L2TP / IPSEC VPN Client 설정하기 (linux)

L2TP / IPSEC VPN Client 설정하기 (linux)

 

 

테스트 환경

클라우드 서버 (floating nat 환경) , 물리서버 (static real ip)  CENTOS7 64bit

 

패키지 설치

yum install epel-release  yum install libreswan xl2tpd kernel

 

디렉토리 생성

mkdir -p /var/run/xl2tpd

 

ipsec.conf 파일 설정

 

vim /etc/ipsec.conf

config setup virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 dumpdir=/var/run/pluto/ protostack=netkey logfile=/var/log/pluto.log conn koreavpn         authby=secret         pfs=no         auto=add         rekey=no         left="%defaultroute"         right= 접속할 VPN 서버 아이피         type=transport         leftprotoport=17/1701         rightprotoport=17/1701         dpddelay=15         dpdtimeout=30         dpdaction=clear

 

vim /etc/ipsec.secret

include /etc/ipsec.d/*.secrets 접속할 VPN 아이피 %any: PSK "test1234"

 

 

 

vim /etc/xl2tpd/xl2tpd.conf

[lac koreavpn] lns = 접속할 VPN 아이피 ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd.client length bit = yes

 

 

vim /etc/ppp/options.xl2tpd.client

ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 require-chap noccp auth idle 1800 #mtu 1400 #mru 1400 defaultroute noipdefault usepeerdns debug connect-delay 5000 name VPN계정아이디 password VPN계정패스워드

 

명령어 실행

/etc/init.d/ipsec start /etc/init.d/xl2tpd start   XL2TP 연결 echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control  IPSEC 연결 ipsec auto --up L2TP-PSK

 

 

확인

# route Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface default         VPN 아이피   0.0.0.0         UG    0      0        0 ppp0 로컬네트워크    *               255.255.255.0   U     1      0        0 eth0 VPN 아이피   *               255.255.255.255 UH    0      0        0 ppp0 ppp0      Link encap:Point-to-Point Protocol             inet addr:10.0.0.1  P-t-P:VPN아이피  Mask:255.255.255.255           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1           RX packets:1342 errors:0 dropped:0 overruns:0 frame:0           TX packets:1456 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:3            RX bytes:429991 (429.9 KB)  TX bytes:188608 (188.6 KB)

 

L2TP 만 연결되었을때 패킷 덤프 ( TCP 1701 포트로패킷 교환 )

.55.xx.6.1701 > xx.68.xx.100.1701:  l2tp:[L](11358/49660) {IP 11.0.0.3 > 11.0.0.1: ICMP echo request, id 42827, seq 1, length 64} E..|..@.2....7q.sD.d.....h..@..`,^.....!E..T..@.@.$...........e..K....&Z....-....................... !"#$%&'()*+,-./01234567

 

IPSEC이 추가 연동되면 패킷 덤프 ( TCP 1701 포트로패킷 교환 )

13:33:56.884247 IP xx.55.xx.6 > xx.68.xx.100: ESP(spi=0xb5a26f07,seq=0x1), length 148 E.....@.22.=.7q.sD.d..o......{...G%z8.&..p.C6..csT.0Y.a.:...o&%...6tT.D...........O...X...G."..F... T..P.5.ciH........O     $^.9%.....b).....%.....M.J../...A.!+.,....T_|...