VyOS에서 Ubuntu16.04에서 연결할 수 있는 L2TP over IPSec Server 구축
14284 단어 VyOSipsecstrongswanUbuntul2tp
먼저
갑자기 "여러 거점 간에 간단하게 암호화 통신을 하고 싶다"는 수요가 생겨 VyOS를 이용해 L2TP over IPSec 서버를 구축했다.본고는 VyOS를 사용하여 L2TP over IPSec 서버를 구축하는 방법과 Ubuntu를 VPN 클라이언트로 사용하는 방법을 소개한다.
필요한 물건
환경 생성 단계
필요한 인스턴스 준비
이번 구축은 벚꽃 클라우드를 이용해 VyOS 및 Ubuntu의 VM을 만들었다.
VyOS·Ubuntu의 기본 이미지가 있기 때문에 간단하게 구축할 수 있습니다.
※ AWS에도 VyOS의 AMI가 있기 때문에 AWS에서도 동일하게 구축 가능
VyOS 인스턴스 준비
클라이언트의 Ubuntu 인스턴스 준비
VyOS 설정
configure 모드로 들어가서 L2TP over IPSec를 서버로 설정합니다.
XXX.XXX.XXX.XXX에 VM의 글로벌 주소를 입력하십시오.nexthop 주소는요.
게이트웨이 주소를 입력해야 합니다.
이번에는 L2TP 인증에 mschap-v2를 사용했습니다.환경에 따라 변경하십시오.
IPSec PSK: i_am_psk
L2TP Username: i_am_user
L2TP Password: i_am_password
L2TP Auth: mschap-v2
환경에 따라 클라이언트 IP 풀 및 DNS 서버를 변경하십시오.
commit,save를 입력하여 설정을 반영하고 저장할 수 있습니다.
(save를 잊어버리면 다시 시작할 때 설정이 날아갈 수 있음을 주의하세요)
vyos@vyos-server:~$ configure
vyos@vyos-server:~# set service ssh disable-password-authentication
vyos@vyos-server:~# set vpn ipsec ipsec-interfaces interface eth0
vyos@vyos-server:~# set vpn ipsec nat-traversal enable
vyos@vyos-server:~# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
vyos@vyos-server:~# set vpn l2tp remote-access outside-address XXX.XXX.XXX.XXX
vyos@vyos-server:~# set vpn l2tp remote-access outside-nexthop 【デフォルトGWのアドレス】
vyos@vyos-server:~# set vpn l2tp remote-access client-ip-pool start 192.168.100.100
vyos@vyos-server:~# set vpn l2tp remote-access client-ip-pool stop 192.168.100.200
vyos@vyos-server:~# set vpn l2tp remote-access dns-servers server-1 8.8.8.8
vyos@vyos-server:~# set vpn l2tp remote-access dns-servers server-2 8.8.4.4
vyos@vyos-server:~# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
vyos@vyos-server:~# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret i_am_psk
vyos@vyos-server:~# set vpn l2tp remote-access authentication mode local
vyos@vyos-server:~# set vpn l2tp remote-access authentication local-users username i_am_user password i_am_password
vyos@vyos-server:~# set vpn l2tp remote-access authentication require mschap-v2
vyos@vyos-server:~# set nat source rule 999 outbound-interface eth0
vyos@vyos-server:~# set nat source rule 999 translation address masquerade
vyos@vyos-server:~# set interfaces dummy dum0 address 192.168.100.1/24
vyos@vyos-server:~# commit
vyos@vyos-server:~# save
Saving configuration to '/config/config.boot'...
Done
vyos@vyos-server:~# exit
이로써 L2TP over IPSec의 서버 기능 설정은 다음과 같습니다.
다음은 Ubuntu 측 클라이언트 설정으로 이동합니다.
