viernes, 15 de abril de 2011

Configurar L2TP para conectar tu Android

Instalar L2tp Server en Debian.
1.- Instalar los siguiente paquetes y sus dependencias:

aptitude install xl2tpd openswan
========================================================
2º.- configurar openswan  en /etc/ipsec.conf:
config setup
  protostack=netkey
  nat_traversal=yes

conn L2TP-PSK-NAT
  rightsubnet=vhost:%priv
  also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
  authby=secret
  pfs=no
  auto=add
  keyingtries=3
  rekey=no
  ikelifetime=8h
  keylife=1h
  type=transport
  left=172.16.31.1   <-- replace this IP address with the IPv4 address of this machine
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/1701

conn passthrough-for-non-l2tp
  type=passthrough
  left=172.16.31.1  <-- replace this IPv4 address with the IPv4 address of this machine
  leftnexthop=0.0.0.0
  right=0.0.0.0
  rightsubnet=0.0.0.0/0
  auto=route
=================================================================
3º.- En el fichero /etc/ipsec.secrets, cambiar:
172.16.31.1 %any: "mysecretpresharedkeypassword"   <-- replace the address with the IPv4 address of this machine
=================================================================
4º.- Configurando xl2tpd y pppd:
[global]                ; Global parameters:
port = 1701             ; * Bind to port 1701
auth file = /etc/xl2tpd/l2tp-secrets  ; * Where our challenge secrets are
access control = no         ; * Refuse connections without IP match
rand source = dev                     ; Source for entropy for random

[lns default]             ; Our fallthrough LNS definition
exclusive = no            ; * Only permit one tunnel per host
ip range = 81.187.223.214 - 81.187.223.216  <-- enter the IP range you wish to give out to your clients here
local ip = 81.187.223.193      <-- address of the L2TP end of the tunnel (i.e. this machine)
refuse authentication = yes     ; * Refuse authentication altogether
refuse pap = yes            ; * Refuse PAP authentication
refuse chap = yes
ppp debug = no            ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file
==================================================================
5º.- Incluir los siguiente en el fichero /etc/ppp/options.l2tpd:
# Do not support BSD compression.
nobsdcomp
passive
lock

# Allow all usernames to connect.
name *
proxyarp
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 10
lcp-echo-interval 5
nodeflate

# Do not authenticate incoming connections. This is handled by IPsec.
noauth
refuse-chap
refuse-mschap
refuse-mschap-v2

# Set the DNS servers the PPP clients will use.
ms-dns 81.187.223.193  <-- change this to the IPv4 address of your DNS server
ms-dns 81.187.223.198  <-- add extra entries if necessary

mtu 1400
mru 1400
==================================================================
6º.- Resetear los servicios openswan y xl2tp:
/etc/init.d/ipsec restart
etc/init.d/xl2tpd restart 









Publicado por
Urba


en
9:18








































No hay comentarios:















Publicar un comentario


















        

      









Suscribirse a:
Enviar comentarios (Atom)