# 配置linux l2tp服务器
配置一个linux l2tp服务器让路由器可以通过lt2p拨号上网
# 准备
linux服务器默认网卡地址如下:
192.168.8.21,这个地址稍后配置iptables用到
# 安装xl2tpd
- centos:
yum install -y epel-release
yum install -y xl2tpd ppp
- ubuntu
apt-get install xl2tpd ppp
# 配置
1.修改/etc/xl2tpd/xl2tpd.conf
内容如下:
[global]
auth file = /etc/ppp/chap-secrets
[lns default]
; 分配给客户端的ip地址段
ip range = 192.168.34.100-192.168.34.200
; 本机ppp端ip地址
local ip = 192.168.34.99
require chap = yes
refuse pap = yes
require authentication = yes
name = Linuxvpnserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
2.修改/etc/ppp/options.xl2tpd
name xl2tpd
ipcp-accept-local
ipcp-accept-remote
#分配给客户端的dns地址
ms-dns 8.8.8.8
ms-dns 1.1.1.1
# ms-dns 192.168.1.1
# ms-dns 192.168.1.3
# ms-wins 192.168.1.2
# ms-wins 192.168.1.4
noccp
auth
#obsolete: crtscts
idle 1800
#根据网络情况修改mtu大小
mtu 1410
mru 1410
nodefaultroute
debug
#obsolete: lock
proxyarp
connect-delay 5000
# To allow authentication against a Windows domain EXAMPLE, and require the
# user to be in a group "VPN Users". Requires the samba-winbind package
# require-mschap-v2
# plugin winbind.so
# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
# You need to join the domain on the server, for example using samba:
# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
3.修改/etc/ppp/chap-secrets
增加拨号用户和密码,一行一个,一行有4个字段分别是,第一列是用户名,第二列是server即为options.xl2tp中的name,参数*代表所有,第三列是密码,第四列是允许的IP(*为全部允许),用tab分隔
如下配置用户名为root,密码为root123
# Secrets for authentication using CHAP
# client server secret IP addresses
root * root123 *
4.路由转发配置iptables
允许拨入的流量通过本地网卡进行NAT上网
命令行执行:
iptables -t nat -A POSTROUTING -s 192.168.34.0/24 -j SNAT --to-source 192.168.8.21
允许192.168.34.0/24来源的流量,通过NAT转到本地网卡地址192.168.8.21上网
5.修改系统配置
编辑/etc/sysctl.conf
net.ipv4.ip_forward = 1
运行命令生效
sysctl -p
# 运行
systemctl enable xl2tpd
systemctl start xl2tpd
路由器配置拨号:地址<服务器地址>,用户名:root,密码:root123
# 附:linux配置l2tp客户端
# 安装xl2pd
- centos:
yum install -y epel-release
yum install -y xl2tpd ppp
- ubuntu
apt-get install xl2tpd ppp
# 配置
配置/etc/xl2tpd/xl2tpd.conf文件如下
[lac myvpn]
name = l2tp_user_name
lns = <服务器地址>
pppoptfile = /etc/ppp/peers/myvpn.xl2tpd
ppp debug = no
redial = yes
redial timeout = 10
autodial = yes
lns为l2tp服务器地址,按实际替换
配置/etc/ppp/peers/myvpn.xl2tpd文件如下:
remotename myvpn
user "root"
password "root123"
unit 0
nodeflate
nobsdcomp
noauth
persist
nopcomp
noaccomp
maxfail 5
debug
noipdefault
user、password为用户名和密码,按实际替换
# 拨号
systemctl enable xl2tpd
systemctl start xl2tpd
此时会自动拨号,检查日志是否拨号成功
查看拨号日志:
tail -f /var/log/messages |grep -E 'xl2tpd|pppd'
手动控制拨号
连接:
sh -c 'echo "c myvpn" > /var/run/xl2tpd/l2tp-control'
断开:
sh -c 'echo "d myvpn" > /var/run/xl2tpd/l2tp-control'
# 无法启动xl2tpd排除
运行命令,显示无法启动
systemctl start xl2tpd
日志显示ExecStartPre运行命令/sbin/modprobe -q l2tp_ppp失败,这是加载l2tp_ppp内核模块的命令
xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2024-01-25 11:01:15 CST; 3min 8s ago
Process: 4094078 ExecStartPre=/sbin/modprobe -q l2tp_ppp (code=exited, status=1/FAILURE)
1?? 25 11:01:15 3660 systemd[1]: Starting Level 2 Tunnel Protocol Daemon (L2TP)...
1?? 25 11:01:15 3660 systemd[1]: xl2tpd.service: Control process exited, code=exited status=1
1?? 25 11:01:15 3660 systemd[1]: xl2tpd.service: Failed with result 'exit-code'.
1?? 25 11:01:15 3660 systemd[1]: Failed to start Level 2 Tunnel Protocol Daemon (L2TP).
去掉q参数(静默执行),手动执行一下/sbin/modprobe l2tp_ppp
显示在系统模块目录下找不到xl2tpd_ppp
modprobe: FATAL: Module l2tp_ppp not found in directory /lib/modules/4.18.0-348.el8.x86_64
查找一下xl2tpd_ppp目录
ls /lib/modules/$(uname -r)/kernel/net/l2tp/
显示只有3个内核模块,确实没有xl2tpd_ppp
l2tp_core.ko.xz l2tp_ip6.ko.xz l2tp_ip.ko.xz
检查ls /lib/modules/目录发现有两个内核版本目录
4.18.0-348.7.1.el8_5.x86_64 4.18.0-348.el8.x86_64
进入到/lib/modules/4.18.0-348.7.1.el8_5.x86_64/kernel/net/l2tp/发现有如下文件
l2tp_core.ko.xz l2tp_debugfs.ko.xz l2tp_eth.ko.xz l2tp_ip6.ko.xz l2tp_ip.ko.xz l2tp_netlink.ko.xz l2tp_ppp.ko.xz
问题找到了,xl2tp的内核模块安装到了另一个内核目录下,估计原本安装了epel-release,再执行安装命令会升级到新版本,产生了两个内核目录,xl2tpd内核相关文件安装到了新的内核目录
只要把所有内核文件复制到/lib/modules/$(uname -r)/kernel/net/l2tp/即可
然后运行命令刷新内核模块依赖
depmod
再启动xl2tpd成功