Ubuntu20.04 搭建L2TP+IPsec客户端

1 安装

安装l2tp和strongswan。

sudo apt install xl2tpd
sudo apt install strongswan

2 ipsec配置

1）编辑**/etc/ipsec.conf**

conn myvpn
    auto=add
    authby=secret
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701
    # 服务器公网地址
    right=10.25.X.X
    forceencaps=yes
    keyexchange=ikev2
    ike=chacha20poly1305-sha512-curve25519-prfsha512
    esp=chacha20poly1305-sha512
1
2
3
4
5
6
7
8
9
10
11
12
13

2）编辑**/etc/ipsec.secrets** , 设置ipsec的预共享秘钥,

# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.
: PSK "123456"
1
2
3
4
5

配置完后修改权限

chmod 600 /etc/ipsec.secrets
1

3 l2tp配置

编辑**/etc/xl2tpd/xl2tpd.conf**

[lac myvpn]
# vpn用户名
name = root
# 服务器地址
lns = 10.25.X.X
ppp debug = yes
# 
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
1
2
3
4
5
6
7
8
9

4 ppp配置

编辑PPP配置文件(例如上文中的**/etc/ppp/options.l2tpd.client**)。

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
# vpn用户名
name "root"
# vpn密码
password "root"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

配置完后修改权限

chmod 600 /etc/ppp/options.l2tpd.client
1

5 启动脚本

# 创建xl2tpd控制文件
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control

# 停止已开启的VPN连接
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn

# 重启ipsec
ipsec restart
service xl2tpd restart

# 启动vpn
ipsec up myvpn
echo "c myvpn" > /var/run/xl2tpd/l2tp-control

sleep 10

# 添加指向vpn服务器私有地址的路由
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.210
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20