1.预操作

1.安装组件

sudo apt-get install strongswan xl2tpd ppp lsof

2.加载需要的内核模块

modprobe l2tp_ppp
modprobe udp_tunnel
modprobe l2tp_netlink
modprobe l2tp_core

3.配置xl2tpd

修改配置文件 /etc/xl2tpd/xl2tpd.

[lac myvpn] #myvpn为vpn名称
lns = 121.248.154.251 #vpn服务器的地址
ppp debug = no #关闭调试信息
pppoptfile = /etc/ppp/options.l2tpd.client #验证文件的路径
refuse chap = yes
require pap = yes
length bit = yes

修改验证文件/etc/ppp/options.l2tpd.client

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
require-mschap-v2
noccp
noauth
logfile /var/log/xl2tpd.log
idle 72000
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name "2111605319" #vpn账号
password "yh20021007" #vpn密码

4.配置预共享密钥

vim /etc/ipsec.secrets
添加

: PSK "njfu.edu"

5.配置ipsec

vim /etc/ipsec.conf

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret
    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn myvpn
    keyexchange=ikev1
    left=%defaultroute
    auto=add
    authby=secret
    rekey=yes
    ikelifetime=8h
    keylife=1h
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/1701
    left=172.19.123.72
    right=121.248.154.251

6.启动vpn并激活连接到vpn

ipsec restart
service xl2tpd restart
#连接接到指定的vpn
ipsec up myvpn

mkdir /var/run/xl2tpd -p

echo "c myvpn" > /var/run/xl2tpd/l2tp-control #这里的myvpn要和前面匹配

7.确认连接成功

#执行指令
ipsec status

如果显示
Security Associations (1 up, 0 connecting):
myvpn[1]: ESTABLISHED 17 minutes ago, 172.19.123.72[172.19.123.72]…121.248.154.251[121.248.154.251]
myvpn{1}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c7ed658e_i 8cd83099_o
myvpn{1}: 172.19.123.72/32[udp/l2f] === 121.248.154.251/32[udp/l2f]

#执行指令 如果发现有个ppp的网卡，即连接成功
ip addr