Step #2 : Login to your server
Step # 2 : Follow the Step by Step procedure as below history commands
3 echo "start of L2TP setup using racoon" 4 rpm -ivH http://repo.nikoforge.org/redhat/el6/nikoforge-release-latest 5 yum -y install http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm 6 yum -y install ipsec-tools 7 yum -y install xl2tpd 8 nano /etc/racoon/init.sh 9 yum install nano 10 nano /etc/racoon/init.sh 11 chmod 750 /etc/racoon/init.sh 18 sed -in-place '/\/etc\/racoon\/init.sh/d' /etc/rc.d/local 19 nano /etc/racoon/init.sh 20 echo /etc/racoon/init.sh >> /etc/rc.d/rc.local 24 nano /etc/racoon/racoon.conf 25 nano /etc/racoon/psk.txt 26 chmod 600 /etc/racoon/psk.txt 27 nano /etc/xl2tpd/xl2tpd.conf 28 nano /etc/ppp/options.xl2tpd 29 nano /etc/ppp/chap-secrets 30 chmod 600 /etc/ppp/chap-secrets 31 chkconfig racoon on 32 chkconfig xl2tpd on 33 service racoon start 34 service xl2tpd start 35 /etc/racoon/init.sh 40 iptables -t nat -A POSTROUTING -j SNAT --to-source 23.226.228.209 43 echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf 44 echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf 45 echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf 46 for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done 47 sysctl -p
Step # 2: Cut and Paste the configuration files as below
init.sh
#***********/etc/racoon/init.sh***************** #!/bin/sh # set security policies echo -e "flush;\n\ spdflush;\n\ spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in ipsec esp/transport//require;\n\ spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;\n"\ | setkey -c # enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward
rc.local
# *******************/etc/rc.d/rc.local********************** #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local /etc/racoon/init.sh
racoon.conf
#************etc/racoon/racoon.conf******************
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";
remote anonymous
{
exchange_mode aggressive,main;
passive on;
proposal_check obey;
support_proxy on;
nat_traversal on;
ike_frag on;
dpd_delay 20;
proposal
{
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
proposal
{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo anonymous
{
encryption_algorithm aes,3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group modp1024;
}
psk.txt (you can change the mysharedsecret to any 8 character word)
#*****************/etc/racoon/psk.txt************** # file for pre-shared keys used for IKE authentication # format is: 'identifier' 'key' # For example: # # 10.1.1.1 flibbertigibbet # www.example.com 12345 # foo@www.example.com micropachycephalosaurus androidvpn smartl2tpzx * mysharedsecret
xl2tpd.conf
#************/etc/xl2tpd/xl2tpd.conf*************** [global] ipsec saref = yes force userspace = yes [lns default] local ip = 10.0.2.1 ip range = 10.0.2.10-10.0.2.200 refuse pap = yes require authentication = yes ppp debug = no length bit = yes pppoptfile = /etc/ppp/options.xl2tpd
options.xl2tpd
#*************/etc/ppp/options.xl2tpd******************** ms-dns 10.203.120.41 ms-dns 8.8.8.8 require-mschap-v2 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 10 lcp-echo-failure 100
chap-secrets (add more lines for more users)
#***********/etc/ppp/chap-secrets*********** # Secrets for authentication using CHAP # client server secret IP addresses mike l2tpd secretpass *
Step # 3: Start the server.
root > service racoon start
root > service xl2tpd start
That’s it folks.