클라이언트 설정
필요한 소프트웨어 패키지 설치
ubuntu@vyos-client:~$ apt update
ubuntu@vyos-client:~$ apt install strongswan xl2tpd
/etc/ipsec.conf 편집
IPSec 설정을 설명합니다.대부분 댓글로 올라왔어요.
다음 내용을 마지막 줄에 추가하십시오.
※ XXX.XXX.XXX.XXX
VyOS의 글로벌 IP를 입력하십시오.
ubuntu@vyos-client:~$ sudo vim /etc/ipsec.conf
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn IPSEC
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=XXX.XXX.XXX.XXX
/etc/ipsec.시크릿 편집
ubuntu@vyos-client:~$ sudo vim /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
%any XXX.XXX.XXX.XXX : PSK "i_am_psk"
/etc/xl2tpd/xl2tpd.conf 편집
L2TP에 대한 설정을 설명합니다.이쪽도 대체로 평론에서 벗어났다.
다음 내용을 마지막 줄에 추가하십시오.
다음 설정은 클라이언트에게 정적으로 주소를 할당합니다192.168.100.10
.
두 개 이상의 클라이언트 노드를 사용할 때 여기를 변경하십시오.
(서버에서 자동으로 IP를 할당할 수도 있지만 운용을 고려하여 일시적으로 정적으로 주소를 지정합니다.)
※ XXX.XXX.XXX.XXX
VyOS의 글로벌 IP를 입력하십시오.ubuntu@vyos-client:~$ sudo vim /etc/xl2tpd/xl2tpd.conf
[lac vpn-connection]
lns = XXX.XXX.XXX.XXX
local ip = 192.168.100.10
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client 만들기
VPN을 연결하면 pppd라는 수호 프로세스가 이동합니다.이 데몬 프로세스의 매개 변수를 설정합니다.
검증에서 mschap-v2를 선택했지만 VyOS 측의 검증 설정과 일치해야 합니다.
잠시 MTU를 1400으로 설정합니다.ubuntu@vyos-client:~$ sudo vim /etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1400
mru 1400
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name i_am_user
password i_am_password
logfile /var/log/xl2tpd.log
여기까지, 수호 프로그램의 설정은 여기까지입니다.
동작 확인 구현
실제 연결하기 전에 수호 프로그램을 시작하고 오류가 있는지 확인하십시오.
Strongswan 및 xl2tpd 데몬 시작
ubuntu@vyos-client:~$ sudo systemctl start strongswan.service
ubuntu@vyos-client:~$ sudo systemctl start xl2tpd.service
Strongswan이 시작되었는지 확인
ubuntu@vyos-client:~$ sudo journalctl -u strongswan.service
-- Logs begin at Wed 2018-05-23 17:41:31 JST, end at Wed 2018-05-23 17:54:08 JST. --
May 23 17:41:32 vyos-client systemd[1]: Starting strongSwan IPsec services...
May 23 17:41:32 vyos-client ipsec[640]: Starting strongSwan 5.3.5 IPsec [starter]...
May 23 17:41:32 vyos-client ipsec_starter[640]: Starting strongSwan 5.3.5 IPsec [starter]...
May 23 17:41:32 vyos-client systemd[1]: Started strongSwan IPsec services.
May 23 17:41:32 vyos-client charon[700]: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-116-generic, x86_64)
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loaded IKE secret for %any XXX.XXX.XXX.XXX
May 23 17:41:32 vyos-client charon[700]: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pu
May 23 17:41:32 vyos-client charon[700]: 00[LIB] dropped capabilities, running as uid 0, gid 0
May 23 17:41:32 vyos-client charon[700]: 00[JOB] spawning 16 worker threads
May 23 17:41:32 vyos-client ipsec_starter[699]: charon (700) started after 80 ms
May 23 17:41:32 vyos-client charon[700]: 10[CFG] received stroke: add connection 'IPSEC'
May 23 17:41:32 vyos-client charon[700]: 10[CFG] added configuration 'IPSEC'
xl2tpd 데몬이 시작되었는지 확인
ubuntu@vyos-client:~$ sudo journalctl -u xl2tpd.service
-- Logs begin at Wed 2018-05-23 17:41:31 JST, end at Wed 2018-05-23 17:57:33 JST. --
May 23 17:41:32 vyos-client systemd[1]: Starting LSB: layer 2 tunelling protocol daemon...
