More than 5 years have passed since last update.

VyOSでL2TP Over IPsecによるVPNサーバ構築

Last updated at 2016-01-04Posted at 2016-01-04

#ログイン
ユーザ名、パスワードともに「vyos」
#ネットワークの設定

$ configure
# set interfaces ethernet eth0 address [IPADDRESS]/[MASK]
# set system gateway-address [GATEWAY ADDRESS]
# set system name-server [NAME SERVER ADDRESS]
# set system time-zone Asia/Tokyo
# delete system ntp server
# set system ntp server ntp.jst.mfeed.ad.jp
# set service ssh
# commit
# save
# exit

#疎通確認

$ ping 8.8.8.8

#ユーザ作成

$ configure
# set system login user [USERNAME]
# set system login user [USERNAME] authentication plaintext-password [PASSWORD]
# commit
# save
# exit

#初期ユーザ削除

$ configure
# delete system login user vyos
# commit
# save
# exit

#公開鍵認証の設定

$ ssh-keygen
$ cat ~/.ssh/id_rsa.pub
$ cat ~/.ssh/id_rsa
$ configure
# set system login user [USERNAME] authentication public-keys [USERNAME]@[HOSTNAME] type ssh-rsa
# set system login user [USERNAME] authentication public-keys [USERNAME]@[HOSTNAME] key [PUBKEY]
# set service ssh disable-password-authentication
# commit
# save
# exit

#IPsecの設定

$ configure
# set vpn ipsec ipsec-interfaces interface eth0
# set vpn ipsec nat-traversal enable
# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
# commit
# save

#L2TPの設定

# set vpn l2tp remote-access outside-address [IPADDRESS]
# set vpn l2tp remote-access outside-nexthop [GATEWAY ADDRESS]
# set vpn l2tp remote-access client-ip-pool start 192.168.110.1
# set vpn l2tp remote-access client-ip-pool stop 192.168.110.100
# set vpn l2tp remote-access dns-servers server-1 8.8.8.8
# set vpn l2tp remote-access dns-servers server-2 8.8.4.4
# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret [SHARED SECRET]
# set vpn l2tp remote-access authentication mode local
# set vpn l2tp remote-access authentication local-users username [USERNAME] password [PASSWORD]
# commit
# save

#NAT設定

# set nat source rule 999 outbound-interface eth0
# set nat source rule 999 translation address masquerade
# commit
# save
# exit

#運用中に使うかもなコマンド
###クライアント側IPアドレス固定

set vpn l2tp remote-access authentication local-users username TESTUSER static-ip 192.168.1.105

###ユーザ無効化

set vpn l2tp remote-access authentication local-users username TESTUSER disable

#参考
さくらのVPSでVyattaを使ったVPNトンネルの構築
 さくらのVPSにVyOSをインストールする
 VyOSでIPSec VPNの設定

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up