18
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

VyOSでL2TP Over IPsecによるVPNサーバ構築

Last updated at Posted at 2016-01-04

#ログイン
ユーザ名、パスワードともに「vyos」
#ネットワークの設定

$ configure
# set interfaces ethernet eth0 address [IPADDRESS]/[MASK]
# set system gateway-address [GATEWAY ADDRESS]
# set system name-server [NAME SERVER ADDRESS]
# set system time-zone Asia/Tokyo
# delete system ntp server
# set system ntp server ntp.jst.mfeed.ad.jp
# set service ssh
# commit
# save
# exit

#疎通確認

$ ping 8.8.8.8

#ユーザ作成

$ configure
# set system login user [USERNAME]
# set system login user [USERNAME] authentication plaintext-password [PASSWORD]
# commit
# save
# exit

#初期ユーザ削除

$ configure
# delete system login user vyos
# commit
# save
# exit

#公開鍵認証の設定

$ ssh-keygen
$ cat ~/.ssh/id_rsa.pub
$ cat ~/.ssh/id_rsa
$ configure
# set system login user [USERNAME] authentication public-keys [USERNAME]@[HOSTNAME] type ssh-rsa
# set system login user [USERNAME] authentication public-keys [USERNAME]@[HOSTNAME] key [PUBKEY]
# set service ssh disable-password-authentication
# commit
# save
# exit

#IPsecの設定

$ configure
# set vpn ipsec ipsec-interfaces interface eth0
# set vpn ipsec nat-traversal enable
# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
# commit
# save

#L2TPの設定

# set vpn l2tp remote-access outside-address [IPADDRESS]
# set vpn l2tp remote-access outside-nexthop [GATEWAY ADDRESS]
# set vpn l2tp remote-access client-ip-pool start 192.168.110.1
# set vpn l2tp remote-access client-ip-pool stop 192.168.110.100
# set vpn l2tp remote-access dns-servers server-1 8.8.8.8
# set vpn l2tp remote-access dns-servers server-2 8.8.4.4
# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret [SHARED SECRET]
# set vpn l2tp remote-access authentication mode local
# set vpn l2tp remote-access authentication local-users username [USERNAME] password [PASSWORD]
# commit
# save

#NAT設定

# set nat source rule 999 outbound-interface eth0
# set nat source rule 999 translation address masquerade
# commit
# save
# exit

#運用中に使うかもなコマンド
###クライアント側IPアドレス固定

set vpn l2tp remote-access authentication local-users username TESTUSER static-ip 192.168.1.105

###ユーザ無効化

set vpn l2tp remote-access authentication local-users username TESTUSER disable

#参考
さくらのVPSでVyattaを使ったVPNトンネルの構築
さくらのVPSにVyOSをインストールする
VyOSでIPSec VPNの設定

18
13
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
18
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?