Semua Koleksi
IPPBX & Call Center Barantum
Cara Membuat VPN L2TP/IPSec di CentOS 7
Cara Membuat VPN L2TP/IPSec di CentOS 7
Rudi avatar
Ditulis oleh Rudi
Diperbarui lebih dari satu minggu yang lalu

Install ipsec and l2tp protocol tools

1.Sudo yum install libreswan xl2tpd 
Configuration file

 1.# /etc/ipsec.d/work.conf

 3.Config setup
 4.Keep-alive=300

 6.Conn Work
 7.Authby=secret
 8.Pfs=yes
 9.Auto=add
10.Keyingtries=%forever
11.Dpddelay=30
12.Dpdtimeout=120
13.Dpdaction=restart
14.Rekey=yes
15.Rekeymargin=1h
16.Ikelifetime=8h
17.Keylife=1h
18.Type=transport
19.Left=%defaultroute
20.Leftprotoport=udp/l2tp
21.Right=civnet.vicp.net
22.Rightprotoport=udp/l2tp
23.ike=aes_ctr, aes_cbc, camellia_cbc, serpent_cbc, twofish_cbc, 3des, 3DES-SHA1; MODP1024
24.Phase2alg=aes-HMAC_SHA1,3DES-HMAC_SHA1
25.Sha2-truncbug=yes 
 1.# cat /etc/ipsec.d/Work.secrets 

 3.% any civnet.vicp.net : PSK "civvpn.vicp.net" 
1.# cat /etc/xl2tpd/xl2tpd.conf 

3.[lac Work]
4.Lns = civnet.vicp.net
5.Ppp debug = yes
6.Pppoptfile=/etc/ppp/options.ppp
7.Length bit = yes
8.Redial = yes 
  1.# cat /etc/ppp/options.ppp 

  3.Ipcp-accept-local
  4.Ipcp-accept-remote
  5.Refuse-eap
  6.Require-mschap-v2
  7.Noccp
  8.Noauth
  9.Idle 86400
  10.Mtu 1400
  11.Mru 1400
  12.Nodefaultroute
  13.Debug
  14.Connect-delay 5000
  15.Name gitlabserver
  16.Password gitlabserver 
View log

  1.Sudo tail -f /var/log/messages | grep -v "journal"
Start the ipsec service

  1.Sudo systemctl start ipsec 
Log output

1.Sep 7 20:05:55 gitlabserver systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
2.Sep 7 20:05:55 gitlabserver whack: 002 shutting down
3.Sep 7 20:05:55 gitlabserver systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
4.Sep 7 20:05:55 gitlabserver ipsec: nflog ipsec capture disabled
5.Sep 7 20:05:55 gitlabserver systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Start the xl2tpd service

  1.Sudo systemctl start xl2tpd 
Log output
 
  1.Sep 7 20:08:38 gitlabserver pppd[8312]: Sent 714675 bytes, received 3429972 bytes.
  2.Sep 7 20:08:38 gitlabserver pppd[8312]: Overriding mtu 1500 to 1400
  3.Sep 7 20:08:38 gitlabserver pppd[8312]: Overriding mru 1500 to mtu value 1400
  4.Sep 7 20:08:38 gitlabserver pppd[8312]: Terminating on signal 15
  5.Sep 7 20:08:38 gitlabserver NetworkManager[898]: <info> [1536322118.7692] device (ppp0): state change: disconnected -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external')
  6.Sep 7 20:08:44 gitlabserver pppd[8312]: Connection terminated.
  7.Sep 7 20:08:44 gitlabserver avahi-daemon[830]: Withdrawing workstation service for ppp0.
  8.Sep 7 20:08:44 gitlabserver pppd[8312]: Modem hangup
  9.Sep 7 20:08:44 gitlabserver pppd[8312]: Exit.
  10.Sep 7 20:08:44 gitlabserver systemd: Unit xl2tpd.service entered failed state.
  11.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Not looking for kernel SAref support.
  12.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Using l2tp kernel support.
  13.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: xl2tpd version xl2tpd-1.3.8 started on gitlabserver.localdomain PID:31374
  14.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
  15.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Forked by Scott Balmos and David Stipp, (C) 2001
  16.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Inherited by Jeff McAdams, (C) 2002
  17.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
  18.Sep 7 20:08:44 gitlabserver xl2tpd: xl2tpd[31374]: Listening on IP address 0.0.0.0, p
Create a connection

1.Sudo ipsec auto --up work
2.Sudo xl2tpd-control connect work
Log output
 
 
 1Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Connecting to host civnet.vicp.net, port 1701
 2.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Connection established to 171.113.154.63, 1701. Local: 45773, Remote: 36724 (ref=0/0).
 3.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Calling on tunnel 45773
 4.Sep 7 20:12:24 gitlabserver xl2tpd: xl2tpd[20538]: Call established with 171.113.154.63, Local: 31692, Remote: 20120, Serial: 1 (ref=0/0)
 5.Sep 7 20:12:24 gitlabserver pppd[31767]: Plugin pppol2tp.so loaded.
 6.Sep 7 20:12:24 gitlabserver pppd[31767]: pppd 2.4.5 started by root, uid 0
 7.Sep 7 20:12:24 gitlabserver NetworkManager[898]: <info> [1536322344.5696] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/470)
 8.Sep 7 20:12:24 gitlabserver pppd[31767]: Using interface ppp0
 9.Sep 7 20:12:24 gitlabserver pppd[31767]: Connect: ppp0 <-->
 10.Sep 7 20:12:24 gitlabserver pppd[31767]: Overriding mtu 1500 to 1400
 11.Sep 7 20:12:24 gitlabserver pppd[31767]: Overriding mru 1500 to mtu value 1400
 12.Sep 7 20:12:27 gitlabserver pppd[31767]: CHAP authentication succeeded: Access granted
 13.Sep 7 20:12:27 gitlabserver pppd[31767]: CHAP authentication succeeded
 14.Sep 7 20:12:27 gitlabserver pppd[31767]: local IP address 10.1.0.2
 15.Sep 7 20:12:27 gitlabserver pppd[31767]: remote IP address 10.1.0.1
 16.Sep 7 20:12:27 gitlabserver NetworkManager[898]: <info> [1536322347.5741] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
 17.Sep 7 20:12:27 gitlabserver NetworkManager[898]: <info> [1536322347.5746] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Check the route. After the connection is successful, a ppp0 network interface will be added to the system route.

 
  1.[gitlab@gitlabserver ~]$ route -n
  2.Kernel IP routing table
  3.Destination Gateway Genmask Flags Metric Ref Use Iface
  4.0.0.0.0 192.168.12.252 0.0.0.0 UG 100 0 0 enp2s0
  5.10.1.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
  6.172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
  7.192.168.12.0 0.0.0.0 255.255.255.0 U 100 0 0 enp2s0
  8.192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 
Apakah pertanyaan Anda terjawab?