Linux Systeembeheer/Servers op afstand beheren met VPN: verschil tussen versies
Geen bewerkingssamenvatting |
Geen bewerkingssamenvatting |
||
Regel 1: | Regel 1: | ||
Download de onderstaande bestanden |
Download de onderstaande bestanden:<br/> |
||
a) OpenSWAN 2.6.14 via http://www.openswan.org<br/> |
a) OpenSWAN 2.6.14 via http://www.openswan.org<br/> |
||
b) l2tpd 0.69 <br/> |
b) l2tpd 0.69 <br/> |
||
c) l2tpd Legacy PTY patch<br/> |
c) l2tpd Legacy PTY patch<br/> |
||
d) l2tpd SysV PTY patch <br/> |
d) l2tpd SysV PTY patch <br/> |
||
e)l2tpd startup file <br/> |
e) l2tpd startup file <br/> |
||
Installeren OpenSwan:<br/> |
Installeren OpenSwan:<br/> |
||
cd /usr/local/src |
cd /usr/local/src |
||
yum install openswan |
yum install openswan openswan-doc |
||
yum install openswan-doc<br/> |
|||
Het voorbeeld « ipsec.conf » bestand verplaatsen om zo het origineel te behouden. |
|||
mv /etc/ipsec.conf /etc/ipsec.conf.old |
mv /etc/ipsec.conf /etc/ipsec.conf.old |
||
Pas het volgende aan in het bestand :<br/> |
|||
version 2.0<br/> |
|||
config setup<br/> |
|||
interfaces=%defaultroute<br/> |
|||
klipsdebug=none<br/> |
|||
plutodebug=none<br/> |
|||
overridemtu=1410<br/> |
|||
nat_traversal=yes<br/> |
|||
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16<br/> |
|||
conn %default<br/> |
|||
keyingtries=3<br/> |
|||
compress=yes<br/> |
|||
disablearrivalcheck=no<br/> |
|||
authby=secret<br/> |
|||
type=tunnel<br/> |
|||
keyexchange=ike<br/> |
|||
ikelifetime=240m<br/> |
|||
keylife=60m<br/> |
|||
conn roadwarrior-net<br/> |
|||
leftsubnet=192.168.0.0/16<br/> |
|||
also=roadwarrior<br/> |
|||
conn roadwarrior-all<br/> |
|||
leftsubnet=0.0.0.0/0<br/> |
|||
also=roadwarrior<br/> |
|||
conn roadwarrior-l2tp<br/> |
|||
leftprotoport=17/0<br/> |
|||
rightprotoport=17/1701<br/> |
|||
also=roadwarrior<br/> |
|||
conn roadwarrior-l2tp-updatedwin<br/> |
|||
leftprotoport=17/1701<br/> |
|||
rightprotoport=17/1701<br/> |
|||
also=roadwarrior<br/> |
|||
conn roadwarrior<br/> |
|||
pfs=no<br/> |
|||
left=150.150.150.150<br/> |
|||
leftnexthop=150.150.150.1<br/> |
|||
right=%any<br/> |
|||
rightsubnet=vhost:%no,%priv<br/> |
|||
auto=add<br/> |
|||
#Disable Opportunistic Encryption<br/> |
|||
include /etc/ipsec.d/examples/no_oe.conf<br/> |
|||
Pas het volgende aan in het bestand:<br/> |
|||
het ip-adres “150.150.150.150” dien je te vervangen door je externe IP-adres, “150.150.150.1” vervang je door de default gateway.<br/> |
|||
version 2.0 |
|||
Wijzig het bestand “/etc/ipsec.secrets” and typ het volgende:<br/> |
|||
config setup |
|||
Vi /etc/ipsec.secrets<br/> |
|||
interfaces=%defaultroute |
|||
150.150.150.150 %any: PSK "sleuteltje"<br/> |
|||
klipsdebug=none |
|||
Ook hier verander je “150.150.150.150.” naar je externe IP-adres.<br/> |
|||
plutodebug=none |
|||
overridemtu=1410 |
|||
nat_traversal=yes |
|||
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16 |
|||
conn %default |
|||
keyingtries=3 |
|||
compress=yes |
|||
disablearrivalcheck=no |
|||
authby=secret |
|||
type=tunnel |
|||
keyexchange=ike |
|||
ikelifetime=240m |
|||
keylife=60m |
|||
conn roadwarrior-net |
|||
leftsubnet=192.168.0.0/16 |
|||
also=roadwarrior |
|||
conn roadwarrior-all |
|||
leftsubnet=0.0.0.0/0 |
|||
