在DigitalOcean上一键搭建WindowsPhone可用的L2TP的VPN
WP8.1目前只支持IKEv2和带IPSec的L2TP两种VPN,搭建IKEv2需要证书比较麻烦,所以选择了在DO上搭建L2TP服务器.完整步骤记录如下:
一键安装L2TP的VPN
1,新建个bash脚本:1
vim test.sh
然后在里面添加如下内容:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this tool!\n"
exit 1
fi
clear
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.3 #
# Author: Hong Chen #
# For Ubuntu 32bit and 64bit #
# #
####################################################
"
vpsip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
iprange="10.0.99"
echo "Please input IP-Range:"
read -p "(Default Range: 10.0.99):" iprange
if [ "$iprange" = "" ]; then
iprange="10.0.99"
fi
mypsk="vpsyou.com"
echo "Please input PSK:"
read -p "(Default PSK: vpsyou.com):" mypsk
if [ "$mypsk" = "" ]; then
mypsk="vpsyou.com"
fi
clear
get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "ServerIP:"
echo "$vpsip"
echo ""
echo "Server Local IP:"
echo "$iprange.1"
echo ""
echo "Client Remote IP Range:"
echo "$iprange.2-$iprange.254"
echo ""
echo "PSK:"
echo "$mypsk"
echo ""
echo "Press any key to start..."
char=`get_char`
clear
apt-get -y update
apt-get -y upgrade
apt-get -y install libgmp3-dev bison flex libpcap-dev ppp iptables make gcc lsof vim
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
apt-get install openswan
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
EOF
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$mypsk"
EOF
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
sysctl -p
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
ipsec verify
cd /ztmp/l2tp
wget http://downloads.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd /ztmp/l2tp
apt-get install xl2tpd
mkdir /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $iprange.2-$iprange.254
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
cat >>/etc/ppp/chap-secrets<<EOF
test l2tpd test123 *
EOF
touch /usr/bin/zl2tpset
echo "#/bin/bash" >>/usr/bin/zl2tpset
echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/zl2tpset
echo "do" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/accept_redirects" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/send_redirects" >>/usr/bin/zl2tpset
echo "done" >>/usr/bin/zl2tpset
chmod +x /usr/bin/zl2tpset
iptables --table nat --append POSTROUTING --jump MASQUERADE
zl2tpset
xl2tpd
cat >>/etc/rc.local<<EOF
iptables --table nat --append POSTROUTING --jump MASQUERADE
/etc/init.d/ipsec restart
/usr/bin/zl2tpset
/usr/local/sbin/xl2tpd
EOF
clear
ipsec verify
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.3 #
# Author: Zed Lau #
# For Ubuntu 32bit and 64bit #
# #
####################################################
if there are no [FAILED] above, then you can
connect to your L2TP VPN Server with the default
user/pass below:
ServerIP:$vpsip
username:test
password:test123
PSK:$mypsk
"
2,给脚本赋予运行权限并执行脚本:1
2chmod +x test.sh
./test.sh
3, 安装过程输入vpn分配ip(如10.1.99)和共享密钥PSK
有选择框的一律选yes,ok,create等
一键安装支持WP8的带IPSEC的L2TP VPN
4,因为wp8.1需要L2TP带IPSec加密,第一个一键安装的脚本经测试不能在wp8.1下链接.
所以如果要支持WindowsPhone的话,我们同刚才一键安装的方式,新建以下脚本:1
vim test2.sh
然后添加一键安装IPSec的内容:
1 |
|
5,同理,给脚本test2.sh赋予运行权限并执行脚本:1
2chmod +x test2.sh
./test2.sh
如果有500或4500端口是failed先不管他,其他的没有failed就行.记得执行apt-get install lsof,当然如果已经安装了就不用再装了.
6,编辑共享密钥文件:1
vim /etc/ipsec.secrets
把里面include什么的注释掉,只留下一行1
192.241.182.172 %any: PSK "xxxxxxxx"
其中xxxxx是我们自己定的共享密钥,记得替换
7, 修改密钥后重启服务:1
service ipsec restart
至此,VPN便搭建完成了,现在可以用WinPhone连上去玩耍了~ ~ ~- ( ≧ ▽ ≦)つロ
而且,Windows也能正常连接哦~
修复:VPN连上后无法访问外网的解决方法
由于前面两个脚本冲突阻止了开机加载防火墙规则NAT转发,导致重启服务器后vpn连接无法访问外网.可以这样解决:
1 | vim /etc/rc.local |
把其中的exit 0删掉,然后在该文件的最后,新建一行,添上:1
exit 0
这样以后重启服务器就不会上不了外网了.
PS:
1,用户名密码记录在/etc/ppp/chap-secrets
可以用1
vim /etc/ppp/chap-secrets
进去修改和添加用户和密码
2,ipsec日志记录可以使用命令:1
vim /var/log/auth.log
来查看日志,以便排错和在连接失败的时候查找原因.
以上只是博主本人自行琢磨出来加上网上搜集资料而得出的方法,如有问题和隐患,希望能告知本人,谢谢~