connect to L2TP while the PPTP service works properly. After I executed 'xl2tpd -D' and had my iOS connect to it, no debug messages appeared.
It would be greatly appericated if anyone could tell me the way to solving the problem and what "/8","16" & "/12" in "virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12" means?
Thanks very much.
FAQ
Search
Members
Register
Login [ Anonymous ]
