Professional Documents
Culture Documents
L2TP IPSec
L2TP IPSec
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
dpddelay=30
dpdtimeout=120
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=192.168.0.253
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
forceencaps=yes
3. L2TP
Editer le fichier /etc/xl2tpd/xl2tpd.conf :
[global]
ipsec saref = no
[lns default]
ip range = 10.152.2.2-10.152.2.254
local ip = 10.152.2.1
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
* * challenge
Editer le fichier /etc/ppp/options.xl2tpd :
refuse-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1200
mru 1200
lock
hide-password
local
#debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
6. Redémarrer le serveur
7. Client Android 4.1 :
Secret L2TP : challenge
Clé Pré-partagée : secret123
Utilisateur : user1
Mot de passe : password