L2TP和PPTP都使用ppp协议对数据进行封装,然后添加附加包头用于数据在互联网上的传输。以下是两者的不同:
1.pptp要求互联网络为Ip网络。L2TP只要求隧道媒介提供面向数据包的点对点的连接。L2TP可以在ip,帧中继永久虚拟电路,x.25虚拟电路或atm vcs网络上使用。
2.pptp只能在两端点建立单一隧道。L2TP支持在两端点间使用多隧道
3.L2TP可以提供包头压缩
二:L2TP的安装
系统使用centos5.5 ,关掉iptables和selinux
1.yum安装ppp,xl2tpd
#yum install ppp xl2tpd -y
2.下载安装openswan源码包
#wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
#tar zxvf openswan-2.6.24.tar.gz
#cd openswan-2.6.24
#make program
#make install
3.配置文件
#vi /etc/ipsec.conf
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/24
oe=off
protostack=netkey
############以下为手动添加#########
# Add connections here
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=172.16.100.130 ----此处填写本机服务器IP
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
4.新建/etc/ipsec.secrets文件
#vi /etc/ipsec.secrets
机器IP %any: PSK "想要的密钥"
172.16.100.130 %any: PSK "123456"
5.修改/etc/sysctl.conf
#vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
#sysctl -p
验证ipsec运行状态
#ipsec setup --restart
#ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.24/K2.6.30 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
6.编辑/etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.15
refuse chap = yes
refuse pap = yes
require authentication = yes
name = Linux×××server
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
7.配置用户名密码
#vi /etc/ppp/chap-secrets
wangzx * 123456 *
8.重启服务
#/etc/init.d/xl2tpd restart
9.客户端创建×××连接
三:PPTP的安装
#yum install ppp pptpd
编辑/etc/pptpd.conf文件
#vi /etc/pptpd.conf
localip 172.16.100.143(***服务器IP)
remoteip 172.16.100.150-200(分配给客户端的IP)
#vi /etc/ppp/pptpd-options
修改ms-dns 8.8.8.8
#vi /etc/ppp/chap-secrets
用户 协议 密码 IP
root pptpd 123456 172.16.100.143
#echo 1 > /proc/sys/net/ipv4/ip_forward
#sysctl -p
#iptables -t nat -A POSTROUTING -s 172.16.100.0/24 -o eth0 -j MASQUERADE
#/etc/init.d/pptpd restart
在客户机上连接***就可以了
转载于:https://blog.51cto.com/wzxing/1110831