ArchLinux 配置 L2TP/IPSec VPN 流水帐。
安装软件包
pacman -S strongswan xl2tpd
生成配置文件
VPN_SERVER_IP='your vpn server address'
VPN_IPSEC_PSK='your psk'
VPN_USER='your username'
VPN_PASSWORD='your password'
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file
conn myvpn
auto=add
authby=secret
right=$VPN_SERVER_IP
EOF
cat > /etc/ipsec.secrets <<EOF
: PSK "$VPN_IPSEC_PSK"
EOF
chmod 600 /etc/ipsec.secrets
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac vpn-connection]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name $VPN_USER
password $VPN_PASSWORD
EOF
启动VPN服务
systemctl start strongswan-starter
ipsec up myvpn
systemctl start xl2tpd
echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
添加路由
ip route add xxx.xxx.xxx.xxx via yyy.yyy.yyy.yyy dev pppX
其中,xxx.xxx.xxx.xxx 是需要被路由的ip或网段,比如192.168.3.0/24, yyy.yyy.yyy.yyy是拨号成功后的ip地址,
pppX是拨号成功后的虚拟设备, 可用ip address命令查看。
2022-03-16 更新说明
- 更新
/etc/ipsec.conf ,去除无用配置项
- 注意执行
ipsec up myvpn 时会有报错,不用处理,执行后续命令即可,然后 ping <ppp peer ip address> 测试
参考
- Openswan L2TP/IPsec VPN client setup
- setup-ipsec-vpn
- strongSwan
首頁
GitHub
下載
歸檔
關於