Tutorial Install dan Konfigurasi L2TP/IPSEC Pada Centos 7 – TOPSETTING.COM

Tutorial Install dan Konfigurasi L2TP/IPSEC Pada Centos 7 – TOPSETTING.COM

File-file konfigurasi terkait :

# /etc/ipsec.conf
———————————–
config setup virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
protostack=netkey
keep_alive=1800

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=172.16.10.115 # ip server
leftid=172.16.10.115 # ip server
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear

# /etc/ipsec.secret
———————————-
include /etc/ipsec.d/*.secrets
172.16.10.115 %any: PSK “anysecret”

# /etc/xl2tpd/xl2tpd.conf
——————————————-
[global]
; ipsec saref = yes
listen-addr = 172.16.10.115
auth file = /etc/ppp/chap-secrets
port = 1701
[lns default]
ip range = 10.15.0.2-10.15.0.254
local ip = 10.15.0.1
refuse chap = yes
refuse pap = yes
require authentication = yes
name = L2TPVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

# /etc/ppp/options.xl2tpd
——————————————–
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noproxyarp
passive
silent
default-asyncmap
noipx
noipv6
hide-password
noccp
nodeflate
nopcomp
noaccomp
nobsdcomp
novj
novjccomp
nopredictor1
mtu 1450
mru 1450
lcp-echo-interval 60
lcp-echo-failure 10
ipcp-accept-local
ipcp-accept-remote

# /etc/sysctl.conf
——————————–
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# iptables masquerade, 10.15.0.0/24 [ client network ]
—————————————————————————————–
iptables -t nat -s 10.15.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -o ppp+ -j MASQUERADE

Dapatkan artikel lainnya di https://topsetting.com/

source

centos 7