YAMAHA RTX1210을 통한 L2 TP/IPsec 연결
1. 시작
이전RTX1210 2대의 프레임 네트를 사용하여 L2 TPv3/IPsec 통신 - Qita의 환경, 즉 HGW(PR-500KI)에서 RTX1210이 있는 환경에서 IPv4PPoE 연결을 통해 L2 TP/IPsec을 설정했다.IPv6 IPoE에 연결된 L2 TPv3/IPsec 동시 사용별편 보도에 대한 요약입니다.먼저 L2TP/IPsec만 사용할 수 있습니다.
2. 네트워크 구성
RTX1210 2대의 프레임 네트를 사용하여 L2 TPv3/IPsec 통신 - Qita의 거점 2의 IP 주소입니다.
RTX1210 2대의 프레임 네트를 사용하여 L2 TPv3/IPsec 통신 - Qita의 거점 2의 IP 주소입니다.
컨텐트
192.168.1.1
PR-500KI
192.168.1.254
RTX1210 LAN2
192.168.2.2
RTX1210 LAN1
192.168.2.4
IP 주소가 필요한지 잘 모르겠습니다.
192.168.2.50-89
DHCP(DHCP 서버는 노드 2의 RTX1210)
192.168.2.95-99
L2 TP로 계산된 IP 주소
192.168.2.200-249
고정 IP 주소 범위(이 범위만 사용하고 구성에 대한 설명이 없음)
3. PR-500KI 설정
값
IPv6 방화벽 기능
사용 안 함
값
유효/무효
체크됨(편집 후 목록에서 설정)
항목 번호
1 (임의)
대상 IP 주소/마스크 길이
192.168.2.0/24
게이트웨이
192.168.1.254
4. 미리 준비한 정보
항목
값
사전 공유 키
임의로
공급자 사용자 이름
공급자 암호
VPN 접속 사용자 이름
임의로
VPN 연결 암호
임의로
5. 구성
번호가 2 또는 102인 곳은 잠시 후RTX1210 2대의 프레임 네트를 사용하여 L2 TPv3/IPsec 통신 - Qita와 조합하기 위해서다.console lines infinity
login timer 300
no dhcp service
no dhcp server rfc2131 compliant except remain-silent
no dhcp scope 1
no ip lan1 address
console prompt kyoten2
ip lan1 address 192.168.2.2/24
ip lan1 proxyarp on
ip lan2 address 192.168.1.254/24
ip filter 500000 restrict * * * * *
description lan2 toHGW
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.2.50-192.168.2.89/24
dhcp scope option 1 router=192.168.2.2
dhcp scope option 1 dns=8.8.8.8
dns host lan1
dns service fallback on
dns server 8.8.8.8
dns server select 500000 dhcp lan2 any .
dns private address spoof on
dashboard accumulate traffic on
pp disable all
no tunnel enable all
nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
nat descriptor masquerade static 2 1 192.168.2.2 esp
nat descriptor masquerade static 2 2 192.168.2.2 udp 500
nat descriptor masquerade static 2 3 192.168.2.2 udp 1701
nat descriptor masquerade static 2 4 192.168.2.2 udp 4500
ipsec transport 2 102 udp 1701
ipsec auto refresh on
ip route default gateway pp 1
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname <プロバイダユーザー名> <プロバイダパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 2
pp enable 1
pp select none
pp select anonymous
pp bind tunnel2
pp auth request mschap-v2
pp auth username <VPN接続ユーザー名> <VPN接続パスワード>
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.2.95-192.168.2.99
ip pp mtu 1258
pp enable anonymous
pp select none
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike keepalive use 2 off
ipsec ike local address 2 192.168.2.2
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text <事前共有鍵>
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select none
l2tp service on l2tp
tftp host 192.168.2.1-192.168.2.255
httpd host 192.168.2.1-192.168.2.255
6. 중요한 부분
이것이 없습니다. 연결이 성공한 후 원격 데스크톱 연결이 실패했습니다.ip lan1 proxyarp on
nat descriptor를 설정합니다.IPsec이기 때문에 UDP 1701만 있으면 되지만 IPsec이 없는 경우를 위해 ESP와 UDP 500, 4500을 넣었다.(솔직히 필요 없을 것 같아.)nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
nat descriptor masquerade static 2 1 192.168.2.2 esp
nat descriptor masquerade static 2 2 192.168.2.2 udp 500
nat descriptor masquerade static 2 3 192.168.2.2 udp 1701
nat descriptor masquerade static 2 4 192.168.2.2 udp 4500
공급자에 대한 IPv4PPoE 연결ip route default gateway pp 1
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname <プロバイダユーザー名> <プロバイダパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 2
pp enable 1
pp select none
VPN 연결 사용자와 할당된 IP 주소 범위, MTU 설정pp select anonymous
pp bind tunnel2
pp auth request mschap-v2
pp auth username <VPN接続ユーザー名> <VPN接続パスワード>
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.2.95-192.168.2.99
ip pp mtu 1258
pp enable anonymous
pp select none
IPsec 터널 설정tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike keepalive use 2 off
ipsec ike local address 2 192.168.2.2
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text <事前共有鍵>
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select none
L2TP 설정을 사용합니다.l2tp service on l2tp
비고
번호가 2 또는 102인 곳은 잠시 후RTX1210 2대의 프레임 네트를 사용하여 L2 TPv3/IPsec 통신 - Qita와 조합하기 위해서다.
