linux l2tp客户端简单使用 --- xl2tpd

由于需要测试l2tp，并且需要写成自动化，如果是在windows下面，控制一大堆窗口，感觉太麻烦，所以还是转到linux下，方便自动化。

一开始为了寻找在linux下的客户端都找了很久，什么openswan啦，l2tpd啦，最有疑问的是 xl2tpd是不是l2tpd的升级版。

最后还是发现了一篇说了在linux下的l2tp客户端的简单配置，后面是链接地址，下面的配置也是出自此链接，http://nanjingabcdefg.is-programmer.com/posts/25458.html

1. 安装xl2tpd.

下面是一段安装后man xl2tpd的结果，我可放心了，终于找到client了

NAME
       xl2tpd - Layer 2 Tunnelling Protocol Daemon

DESCRIPTION
       A Layer 2 Tunneling Protocol VPN client/daemon for Linux and other POSIX-based OSs. Based off of L2TPd 0.61 from

 

2. 配置xl2tpd.conf

文件地址: /etc/xl2tpd/xl2tpd.conf

修改配置文件的第一件事，备份原有文件，原始的xl2tpd.conf里面有[lns default]，这个好像是用来将xl2tpd当做l2tpd服务器的关键语句。

要将xl2tpd作为l2tp的client话，我把xl2tpd.conf里面的所有东西都删掉了，加入了下面几行

[lac testvpn]
name = l2tp_user_name                                  ; l2tp帐号
lns = 192.168.11.1                                           ; l2tp server的IP
pppoptfile = /etc/ppp/peers/testvpn.l2tpd         ; pppd拨号时使用的配置文件（自己猜测是这个解释，不知道对不对）
ppp debug = yes

 

3. 设置拨号配置文件：

文件路径：xl2tpd.conf文件中pppoptfile =/etc/ppp/peers/testvpn.l2tpd

文件内容如下，没有去研究每行是什么意思，先能用了再说

remotename testvpn
user "l2tp_user_name"
password "l2tp_user_password"
unit 0
lock
nodeflate
nobsdcomp
noauth
persist
nopcomp
noaccomp
maxfail 5
debug

4. 配置文件都建好后，可以启动xl2tpd了，注意启动不代表拨号

运行方式1： 运行/etc/init.d/xl2tpd start即可，这种启动方式会自动去找/etc/xl2tpd/xl2tpd.conf这个配置文件，如果配置文件为另外的命名，则使用运行方式2

运行方式2：# xl2tpd -c "/your/config_file/path"，如果使用此方法，要确保存在/var/run/xl2tpd/这个目录，其实看看/etc/init.d/xl2tpd这个文件也可以看出来，如果不存在，脚本会创建这个目录

5. 开始拨号：

# echo 'c testvpn' > /var/run/xl2tpd/l2tp-control

拨号成功的话，通过ifconfig可以看见有个ppp0的接口

ppp0     Link encap:Point-to-Point Protocol 
          inet addr:172.16.101.100  P-t-P:172.16.101.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:124 (124.0 b)  TX bytes:130 (130.0 b)

 6. 断开连接:

# echo 'd testvpn' > /var/run/xl2tpd/l2tp-control

 

启动xl2tpd到拨号，整个过程可查看日志

tail -f /var/log/message       ## 这里有可能会是/var/log/syslog

下面是log信息:

Jun 28 09:32:18 localhost xl2tpd[10578]: setsockopt recvref[22]: Protocol not available
Jun 28 09:32:18 localhost xl2tpd[10578]: This binary does not support kernel L2TP.
Jun 28 09:32:18 localhost xl2tpd[10579]: xl2tpd version xl2tpd-1.2.6 started on localhost.localdomain PID:10579
Jun 28 09:32:18 localhost xl2tpd[10579]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 28 09:32:18 localhost xl2tpd[10579]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 28 09:32:18 localhost xl2tpd[10579]: Inherited by Jeff McAdams, (C) 2002
Jun 28 09:32:18 localhost xl2tpd[10579]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Jun 28 09:32:18 localhost xl2tpd[10579]: Listening on IP address 0.0.0.0, port 1701
Jun 28 09:32:41 localhost xl2tpd[10579]: Connecting to host 192.168.11.2, port 1701
Jun 28 09:32:41 localhost xl2tpd[10579]: Connection established to 192.168.11.2, 1701.  Local: 6187, Remote: 3 (ref=0/0).
Jun 28 09:32:41 localhost xl2tpd[10579]: Calling on tunnel 6187
Jun 28 09:32:41 localhost xl2tpd[10579]: Call established with 192.168.11.2, Local: 63360, Remote: 3, Serial: 1 (ref=0/0)

########### 上面是启动xl2tpd ###################

Jun 28 09:32:41 localhost pppd[10580]: pppd 2.4.4 started by root, uid 0

Jun 28 09:32:41 localhost pppd[10580]: Using interface ppp0
Jun 28 09:32:41 localhost pppd[10580]: Connect: ppp0 <--> /dev/pts/5
Jun 28 09:32:45 localhost pppd[10580]: CHAP authentication succeeded: Login OK, welcom!
Jun 28 09:32:45 localhost pppd[10580]: CHAP authentication succeeded
Jun 28 09:32:45 localhost pppd[10580]: local  IP address 172.16.101.100
Jun 28 09:32:45 localhost pppd[10580]: remote IP address 172.16.101.1

########### 上面是拨号，得到server给的IP #################

Jun 28 09:34:14 localhost xl2tpd[10579]: Disconnecting from 192.168.11.2, Local: 6187, Remote: 3

 

Jun 28 09:34:14 localhost pppd[10580]: Modem hangup
Jun 28 09:34:14 localhost pppd[10580]: Connect time 1.5 minutes.
Jun 28 09:34:14 localhost pppd[10580]: Sent 0 bytes, received 0 bytes.
Jun 28 09:34:14 localhost xl2tpd[10579]: Connection 3 closed to 192.168.11.2, port 1701 (Goodbye!)
Jun 28 09:34:14 localhost xl2tpd[10579]: Can not find tunnel 6187 (refhim=0)
Jun 28 09:34:39 localhost xl2tpd[10579]: death_handler: Fatal signal 15 received 

l2tp连接上后，需要数据通过此ppp0接口出去的话，就需要配置路由了

route add -net default dev ppp0

 

下面是VPN连接上后，ping包tcpdump出来的信息:

09:26:14.567688 IP 192.168.11.1.1701 > 192.168.11.2.1701:  l2tp:[](2/2) {IP 172.16.101.100 > 172.16.1.1: ICMP echo request, id 10537, seq 1, length 64}
09:26:14.568528 IP 192.168.11.2.1701 > 192.168.11.1.1701:  l2tp:[L](47469/37211) {IP 172.16.1.1 > 172.16.101.100: ICMP echo reply, id 10537, seq 1, length 64}

 

<示例（CentOS）> =========================================

"/etc/xl2tpd/xl2tpd.conf" 

[global]

debug avp = no

debug network = no

debug packet = no

debug state = no

debug tunnel = no

 

 

[lac antiy]

lns = ***.***.***.***

length bit = no

redial = no

pppoptfile = /etc/ppp/antiy.xl2tpd

 

 

"/etc/ppp/antiy.xl2tpd" 

user "******"

password "******"

asyncmap 0

noauth

crtscts

lock

hide-password

modem

netmask 255.255.255.0

proxyarp

lcp-echo-interval 30

lcp-echo-failure 4

ipcp-accept-local

ipcp-accept-remote 

 

"/etc/ppp/chap-secrets"

# client        server  secret                  IP addresses 

vpn * "123456" *