[bash title=»код»]yum install openswan xl2tpd ppp lsof[/bash]
[bash title=»код»]echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf
for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
sysctl -p
[/bash]
/etc/rc.local
[bash title=»код»]for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
iptables -t nat -A POSTROUTING -j SNAT —to-source %SERVERIP%
[/bash]
%SERVERIP% — ваш ip vpn сервера
/etc/ipsec.conf
[bash title=»код»]
version 2.0
config setup
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.1.0/24
oe=off
plutodebug=none
plutostderrlog=/var/log/pluto.log
interfaces=%defaultroute
klipsdebug=none
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=tunnel
esp=aes256-sha1
ike=aes256-sha-modp1024
forceencaps=yes
right=%any
rightsubnet=vhost:%any,%priv
rightprotoport=17/0
left=%defaultroute
leftprotoport=17/1701
dpddelay=10
dpdtimeout=90
dpdaction=clear
/etc/ipsec.secrets
[/bash]
ipsec saref = yes
force userspace = yes
[lns default]
ip range = 172.16.0.30-172.16.0.100
local ip = 172.16.0.1
refuse pap = yes
require authentication = yes
ppp debug = no
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
[bash title=»код»]
/etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noproxyarp
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
logfile /var/log/ppp/ppp.log
/etc/ppp/chap-secrets
[/bash]
[bash title=»код»] [/bash]