Changes

From Amahi Wiki
Jump to: navigation, search

IPSEC/L2TP VPN Server (view source)

Revision as of 03:58, 23 June 2020

206 bytes added ,  03:58, 23 June 2020
no edit summary
heading =WARNING|
message = This is recommended only for advanced users, proceed with caution.}}
 
{{NeedsUpdate}}
 
 
This is a IPsec/L2TP VPN server implementation for Fedora 14 that allows Android OS (2.3.5 or less) devices to connect to your HDA. It has been tested with Android OS 2.3.5 via [http://www.samsung.com/us/mobile/cell-phones/SGH-I727MSAATT Samsung Galaxy S™ II Skyrocket™]. It may not work for all Android devices or may require some modification.
===Setup===
Install the packages first as root user:
{{Code| yum -y install openswan xl2tpd}}
====Configure Openswan====
*Edit '''''/etc/ipsec.conf''''' with your favorite editor and update as follows ('''NOTE:''' Replace the ''{HDA IP Address}'' i.e. 192.168.0.10 and xxx.xxx.xxx.xxx/24 i.e. 192.168.0.0/24 with the correct IP addresses for your network):
{{Text|Text=<pre>config setup
protostack=netkey
nat_traversal=yes
leftprotoport=17/1701
right=%any
rightprotoport=17/%any}}</pre>
* Add the following to '''''/etc/ipsec.d/hda.secrets''''':
{{Text| {HDA IP Address} %any: "a_key_that_is_at_least_8_characters_long"}}
* Edit '''''/etc/sysctl.conf''''' and add following to the file:
{{Text|Text=<pre>net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0}}</pre>
* In the same file, disable the following by adding a #:
{{Text|Text=<pre><nowiki>#</nowiki>net.bridge.bridge-nf-call-ip6tables = 0
<nowiki>#</nowiki>net.bridge.bridge-nf-call-iptables = 0
<nowiki>#</nowiki>net.bridge.bridge-nf-call-arptables = 0}}</pre>
* To enable changedchanges, do the following:{{Code| sysctl -p}}
* Create '''''/usr/bin/zl2tpset''''' and add the following:
{{Text|Text=<pre><nowiki>#</nowiki>!/bin/bash
for each in /proc/sys/net/ipv4/conf/*"
do
echo 0 > \$each/accept_redirects
echo 0 > \$each/send_redirects
done}}</pre> 
* Make it executable
{{Code| chmod 755 /usr/bin/zl2tpset}}
* Add the following to '''''/etc/rc.local''''' so this script runs on boot:
{{Text|Text= /usr/bin/zl2tpset}}
* To verify everything is set correctly, do the following:
{{Code| service ipsec start ipsec verify}}
* Everything should be "green" except ''SAref kernel support'' ('''N/A''') and ''Opportunistic Encryption'' ('''DISABLED''').
 
====Configure xl2tpd====
* Edit '''''/etc/xl2tpd/xl2tpd.conf'''''and update to reflect as follows:** Ensure <code>ipsec saref = yes</code> is uncommented.** '''NOTE:''' The IP range is outside an actively used IP range. For example if your DHCP server assigns IPs between 192.168.10.10 and 192.168.10.100 you can use 192.168.10.150-192.168.10.200. Also, xl2tpd needs a local IP which is used for communication with PPP. Given example, you could use 192.168.10.101.{{Text|Text<pre>[global]ipsec saref =no [lns default]
ip range = 192.168.10.150-192.168.10.200
local ip = 192.168.10.101}}require chap = yesrefuse pap = yesrequire authentication = yesppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yes</pre>
====Configure PPP====
* Add following to '''''/etc/ppp/chap-secrets''''' (replace username and password accordingly):
{{Text|Text= username * password *}}
* Check '''''/etc/ppp/options.xl2tpd''''' to verify that all ''ms-dns'' entries point to the correct nameservers (the HDA).
*Start xl2tpd:
{{Code| service xl2tpd start}}
====Configure Router====
====Set Services to Start on Boot====
{{code| chkconfig ipsec on chkconfig xl2tpd on}}
That's basically it, you can now setup your L2TP/IPsec VPN client and try to connect.
[https://lists.openswan.org/pipermail/users/2008-March/014218.html Installing OpenSwan for the first time]
 
[http://www.linuxhelp.in/2011/06/installing-and-configuring-l2tp-vpn.html Installing and configuring l2tp vpn using xl2tpd]
===Android L2TP/IPsec Client Setup===
Bigfoot65
Trusted, Bureaucrats, Administrators
12,424

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/53276...114981"