May 23 17:41:32 vyos-client xl2tpd[647]: setsockopt recvref[30]: Protocol not available
May 23 17:41:32 vyos-client xl2tpd[625]: Starting xl2tpd: xl2tpd.
May 23 17:41:32 vyos-client xl2tpd[681]: xl2tpd version xl2tpd-1.3.6 started on vyos-client PID:681
May 23 17:41:32 vyos-client xl2tpd[681]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 23 17:41:32 vyos-client xl2tpd[681]: Forked by Scott Balmos and David Stipp, (C) 2001
May 23 17:41:32 vyos-client xl2tpd[681]: Inherited by Jeff McAdams, (C) 2002
May 23 17:41:32 vyos-client xl2tpd[681]: Forked again by Xelerance (www.xelerance.com) (C) 2006
May 23 17:41:32 vyos-client xl2tpd[681]: Listening on IP address 0.0.0.0, port 1701
May 23 17:41:32 vyos-client systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
여기에 기술 오류 등이 있으면 수호 프로그램이 시작되지 않고 오류가 기록됩니다.
실제 연결
수동 연결
# IPSec 接続 (successfullyが出てればOK)
ubuntu@vyos-client:~$ sudo ipsec up IPSEC
initiating Main Mode IKE_SA IPSEC[2] to XXX.XXX.XXX.XXX
(省略)
connection 'IPSEC' established successfully
# L2TP 接続 (OKが出ればよし)
ubuntu@vyos-client:~$ sudo xl2tpd-control connect vpn-connection
00 OK
VPN용 NIC(ppp0) 확인
연결에 성공하면 다음과 같이 ppp0 인터페이스를 만들고 지정한 IP 주소를 할당합니다.
ppp0을 사용할 수 없으면 위와 같은 절차에 따라 수호 프로그램 로그를 보십시오.
ubuntu@vyos-client:~$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.100.10 P-t-P:10.255.255.0 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1576 (1.5 KB) TX bytes:1576 (1.5 KB)
라우팅 정보 등록
잊기 쉽지만 아주 중요한 일입니다.
이 데이터 패키지가 없으면 경로를 잘 처리할 수 없다.
ubuntu@vyos-client:~$ sudo route add -net 192.168.100.0 netmask 255.255.255.0 dev ppp0
Ping 소통 테스트
ubuntu@vyos-client:~$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.473 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.552 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.478 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=0.646 ms
^C
--- 192.168.100.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.473/0.537/0.646/0.072 ms
Ping이 VyOS의 가상 NIC로 날아가는 경우 환경 구축에 성공했습니다.
Reference
이 문제에 관하여(VyOS에서 Ubuntu16.04에서 연결할 수 있는 L2TP over IPSec Server 구축), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/xecus/items/e4f9d990a716777a2d16
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
vyos@vyos-server:~$ configure
vyos@vyos-server:~# set service ssh disable-password-authentication
vyos@vyos-server:~# set vpn ipsec ipsec-interfaces interface eth0
vyos@vyos-server:~# set vpn ipsec nat-traversal enable
vyos@vyos-server:~# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
vyos@vyos-server:~# set vpn l2tp remote-access outside-address XXX.XXX.XXX.XXX
vyos@vyos-server:~# set vpn l2tp remote-access outside-nexthop 【デフォルトGWのアドレス】
vyos@vyos-server:~# set vpn l2tp remote-access client-ip-pool start 192.168.100.100
vyos@vyos-server:~# set vpn l2tp remote-access client-ip-pool stop 192.168.100.200
vyos@vyos-server:~# set vpn l2tp remote-access dns-servers server-1 8.8.8.8
vyos@vyos-server:~# set vpn l2tp remote-access dns-servers server-2 8.8.4.4
vyos@vyos-server:~# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
vyos@vyos-server:~# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret i_am_psk
vyos@vyos-server:~# set vpn l2tp remote-access authentication mode local
vyos@vyos-server:~# set vpn l2tp remote-access authentication local-users username i_am_user password i_am_password
vyos@vyos-server:~# set vpn l2tp remote-access authentication require mschap-v2
vyos@vyos-server:~# set nat source rule 999 outbound-interface eth0
vyos@vyos-server:~# set nat source rule 999 translation address masquerade
vyos@vyos-server:~# set interfaces dummy dum0 address 192.168.100.1/24
vyos@vyos-server:~# commit
vyos@vyos-server:~# save
Saving configuration to '/config/config.boot'...
