- Instalar los paquetes
# For Ubuntu & Debian
apt-get update
apt-get -y install strongswan xl2tpd
# For RHEL/CentOS
yum -y install epel-release
yum --enablerepo=epel -y install strongswan xl2tpd
yum -y install strongswan xl2tpd
- Crear las variables
VPN_SERVER_IP=your_vpn_server_ip
VPN_IPSEC_PSK=your_ipsec_pre_shared_key
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password
- Configurar strongSwan:
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
EOF
cat > /etc/ipsec.secrets <<EOF
: PSK "$VPN_IPSEC_PSK"
EOF
chmod 600 /etc/ipsec.secrets
For CentOS/RHEL & Fedora ONLY
mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
ln -s /etc/ipsec.secrets /etc/strongswan/ipsec.secrets- Configurar xl2tpd:
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name $VPN_USER
password $VPN_PASSWORD
EOF
chmod 600 /etc/ppp/options.l2tpd.clientConectar
Cree el archivo de control xl2tpd:
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
Activar servicios:
systemctl enable strongswan
systemctl enable xl2tpd
systemctl restart strongswan
systemctl restart xl2tpd
Iniciar la conexión IPsec:
# Ubuntu & Debian
ipsec up myvpn
# CentOS/RHEL & Fedora
strongswan up myvpn
Iniciar la conexión L2TP:
echo "c myvpn" > /var/run/xl2tpd/l2tp-control
Iniciar automáticamente:
cat > /root/start_vpn.sh <<EOF
#!/bin/sh
sleep 9
strongswan up myvpn
echo "c myvpn" > /var/run/xl2tpd/l2tp-control
EOF
chmod +x /root/start_vpn.shAbrir
nano /etc/rc.localAgregar al final:
/root/start_vpn.shPara desconectar:
# Ubuntu & Debian
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn
# CentOS/RHEL & Fedora
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
strongswan down myvpn
Para eliminar los archivos:
rm /etc/ipsec.conf
rm /etc/ipsec.secrets
rm /etc/strongswan/ipsec.conf
rm /etc/strongswan/ipsec.secrets
rm /etc/xl2tpd/xl2tpd.conf
rm /etc/ppp/options.l2tpd.client
rm /var/run/xl2tpd/l2tp-controlEnrutar el tráfico a una dirección IP en su red interna
Reemplace x.x.x.x con la dirección con la que desea comunicarse a través del dispositivo de túnel:
sudo ip route add x.x.x.x/x via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0