also=roadwarrior |
|||
conn roadwarrior-l2tp |
|||
leftprotoport=17/0 |
|||
rightprotoport=17/1701 |
|||
also=roadwarrior |
|||
conn roadwarrior-l2tp-updatedwin |
|||
leftprotoport=17/1701 |
|||
rightprotoport=17/1701 |
|||
also=roadwarrior |
|||
conn roadwarrior |
|||
pfs=no |
|||
left=150.150.150.150 |
|||
leftnexthop=150.150.150.1 |
|||
right=%any |
|||
rightsubnet=vhost:%no,%priv |
|||
auto=add |
|||
# Disable Opportunistic Encryption |
|||
include /etc/ipsec.d/examples/no_oe.conf |
|||
Het ip-adres “150.150.150.150” dien je te vervangen door je externe IP-adres, “150.150.150.1” vervang je door de default gateway.<br/> |
|||
L2tpd installatie + configuratie<br/> |
|||
Wijzig het bestand “/etc/ipsec.secrets” and typ het volgende: |
|||
Installeren van l2tpd en de patch toepassen:<br/> |
|||
vi /etc/ipsec.secrets |
|||
150.150.150.150 %any: PSK "sleuteltje" |
|||
tar zxf l2tpd-0.69.tar.gz<br/> |
|||
mv l2tpd-0.69.sysv.patch l2tpd-0.69/<br/> |
|||
mv l2tpd /etc/rc.d/init.d/<br/> |
|||
cd l2tpd-0.69<br/> |
|||
patch < l2tpd-0.69.sysv.patch<br/> |
|||
make<br/> |
|||
cp l2tpd /usr/sbin<br/> |
|||
chmod 755 /usr/sbin/l2tpd<br/> |
|||
Ook hier verander je “150.150.150.150.” naar je externe IP-adres.<br/> |
|||
start configuratie in orde brengen:<br/> |
|||
chmod 755 /etc/rc.d/init.d/l2tpd<br /> |
|||
chkconfig --add l2tpd<br /> |
|||
chkconfig l2tpd on<br/> |
|||
'''L2tpd installatie en configuratie''' |
|||
Installeren van l2tpd en de patch toepassen: |
|||
[global<br/> |
|||
cd /usr/local/src |
|||
port = 1701<br/> |
|||
tar zxf l2tpd-0.69.tar.gz |
|||
[lns default]<br/> |
|||
mv l2tpd-0.69.sysv.patch l2tpd-0.69/ |
|||
ip range = 192.168.1.101-192.168.1.254<br/> |
|||
mv l2tpd /etc/rc.d/init.d/ |
|||
local ip = 192.168.1.100<br/> |
|||
cd l2tpd-0.69 |
|||
require chap = yes<br/> |
|||
patch < l2tpd-0.69.sysv.patch |
|||
refuse pap = yes<br/> |
|||
make |
|||
require authentication = yes<br/> |
|||
cp l2tpd /usr/sbin |
|||
name = LinuxVPN<br/> |
|||
chmod 755 /usr/sbin/l2tpd |
|||
ppp debug = yes<br/> |
|||
pppoptfile = /etc/ppp/options.l2tpd<br/> |
|||
length bit = yes<br/> |
|||
Start configuratie in orde brengen: |
|||
chmod 755 /etc/rc.d/init.d/l2tpd |
|||
chkconfig --add l2tpd |
|||
chkconfig l2tpd on |
|||
De map "/etc/l2tpd" aanmaken en configuratiebestand erin stoppen (l2tpd.conf).<br/> |
|||
[global] |
|||
port = 1701 |
|||
[lns default] |
|||
ip range = 192.168.1.101-192.168.1.254 |
|||
local ip = 192.168.1.100 |
|||
require chap = yes |
|||
refuse pap = yes |
|||
require authentication = yes |
|||
name = LinuxVPN |
|||
ppp debug = yes |
|||
pppoptfile = /etc/ppp/options.l2tpd |
|||
length bit = yes |
|||
PPP configuratie<br/> |
PPP configuratie.<br/> |
||
In |
In "/etc/ppp/options.l2tpd" |
||
ipcp-accept-local |
|||
ipcp-accept-remote |
|||
noccp |
|||
auth |
|||
crtscts |
|||
idle 1800 |
|||
mtu 1410 |
|||
mru 1410 |
|||
nodefaultroute |
|||
debug |
|||
lock |
|||
proxyarp |
|||
connect-delay 5000 |
|||
silent |
|||
"/etc/ppp/chap-secrets" wijzigen:<br/> |
|||
ipcp-accept-local<br/> |
|||
ipcp-accept-remote<br/> |
|||
noccp<br/> |
|||
auth<br/> |
|||
crtscts<br/> |
|||
idle 1800<br/> |
|||
mtu 1410<br/> |
|||
mru 1410<br/> |
|||
nodefaultroute<br/> |
|||
debug<br/> |
|||
lock<br/> |