Done
vyos@vyos-server:~# exit
ubuntu@vyos-client:~$ apt update
ubuntu@vyos-client:~$ apt install strongswan xl2tpd
ubuntu@vyos-client:~$ sudo vim /etc/ipsec.conf
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn IPSEC
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=XXX.XXX.XXX.XXX
ubuntu@vyos-client:~$ sudo vim /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
%any XXX.XXX.XXX.XXX : PSK "i_am_psk"
ubuntu@vyos-client:~$ sudo vim /etc/xl2tpd/xl2tpd.conf
[lac vpn-connection]
lns = XXX.XXX.XXX.XXX
local ip = 192.168.100.10
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
ubuntu@vyos-client:~$ sudo vim /etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1400
mru 1400
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name i_am_user
password i_am_password
logfile /var/log/xl2tpd.log
실제 연결하기 전에 수호 프로그램을 시작하고 오류가 있는지 확인하십시오.
Strongswan 및 xl2tpd 데몬 시작
ubuntu@vyos-client:~$ sudo systemctl start strongswan.service
ubuntu@vyos-client:~$ sudo systemctl start xl2tpd.service
Strongswan이 시작되었는지 확인
ubuntu@vyos-client:~$ sudo journalctl -u strongswan.service
-- Logs begin at Wed 2018-05-23 17:41:31 JST, end at Wed 2018-05-23 17:54:08 JST. --
May 23 17:41:32 vyos-client systemd[1]: Starting strongSwan IPsec services...
May 23 17:41:32 vyos-client ipsec[640]: Starting strongSwan 5.3.5 IPsec [starter]...
May 23 17:41:32 vyos-client ipsec_starter[640]: Starting strongSwan 5.3.5 IPsec [starter]...
May 23 17:41:32 vyos-client systemd[1]: Started strongSwan IPsec services.
May 23 17:41:32 vyos-client charon[700]: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-116-generic, x86_64)
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
May 23 17:41:32 vyos-client charon[700]: 00[CFG] loaded IKE secret for %any XXX.XXX.XXX.XXX
May 23 17:41:32 vyos-client charon[700]: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pu
May 23 17:41:32 vyos-client charon[700]: 00[LIB] dropped capabilities, running as uid 0, gid 0
May 23 17:41:32 vyos-client charon[700]: 00[JOB] spawning 16 worker threads
May 23 17:41:32 vyos-client ipsec_starter[699]: charon (700) started after 80 ms
May 23 17:41:32 vyos-client charon[700]: 10[CFG] received stroke: add connection 'IPSEC'
May 23 17:41:32 vyos-client charon[700]: 10[CFG] added configuration 'IPSEC'
xl2tpd 데몬이 시작되었는지 확인
ubuntu@vyos-client:~$ sudo journalctl -u xl2tpd.service
-- Logs begin at Wed 2018-05-23 17:41:31 JST, end at Wed 2018-05-23 17:57:33 JST. --
May 23 17:41:32 vyos-client systemd[1]: Starting LSB: layer 2 tunelling protocol daemon...
