Help us understand the problem. What is going on with this article?

xl2tpd + strongswan でVPN構築し、iPhone6から接続 (今のところ同一LAN以外では接続できない。)

More than 3 years have passed since last update.

参考

openswanパッケージが更新されたのですが、もうメンテナンスしてないからstrongSwanとかに乗り換えてね

インストール

  • ubuntu15.04にて実施。
    • このサーバのIPアドレスは 192.168.100.121
sudo apt-get install -y strongswan xl2tpd

strongswan (IPSec)

/etc/ipsec.conf
config setup

conn L2TP-NAT
    rightsubnet=0.0.0.0/0
    also=L2TP-noNAT

conn L2TP-noNAT
    forceencaps=yes
    authby=secret
    auto=add
    keyexchange=ikev1
    keyingtries=3
    ike=aes128-sha1-modp3072
    esp=aes128-sha1-modp3072
    rekey=no
    ikelifetime=8h
    lifetime=1h
    type=transport
    left=192.168.100.121    # 自サーバのIPアドレスを指定
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpddelay=40
    dpdtimeout=130
    dpdaction=clear
/etc/ipsec.secrets
: PSK "PRESHAREDKEY"
/etc/strongswan.conf
  charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
+       dns1=8.8.8.8
+       dns2=8.8.4.4
  }

  include strongswan.d/*.conf
systemctl start strongswan

xl2tpd

/etc/xl2tpd/xl2tpd.conf
[lns default]
ip range = 192.168.100.4-192.168.100.5
local ip = 192.168.100.121    ; 自サーバのIPアドレスを指定
length bit = yes
refuse chap = yes
require authentication = yes
name = l2tp
pppoptfile = /etc/ppp/options.l2tpd.lns
/etc/ppp/options.l2tpd.lns
name l2tp
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
ms-dns 8.8.8.8
nodefaultroute
lock
nobsdcomp
mtu 1280
mru 1280
/etc/ppp/chap-secrets
# client        server  secret                  IP addresses
client1  l2tp   ep2fai6T        *
client2  l2tp   hahGiv4i        *
systemctl start xl2tpd
/etc/sysctl.conf
net.ipv4.ip_forward=1

sudo sysctl -p

ログの見方

sudo journalctl -u strongswan -f -l

接続実施

  • 設定

IMG_1299.jpg

  • 接続成功

IMG_1300.jpg

sudo ipsec status
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away