linux 下 l2tp 客户端配置

安装 l2tpd包

总配置文件
/etc/l2tpd/l2tpd.conf

;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file “file.c” contains a list of commands at the end.
;
; You most definitely don’t have to spell out everything as it is done here
;
; [global] ; Global parameters:
; port = 1701 ; * Bind to port 1701
; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
; access control = yes ; * Refuse connections without IP match
; rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev – reads of /dev/urandom
; ; sys – uses rand()
; ; egd – reads from egd socket
; ; egd is not yet implemented
;
; [lns default] ; Our fallthrough LNS definition
; exclusive = no ; * Only permit one tunnel per host
; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5 ; * But this one is okay
; ip range = lac1-lac2 ; * And anything from lac1 to lac2’s IP
; lac = 192.168.1.4 – 192.168.1.8 ; * These can connect as LAC’s
; no lac = untrusted.marko.net ; * This guy can’t connect
; hidden bit = no ; * Use hidden AVP’s?
; local ip = 192.168.1.2 ; * Our local IP to use
; length bit = yes ; * Use length bit in payload?
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; unix authentication = no ; * Use /etc/passwd for auth.
; name = myhostname ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer ;
;
; [lac marko] ; Example VPN LAC definition
; lns = lns.marko.net ; * Who is our LNS?
; lns = lns2.marko.net ; * A backup LNS (not yet used)
; redial = yes ; * Redial if disconnected?
; redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP’s?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; name = marko ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer
;
; [lac cisco] ; Another quick LAC
; lns = cisco.marko.net ; * Required, but can take from default
; require authentication = yes

;拷贝了一份 lac marko 并改名为 lac xd
;注意:xd 为名称,拨号和断线时根据这个名来区分连接
[lac xd] ; Example VPN LAC definition
lns = ?.?.?.? ; * Who is our LNS? 服务器地址
lns = ?.?.?.? ; * A backup LNS (not yet used) 备份服务器地址
redial = yes ; * Redial if disconnected? 重播
redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP’s?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
name = gh ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd.xd ; * ppp options file for this lac ppp选项文件
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer

ppp 选项文件
自己建立的

/etc/ppp/options.l2tpd.xd

ipcp-accept-local
ipcp-accept-remote
noccp
noauth
defaultroute
lock
proxyarp
usepeerdns
connect-delay 5000

帐号密码文件
/etc/ppp/options.l2tpd.xd

# Secrets for authentication using CHAP
# client server secret IP addresses

帐号 * 密码 *

拨号命令

echo ‘c xd’ > /var/run/l2tp-control

断线命令

echo ‘d xd’ > /var/run/l2tp-control

增加路由信息

route add -net 172.2.2.0 netmask 255.255.255.0 dev ppp0
route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0

删除路由的命令

route del -net 172.2.2.0
route del -net 172.2.2.0 netmask 255.255.255.0 dev ppp0
route del -net 192.168.0.0 netmask 255.255.255.0 dev ppp0

No comment »