티스토리 뷰

VPN

L2TP / IPSEC VPN Client 설정하기 (linux)

초보의 CHOMAN 2015. 2. 2. 17:06

L2TP / IPSEC VPN Client 설정하기 (linux)

 


 

테스트 환경



 클라우드 서버 (floating nat 환경) , 물리서버 (static real ip)
 CENTOS7 64bit


 

패키지 설치



 yum install epel-release
 yum install libreswan xl2tpd kernel


 

디렉토리 생성



mkdir -p /var/run/xl2tpd


 

ipsec.conf 파일 설정

 

vim /etc/ipsec.conf



config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
dumpdir=/var/run/pluto/
protostack=netkey
logfile=/var/log/pluto.log


conn koreavpn
        authby=secret
        pfs=no
        auto=add
        rekey=no
        left="%defaultroute"
        right= 접속할 VPN 서버 아이피
        type=transport
        leftprotoport=17/1701
        rightprotoport=17/1701
        dpddelay=15
        dpdtimeout=30
        dpdaction=clear


 

vim /etc/ipsec.secret



include /etc/ipsec.d/*.secrets
접속할 VPN 아이피 %any: PSK "test1234" 

 

 

 

vim /etc/xl2tpd/xl2tpd.conf



[lac koreavpn]
lns = 접속할 VPN 아이피
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.client
length bit = yes


 

 

vim /etc/ppp/options.xl2tpd.client



ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
require-chap
noccp
auth
idle 1800
#mtu 1400
#mru 1400
defaultroute
noipdefault
usepeerdns
debug
connect-delay 5000
name VPN계정아이디
password VPN계정패스워드


 

명령어 실행



/etc/init.d/ipsec start
/etc/init.d/xl2tpd start
 
XL2TP 연결
echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control 

IPSEC 연결
ipsec auto --up L2TP-PSK

 


 

확인



# route


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         VPN 아이피   0.0.0.0         UG    0      0        0 ppp0
로컬네트워크    *               255.255.255.0   U     1      0        0 eth0
VPN 아이피   *               255.255.255.255 UH    0      0        0 ppp0


ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.0.0.1  P-t-P:VPN아이피  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:1342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1456 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:429991 (429.9 KB)  TX bytes:188608 (188.6 KB)

 

L2TP 만 연결되었을때 패킷 덤프 ( TCP 1701 포트로패킷 교환 )



.55.xx.6.1701 > xx.68.xx.100.1701:  l2tp:[L](11358/49660) {IP 11.0.0.3 > 11.0.0.1: ICMP echo request, id 42827, seq 1, length 64}
E..|..@.2....7q.sD.d.....h..@..`,^.....!E..T..@.@.$...........e..K....&Z....-....................... !"#$%&'()*+,-./01234567


 

IPSEC이 추가 연동되면 패킷 덤프 ( TCP 1701 포트로패킷 교환 )



13:33:56.884247 IP xx.55.xx.6 > xx.68.xx.100: ESP(spi=0xb5a26f07,seq=0x1), length 148
E.....@.22.=.7q.sD.d..o......{...G%z8.&..p.C6..csT.0Y.a.:...o&%...6tT.D...........O...X...G."..F...
T..P.5.ciH........O     $^.9%.....b).....%.....M.J../...A.!+.,....T_|...


 

'VPN' 카테고리의 다른 글

windows 8 계열 PPTP clinet 설정하기  (0) 2015.02.28
PPTP VPN 속도는?  (0) 2015.02.04
pptp 와 openvpn 비교  (0) 2015.02.04
vpn 을 사용하는 이유? (경우)  (0) 2015.02.04
L2TP / IPSEC VPN Client 설정하기 (linux)  (0) 2015.02.02
Linux PPTP VPN Client 설정하기  (0) 2015.02.02
댓글
댓글쓰기 폼
공지사항