|||
proxyarp<br/> |
|||
connect-delay 5000<br/> |
|||
silent<br/> |
|||
“/etc/ppp/chap-secrets” wijzigen<br/> |
|||
(voorbeeld van invoer)<br/> |
(voorbeeld van invoer)<br/> |
||
# Secrets for authentication using CHAP |
# Secrets for authentication using CHAP |
||
# client server secret IP addresses |
# client server secret IP addresses |
||
username * "wachtwoord" 192.168.1.0/24 |
username * "wachtwoord" 192.168.1.0/24 |
||
* username "wachtwoord" 192.168.1.0/24 |
* username "wachtwoord" 192.168.1.0/24 |
||
Nu kan je de VPN configuratie testen |
Nu kan je de VPN configuratie testen. |
Versie van 19 jan 2011 14:45
Download de onderstaande bestanden:
a) OpenSWAN 2.6.14 via http://www.openswan.org
b) l2tpd 0.69
c) l2tpd Legacy PTY patch
d) l2tpd SysV PTY patch
e) l2tpd startup file
Installeren OpenSwan:
cd /usr/local/src yum install openswan openswan-doc
Het voorbeeld « ipsec.conf » bestand verplaatsen om zo het origineel te behouden.
mv /etc/ipsec.conf /etc/ipsec.conf.old
Pas het volgende aan in het bestand:
version 2.0 config setup interfaces=%defaultroute klipsdebug=none plutodebug=none overridemtu=1410 nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16 conn %default keyingtries=3 compress=yes disablearrivalcheck=no authby=secret type=tunnel keyexchange=ike ikelifetime=240m keylife=60m conn roadwarrior-net leftsubnet=192.168.0.0/16 also=roadwarrior conn roadwarrior-all leftsubnet=0.0.0.0/0 also=roadwarrior conn roadwarrior-l2tp leftprotoport=17/0 rightprotoport=17/1701 also=roadwarrior conn roadwarrior-l2tp-updatedwin leftprotoport=17/1701 rightprotoport=17/1701 also=roadwarrior conn roadwarrior pfs=no left=150.150.150.150 leftnexthop=150.150.150.1 right=%any rightsubnet=vhost:%no,%priv auto=add # Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf
Het ip-adres “150.150.150.150” dien je te vervangen door je externe IP-adres, “150.150.150.1” vervang je door de default gateway.
Wijzig het bestand “/etc/ipsec.secrets” and typ het volgende:
vi /etc/ipsec.secrets 150.150.150.150 %any: PSK "sleuteltje"
Ook hier verander je “150.150.150.150.” naar je externe IP-adres.
L2tpd installatie en configuratie
Installeren van l2tpd en de patch toepassen:
cd /usr/local/src tar zxf l2tpd-0.69.tar.gz mv l2tpd-0.69.sysv.patch l2tpd-0.69/ mv l2tpd /etc/rc.d/init.d/ cd l2tpd-0.69 patch < l2tpd-0.69.sysv.patch make cp l2tpd /usr/sbin chmod 755 /usr/sbin/l2tpd
Start configuratie in orde brengen:
chmod 755 /etc/rc.d/init.d/l2tpd chkconfig --add l2tpd chkconfig l2tpd on
De map "/etc/l2tpd" aanmaken en configuratiebestand erin stoppen (l2tpd.conf).
[global] port = 1701 [lns default] ip range = 192.168.1.101-192.168.1.254 local ip = 192.168.1.100 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPN ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd length bit = yes
PPP configuratie.
In "/etc/ppp/options.l2tpd"
ipcp-accept-local ipcp-accept-remote noccp auth crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock proxyarp connect-delay 5000 silent
"/etc/ppp/chap-secrets" wijzigen:
(voorbeeld van invoer)
# Secrets for authentication using CHAP # client server secret IP addresses username * "wachtwoord" 192.168.1.0/24 * username "wachtwoord" 192.168.1.0/24
Nu kan je de VPN configuratie testen.