OS: CenotOS7 X86_64

1.安装ipsec服务

1.1安装openswan

1.yum安装gmp

2.yum安装flex

3.下载openswan（2.6.49）https://www.openswan.org/

4.make programs

5.make install

1.2修改/etc/ipsec.conf

1.将/etc/ipsec.d/examples/l2tp-psk.conf中conn L2TP-PSK-NAT和conn L2TP-PSK-noNAT直接拷贝至文件中

2.修改left=YourGatewayIP，将YourGatewayIP修改为服务器IP

1.3修改/etc/ipsec.secrets

1.添加如下内容：

服务器IP  %any: "连接秘钥"

1.4修改/etc/sysctl.conf

1.内容如下：

net.ipv4.ip_forward = 1

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.eth0.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

2.执行sysctl -p 命令让配置生效

1.5验证ipsec服务

service ipsec restart

ipsec verify

查看是否有fail

2.安装L2TP服务

2.1安装软件包

yum install -y epel-release

yum install -y xl2tpd ppp lsof

2.2修改/etc/xl2tpd/xl2tpd.conf

#修改如下配置

[global]

listen-addr = 服务器ip

ipsec saref = yes

force userspace = yes

2.3修改/etc/ppp/options.xl2tpd

#增加如下内容

name l2tpd

require-mschap-v2

ms-dns  8.8.4.4

2.4配置用户名、密码

编辑文件/etc/ppp/chap-secrets

# client        server  secret                  IP addresses

username * password *

#server和IP address用*代替即可

2.5启动服务

service xl2tpd start

3防火墙修改

执行如下命令：

iptables -A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT

iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT

iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT

iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT

iptables -A INPUT -p esp -j ACCEPT

iptables -A INPUT -m policy --dir in --pol ipsec -j ACCEPT

iptables -A FORWARD -d 10.0.10.0/24 -j ACCEPT

iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT

iptables -A FORWARD -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -o eth0 -j MASQUERADE

service iptables save

service iptables restart

4开机自动启动

systemctl enable ipsec

systemctl enable xl2tpd