Virtual Private Network mit L2TP über IPsec
Einstellungen am Server
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:192.168.0.0/16
conn %default
pfs=no
#rekey=no
keyingtries=3
keylife=30m
conn L2TP-PSK
authby=secret
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/0
rightsubnet=vhost:%priv
auto=add
include /etc/ipsec.d/examples/no_oe.conf
[global
; port = 1701 ; * Bind to port 1701
; auth file = /etc/xl2tpd/l2tp-secrets ; * Where our challenge secrets are
[lns default
hostname = vpn.xeroc.org
ip range = 10.0.0.2-10.0.0.200
length bit = yes
local ip = 10.0.0.1
name = vpn.xeroc.org ; * Report this as our hostname
ppp debug = no
pppoptfile = /etc/ppp/options.l2tpd
refuse pap = yes
require authentication = yes
require chap = yes
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noauth
noccp
crtscts
idle 72000
mtu 1410
mru 1410
nodefaultroute
#debug
lock
proxyarp
connect-delay 5000
silent
Einstellungen am Klienten/Roadwarrior
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn %default
pfs=no
rekey=no
keyingtries=3
conn roadwarrior
authby=secret
right=vpn.xeroc.org
rightprotoport=17/1701
left=%defaultroute
leftnexthop=%defaultroute
leftprotoport=17/0
auto=add
[global
[lac vpn.xeroc.org
lns = vpn.xeroc.org
ppp debug = no
pppoptfile = /etc/ppp/peers/vpn.xeroc.org
length bit = yes
ipcp-accept-local
ipcp-accept-remote
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
lock
connect-delay 5000
name foo
password bar