May 23 17:41:32 vyos-client xl2tpd[647]: setsockopt recvref[30]: Protocol not available
May 23 17:41:32 vyos-client xl2tpd[625]: Starting xl2tpd: xl2tpd.
May 23 17:41:32 vyos-client xl2tpd[681]: xl2tpd version xl2tpd-1.3.6 started on vyos-client PID:681
May 23 17:41:32 vyos-client xl2tpd[681]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 23 17:41:32 vyos-client xl2tpd[681]: Forked by Scott Balmos and David Stipp, (C) 2001
May 23 17:41:32 vyos-client xl2tpd[681]: Inherited by Jeff McAdams, (C) 2002
May 23 17:41:32 vyos-client xl2tpd[681]: Forked again by Xelerance (www.xelerance.com) (C) 2006
May 23 17:41:32 vyos-client xl2tpd[681]: Listening on IP address 0.0.0.0, port 1701
May 23 17:41:32 vyos-client systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
여기에 기술 오류 등이 있으면 수호 프로그램이 시작되지 않고 오류가 기록됩니다.실제 연결
수동 연결
# IPSec 接続 (successfullyが出てればOK)
ubuntu@vyos-client:~$ sudo ipsec up IPSEC
initiating Main Mode IKE_SA IPSEC[2] to XXX.XXX.XXX.XXX
(省略)
connection 'IPSEC' established successfully
# L2TP 接続 (OKが出ればよし)
ubuntu@vyos-client:~$ sudo xl2tpd-control connect vpn-connection
00 OK
VPN용 NIC(ppp0) 확인
연결에 성공하면 다음과 같이 ppp0 인터페이스를 만들고 지정한 IP 주소를 할당합니다.
ppp0을 사용할 수 없으면 위와 같은 절차에 따라 수호 프로그램 로그를 보십시오.
ubuntu@vyos-client:~$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.100.10 P-t-P:10.255.255.0 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1576 (1.5 KB) TX bytes:1576 (1.5 KB)
라우팅 정보 등록
잊기 쉽지만 아주 중요한 일입니다.
이 데이터 패키지가 없으면 경로를 잘 처리할 수 없다.
ubuntu@vyos-client:~$ sudo route add -net 192.168.100.0 netmask 255.255.255.0 dev ppp0
Ping 소통 테스트
ubuntu@vyos-client:~$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.473 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.552 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.478 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=0.646 ms
^C
--- 192.168.100.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.473/0.537/0.646/0.072 ms
Ping이 VyOS의 가상 NIC로 날아가는 경우 환경 구축에 성공했습니다.
Reference
이 문제에 관하여(VyOS에서 Ubuntu16.04에서 연결할 수 있는 L2TP over IPSec Server 구축), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/xecus/items/e4f9d990a716777a2d16
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
# IPSec 接続 (successfullyが出てればOK)
ubuntu@vyos-client:~$ sudo ipsec up IPSEC
initiating Main Mode IKE_SA IPSEC[2] to XXX.XXX.XXX.XXX
(省略)
connection 'IPSEC' established successfully
# L2TP 接続 (OKが出ればよし)
ubuntu@vyos-client:~$ sudo xl2tpd-control connect vpn-connection
00 OK
ubuntu@vyos-client:~$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.100.10 P-t-P:10.255.255.0 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1576 (1.5 KB) TX bytes:1576 (1.5 KB)
ubuntu@vyos-client:~$ sudo route add -net 192.168.100.0 netmask 255.255.255.0 dev ppp0
ubuntu@vyos-client:~$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.473 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.552 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.478 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=0.646 ms
^C
--- 192.168.100.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.473/0.537/0.646/0.072 ms
Reference
이 문제에 관하여(VyOS에서 Ubuntu16.04에서 연결할 수 있는 L2TP over IPSec Server 구축), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/xecus/items/e4f9d990a716777a2d16텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)