华为云Ecs测试版
yum -y install libreswan
yum install xl2tpd-1.3.8-2.el7.x86_64.rpm
1 vim /etc/ipsec.conf
conn l2tp-psk
rightsubnet=vhost:%priv
also=l2tp-psk-nonat
conn l2tp-psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.2.20 服务器ip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
sha2-truncbug=yes
2 vim /etc/ipsec.secrets
192.168.2.20 %any: PSK "jiangxin" 预设密匙
3 vim /etc/xl2tpd/xl2tpd.conf
listen-addr = 192.168.2.20
ip range = 192.168.3.1-50
local ip = 192.168.2.20
4 vim /etc/ppp/options.xl2tpd
ms-dns 8.8.8.8
require-mschap-v2
#crtscts
#lock
5 vim /etc/ppp/chap-secrets
test * test * #密码配置
6 vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.eth0.accept_source_route=0
net.ipv4.conf.eth0.accept_redirects=0
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.lo.accept_source_route=0
net.ipv4.conf.lo.accept_redirects=0
net.ipv4.conf.lo.send_redirects=0
net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.ip_vti0/rp_filter=0
sysctl -p 生效配置
ipsec verify查看配置全部要ok
iptables -A POSTROUTING -t nat -s 192.168.3.0/24 -j SNAT --to 192.168.2.20
iptables -A FORWARD -s 192.168.3.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
systemctl restart ipsec 起服务
systemctl restart xl2tpd 起服务
ss -nutlp | grep pluto
ss -nutlp | grep xl2tpd
原文:https://www.cnblogs.com/jianxgin/p/11387677.html