Thursday, July 20, 2006

Use Linux to Setup L2TP Server (without IPSec)

在此分享一下,小弟在Linux下成功架起VPN - L2TP Server 的方法,不過要注意的是並沒有實現over IPSec。
測試環境:
L2TP Server -- L2TP Client
L2TP Server:
-OS: CentOS 4.x
- L2TP package: l2tpd
- IP address: 10.10.99.100/24
L2TP Client:
- OS: Windows XP PRO
- IP address: 10.10.99.101/24

步驟:
1. Install l2tpd:
rpm -ivh l2tpd*
2. Create L2TP User:
# vi /etc/l2tpd/l2tp-secrects
l2tpuser * "password"
3. Configure L2TP configure file
# vi /etc/l2tpd/l2tpd.conf
[global]
; listen-addr = 192.168.1.98 // Allow all L2TP Client dial in
auth file = /etc/l2tpd/l2tp-secrets
[lns default]
ip range = 192.168.0.128-192.168.0.150 // L2TP Client scope
local ip = 192.168.0.254 // L2TP Server IP address
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
4. Initial L2TP Server:
# service l2tpd start
# chkconfig --level 35 l2tpd on
5. Configure L2TP client (Windows 2000 / XP PRO)
The default Windows 2000/XP does not allow L2TP traffic without IPSec encryption. You can disable default behvior by editing the registry as follow:
- Use the registry editor (regedit) to locate the following key in the registry:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Rasman \ Parameters
- Add the following registry value to this key
Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1
- Reboot Windows 2000/XP
6. Use Windows 2000/XP to setup L2TP client profile.

No comments: