ipsec_l2tp_pki.conf

1. apt install xl2tpd # en ambos nodos
2.  
3.  
4. Server (left)
5.  
6. /etc/ipsec.d/l2tp_psk.conf
7.  
8. config setup
9.     strictcrlpolicy=no
10.  
11. conn %default
12.     ikelifetime=30m
13.     keylife=15m
14.     rekeymargin=3m
15.     keyingtries=1
16.     mobike=no
17.     dpdaction=clear
18.     dpddelay=30
19.     dpdtimeout=120
20.  
21. conn mainconn
22.     left=10.0.0.10
23.     leftprotoport=17/1701
24.     right=%any
25.     rightprotoport=17/1701
26.     authby=secret
27.     type=transport
28.     keyexchange=ikev1
29.     auto=add
30.  
31.  
32. /etc/ipsec.conf
33. include /etc/ipsec.d/l2tp_psk.conf
34.  
35.  
36. /etc/ipsec.secrets
37. : PSK "secreta"
38.  
39. ------------------------------------------
40.  
41. Client (right)
42.  
43. /etc/ipsec.d/l2tp_psk_cli.conf
44.  
45. config setup
46.     strictcrlpolicy=no
47.  
48. conn %default
49.     ikelifetime=30m
50.     keylife=15m
51.     rekeymargin=3m
52.     keyingtries=1
53.     mobike=no
54.     dpdaction=restart
55.     dpddelay=30
56.     dpdtimeout=120
57.  
58. conn l2tp
59.     left=10.0.0.10
60.     leftprotoport=17/1701
61.     right=10.0.0.20
62.     rightprotoport=17/1701
63.     authby=secret
64.     type=transport
65.     keyexchange=ikev1
66.     auto=route
67.  
68.  
69. /etc/ipsec.conf
70. include /etc/ipsec.d/l2tp_psk.conf
71.  
72. /etc/ipsec.secrets
73. : PSK "secreta"
74.  
75.  
76. ==================================================
77. L2TP server:
78.  
79. /etc/xl2tp/xl2tp.conf
80.  
81. [global]
82.     debug network = yes
83.     debug tunnel = yes
84.  
85. [lns default]
86.     ip range = 192.168.100.10-192.168.100.50
87.     local ip = 192.168.100.1
88.     require chap = yes
89.     refuse pap = yes
90.     require authentication = yes
91.     name = l2tpd
92.     ppp debug = yes
93.     pppoptfile = /etc/ppp/options.l2tpd
94.     length bit = yes
95.  
96.  
97.  
98. /etc/ppp/options.l2tp
99.  
100. ipcp-accept-local
101. ipcp-accept-remote
102. lcp-echo-interval 30
103. lcp-echo-failure 10
104. ms-dns 8.8.8.8
105. noccp
106. auth
107. mtu 1400
108. mru 1400
109. defaultroute
110. debug
111. proxyarp
112. connect-delay 5000
113. require-chap
114.  
115.  
116. /etc/ppp/chap-secrets
117. diego   l2tpd   123123  *
118.  
119.  
120. --------------------------------
121. L2TP client
122.  
123. /etc/xl2tp/xl2tpd.conf
124.  
125. [lac myvpn]
126. lns = 10.0.0.10
127. ppp debug = yes
128. pppoptfile = /etc/ppp/options.l2tpd.client
129. length bit = yes
130.  
131.  
132.  
133. /etc/ppp/options.l2tpd.client
134.  
135. ipcp-accept-local
136. ipcp-accept-remote
137. refuse-eap
138. require-chap
139. noccp
140. noauth
141. mtu 1280
142. mru 1280
143. noipdefault
144. defaultroute
145. usepeerdns
146. connect-delay 5000
147. name diego
148. password 123123
149.  
150.  
151. /etc/ppp/chap-secrets
152. diego   *   123123  *
153.  
154.  
155. ==============================
156. para conectar, en el cliente:
157.  
158. ## conectar con
159. # echo "c myvpn" > /var/run/xl2tpd/l2tp-control
160.  
161. ## desconectar con
162. # echo "d myvpn" > /var/run/xl2tpd/l2tp-control