WP8.1目前只支持IKEv2和带IPSec的L2TP两种VPN,搭建IKEv2需要证书比较麻烦,所以选择了在DO上搭建L2TP服务器.完整步骤记录如下:

一键安装L2TP的VPN

1,新建个bash脚本:

1
vim test.sh

然后在里面添加如下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/bin/bash

if [ $(id -u) != "0" ]; then
    printf "Error: You must be root to run this tool!\n"
    exit 1
fi
clear
printf "
####################################################
#                                                  #
# This is a Shell-Based tool of l2tp installation  #
# Version: 1.3                                     #
# Author: Hong Chen                                #
# For Ubuntu 32bit and 64bit                       #
#                                                  #
####################################################
"
vpsip=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`

iprange="10.0.99"
echo "Please input IP-Range:"
read -p "(Default Range: 10.0.99):" iprange
if [ "$iprange" = "" ]; then
    iprange="10.0.99"
fi

mypsk="vpsyou.com"
echo "Please input PSK:"
read -p "(Default PSK: vpsyou.com):" mypsk
if [ "$mypsk" = "" ]; then
    mypsk="vpsyou.com"
fi

clear
get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "ServerIP:"
echo "$vpsip"
echo ""
echo "Server Local IP:"
echo "$iprange.1"
echo ""
echo "Client Remote IP Range:"
echo "$iprange.2-$iprange.254"
echo ""
echo "PSK:"
echo "$mypsk"
echo ""
echo "Press any key to start..."
char=`get_char`
clear

apt-get -y update
apt-get -y upgrade
apt-get -y install libgmp3-dev bison flex libpcap-dev ppp iptables make gcc lsof vim
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
apt-get install openswan
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=$vpsip
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
EOF
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$mypsk"
EOF
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
sysctl -p
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
ipsec verify
cd /ztmp/l2tp
wget http://downloads.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd /ztmp/l2tp
apt-get install xl2tpd
mkdir /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $iprange.2-$iprange.254
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
cat >>/etc/ppp/chap-secrets<<EOF
test l2tpd test123 *
EOF
touch /usr/bin/zl2tpset
echo "#/bin/bash" >>/usr/bin/zl2tpset
echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/zl2tpset
echo "do" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/accept_redirects" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/send_redirects" >>/usr/bin/zl2tpset
echo "done" >>/usr/bin/zl2tpset
chmod +x /usr/bin/zl2tpset
iptables --table nat --append POSTROUTING --jump MASQUERADE
zl2tpset
xl2tpd
cat >>/etc/rc.local<<EOF
iptables --table nat --append POSTROUTING --jump MASQUERADE
/etc/init.d/ipsec restart
/usr/bin/zl2tpset
/usr/local/sbin/xl2tpd
EOF
clear
ipsec verify
printf "
####################################################
#                                                  #
# This is a Shell-Based tool of l2tp installation  #
# Version: 1.3                                     #
# Author: Zed Lau                                  #
# For Ubuntu 32bit and 64bit                       #
#                                                  #
####################################################
if there are no [FAILED] above, then you can
connect to your L2TP VPN Server with the default
user/pass below:

ServerIP:$vpsip
username:test
password:test123
PSK:$mypsk

"

2,给脚本赋予运行权限并执行脚本:

1
2
chmod +x test.sh
./test.sh

3, 安装过程输入vpn分配ip(如10.1.99)和共享密钥PSK
有选择框的一律选yes,ok,create等

一键安装支持WP8的带IPSEC的L2TP VPN

4,因为wp8.1需要L2TP带IPSec加密,第一个一键安装的脚本经测试不能在wp8.1下链接.
所以如果要支持WindowsPhone的话,我们同刚才一键安装的方式,新建以下脚本:

1
vim test2.sh

然后添加一键安装IPSec的内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/sh

#VPN 账号
vpn_name="test"

#VPN 密码
vpn_password="test123456"

#设置 PSK 预共享密钥
psk_password="test123456"