console lines infinity
login timer 300
no dhcp service
no dhcp server rfc2131 compliant except remain-silent
no dhcp scope 1
no ip lan1 address
console prompt kyoten2
ip lan1 address 192.168.2.2/24
ip lan1 proxyarp on
ip lan2 address 192.168.1.254/24
ip filter 500000 restrict * * * * *
description lan2 toHGW
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.2.50-192.168.2.89/24
dhcp scope option 1 router=192.168.2.2
dhcp scope option 1 dns=8.8.8.8
dns host lan1
dns service fallback on
dns server 8.8.8.8
dns server select 500000 dhcp lan2 any .
dns private address spoof on
dashboard accumulate traffic on
pp disable all
no tunnel enable all
nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
nat descriptor masquerade static 2 1 192.168.2.2 esp
nat descriptor masquerade static 2 2 192.168.2.2 udp 500
nat descriptor masquerade static 2 3 192.168.2.2 udp 1701
nat descriptor masquerade static 2 4 192.168.2.2 udp 4500
ipsec transport 2 102 udp 1701
ipsec auto refresh on
ip route default gateway pp 1
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname <プロバイダユーザー名> <プロバイダパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 2
pp enable 1
pp select none
pp select anonymous
pp bind tunnel2
pp auth request mschap-v2
pp auth username <VPN接続ユーザー名> <VPN接続パスワード>
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.2.95-192.168.2.99
ip pp mtu 1258
pp enable anonymous
pp select none
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike keepalive use 2 off
ipsec ike local address 2 192.168.2.2
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text <事前共有鍵>
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select none
l2tp service on l2tp
tftp host 192.168.2.1-192.168.2.255
httpd host 192.168.2.1-192.168.2.255
6. 중요한 부분
이것이 없습니다. 연결이 성공한 후 원격 데스크톱 연결이 실패했습니다.ip lan1 proxyarp on
nat descriptor를 설정합니다.IPsec이기 때문에 UDP 1701만 있으면 되지만 IPsec이 없는 경우를 위해 ESP와 UDP 500, 4500을 넣었다.(솔직히 필요 없을 것 같아.)nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
nat descriptor masquerade static 2 1 192.168.2.2 esp
nat descriptor masquerade static 2 2 192.168.2.2 udp 500
nat descriptor masquerade static 2 3 192.168.2.2 udp 1701
nat descriptor masquerade static 2 4 192.168.2.2 udp 4500
공급자에 대한 IPv4PPoE 연결ip route default gateway pp 1
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname <プロバイダユーザー名> <プロバイダパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 2
pp enable 1
pp select none
VPN 연결 사용자와 할당된 IP 주소 범위, MTU 설정pp select anonymous
pp bind tunnel2
pp auth request mschap-v2
pp auth username <VPN接続ユーザー名> <VPN接続パスワード>
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.2.95-192.168.2.99
ip pp mtu 1258
pp enable anonymous
pp select none
IPsec 터널 설정tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike keepalive use 2 off
ipsec ike local address 2 192.168.2.2
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text <事前共有鍵>
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select none
L2TP 설정을 사용합니다.l2tp service on l2tp
비고
ip lan1 proxyarp on
nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
nat descriptor masquerade static 2 1 192.168.2.2 esp
nat descriptor masquerade static 2 2 192.168.2.2 udp 500
nat descriptor masquerade static 2 3 192.168.2.2 udp 1701
nat descriptor masquerade static 2 4 192.168.2.2 udp 4500
ip route default gateway pp 1
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname <プロバイダユーザー名> <プロバイダパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 2
pp enable 1
pp select none
pp select anonymous
pp bind tunnel2
pp auth request mschap-v2
pp auth username <VPN接続ユーザー名> <VPN接続パスワード>
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.2.95-192.168.2.99
ip pp mtu 1258
pp enable anonymous
pp select none
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike keepalive use 2 off
ipsec ike local address 2 192.168.2.2
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text <事前共有鍵>
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select none
l2tp service on l2tp
Reference
이 문제에 관하여(YAMAHA RTX1210을 통한 L2 TP/IPsec 연결), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/mayo00/items/3823674d33d30a32303d텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)