#获取公网IP
ip=`ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`

#安装 openswan、xl2tpd(有弹对话框的话直接按回车就行)
apt-get install -y openswan xl2tpd screen

#备份 /etc/ipsec.conf 文件
ipsec_conf="/etc/ipsec.conf"
if [ -f $ipsec_conf ]; then
    cp $ipsec_conf $ipsec_conf.bak
fi
echo "
version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=$ip
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpddelay=40
    dpdtimeout=130
    dpdaction=clear
" > $ipsec_conf

#备份 /etc/ipsec.secrets 文件
ipsec_secrets="/etc/ipsec.secrets"
if [ -f $ipsec_secrets ]; then
    cp $ipsec_secrets $ipsec_secrets.bak
fi
echo "
$ip   %any:  PSK \"$psk_password\"
" >> $ipsec_secrets

#备份 /etc/sysctl.conf 文件
sysctl_conf="/etc/sysctl.conf"
if [ -f $sysctl_conf ]; then
    cp $sysctl_conf $sysctl_conf.bak
fi
echo "
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
" >> $sysctl_conf
sysctl -p

for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done

#设置 l2tp
xl2tpd="/etc/xl2tpd/xl2tpd.conf"
if [ -f $xl2tpd ]; then
    cp $xl2tpd $xl2tpd.bak
fi
echo "
[global]
ipsec saref = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
" > $xl2tpd

#设置 ppp
options_xl2tpd="/etc/ppp/options.xl2tpd"
if [ -f $options_xl2tpd ]; then
    cp $options_xl2tpd $options_xl2tpd.bak
fi
echo "
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
" > $options_xl2tpd

#添加 VPN 账号
chap_secrets="/etc/ppp/chap-secrets"
if [ -f $chap_secrets ]; then
    cp $chap_secrets $chap_secrets.bak
fi
echo "
$vpn_name * $vpn_password *
" >> $chap_secrets

#设置 iptables 的数据包转发
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/init.d/ipsec stop

/etc/init.d/xl2tpd stop

/etc/init.d/ipsec start

screen -dmS xl2tpd xl2tpd -D

ipsec verify

echo "###########################################"
echo "##    L2TP VPN SETUP COMPLETE!"
echo "##    VPN IP          :   $ip"
echo "##    VPN USER        :   $vpn_name"
echo "##    VPN PASSWORD    :   $vpn_password"
echo "##    VPN PSK         :   $psk_password"
echo "###########################################"

5,同理,给脚本test2.sh赋予运行权限并执行脚本:

1
2
chmod +x test2.sh
./test2.sh

如果有500或4500端口是failed先不管他,其他的没有failed就行.记得执行apt-get install lsof,当然如果已经安装了就不用再装了.

6,编辑共享密钥文件:

1
vim /etc/ipsec.secrets

把里面include什么的注释掉,只留下一行

1
192.241.182.172 %any: PSK "xxxxxxxx"

其中xxxxx是我们自己定的共享密钥,记得替换

7, 修改密钥后重启服务:

1
service ipsec restart

至此,VPN便搭建完成了,现在可以用WinPhone连上去玩耍了~ ~ ~- ( ≧ ▽ ≦)つロ
而且,Windows也能正常连接哦~

修复:VPN连上后无法访问外网的解决方法

由于前面两个脚本冲突阻止了开机加载防火墙规则NAT转发,导致重启服务器后vpn连接无法访问外网.可以这样解决:

1
vim /etc/rc.local

把其中的exit 0删掉,然后在该文件的最后,新建一行,添上:

1
exit 0

这样以后重启服务器就不会上不了外网了.

PS:

1,用户名密码记录在/etc/ppp/chap-secrets
可以用

1
vim /etc/ppp/chap-secrets

进去修改和添加用户和密码

2,ipsec日志记录可以使用命令:

1
vim /var/log/auth.log

来查看日志,以便排错和在连接失败的时候查找原因.

以上只是博主本人自行琢磨出来加上网上搜集资料而得出的方法,如有问题和隐患,希望能告知本人,谢谢~

参考链接:
Ubuntu Or Debian L2TP VPN 一键安装脚本

Linode CentOS / Debian 部署 ipsec+l2tpd 简要笔记