linux l2tp客戶端簡單使用 --- xl2tpd

由於需要測試l2tp，並且需要寫成自動化，如果是在windows下面，控制一大堆窗口，感覺太麻煩，所以還是轉到linux下，方便自動化。

一開始為了尋找在linux下的客戶端都找了很久，什么openswan啦，l2tpd啦，最有疑問的是 xl2tpd是不是l2tpd的升級版。

最后還是發現了一篇說了在linux下的l2tp客戶端的簡單配置，后面是鏈接地址，下面的配置也是出自此鏈接，http://nanjingabcdefg.is-programmer.com/posts/25458.html

1. 安裝xl2tpd.

下面是一段安裝后man xl2tpd的結果，我可放心了，終於找到client了

NAME
       xl2tpd - Layer 2 Tunnelling Protocol Daemon

DESCRIPTION
       A Layer 2 Tunneling Protocol VPN client/daemon for Linux and other POSIX-based OSs. Based off of L2TPd 0.61 from

 

2. 配置xl2tpd.conf

文件地址: /etc/xl2tpd/xl2tpd.conf

修改配置文件的第一件事，備份原有文件，原始的xl2tpd.conf里面有[lns default]，這個好像是用來將xl2tpd當做l2tpd服務器的關鍵語句。

要將xl2tpd作為l2tp的client話，我把xl2tpd.conf里面的所有東西都刪掉了，加入了下面幾行

[lac testvpn]
name = l2tp_user_name                                  ; l2tp帳號
lns = 192.168.11.1                                           ; l2tp server的IP
pppoptfile = /etc/ppp/peers/testvpn.l2tpd         ; pppd撥號時使用的配置文件（自己猜測是這個解釋，不知道對不對）
ppp debug = yes

 

3. 設置撥號配置文件：

文件路徑：xl2tpd.conf文件中pppoptfile =/etc/ppp/peers/testvpn.l2tpd

文件內容如下，沒有去研究每行是什么意思，先能用了再說

remotename testvpn
user "l2tp_user_name"
password "l2tp_user_password"
unit 0
lock
nodeflate
nobsdcomp
noauth
persist
nopcomp
noaccomp
maxfail 5
debug

4. 配置文件都建好后，可以啟動xl2tpd了，注意啟動不代表撥號

運行方式1： 運行/etc/init.d/xl2tpd start即可，這種啟動方式會自動去找/etc/xl2tpd/xl2tpd.conf這個配置文件，如果配置文件為另外的命名，則使用運行方式2

運行方式2：# xl2tpd -c "/your/config_file/path"，如果使用此方法，要確保存在/var/run/xl2tpd/這個目錄，其實看看/etc/init.d/xl2tpd這個文件也可以看出來，如果不存在，腳本會創建這個目錄

5. 開始撥號：

# echo 'c testvpn' > /var/run/xl2tpd/l2tp-control

撥號成功的話，通過ifconfig可以看見有個ppp0的接口

ppp0     Link encap:Point-to-Point Protocol 
          inet addr:172.16.101.100  P-t-P:172.16.101.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:124 (124.0 b)  TX bytes:130 (130.0 b)

 6. 斷開連接:

# echo 'd testvpn' > /var/run/xl2tpd/l2tp-control

 

啟動xl2tpd到撥號，整個過程可查看日志

tail -f /var/log/message       ## 這里有可能會是/var/log/syslog

下面是log信息:

Jun 28 09:32:18 localhost xl2tpd[10578]: setsockopt recvref[22]: Protocol not available
Jun 28 09:32:18 localhost xl2tpd[10578]: This binary does not support kernel L2TP.
Jun 28 09:32:18 localhost xl2tpd[10579]: xl2tpd version xl2tpd-1.2.6 started on localhost.localdomain PID:10579
Jun 28 09:32:18 localhost xl2tpd[10579]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 28 09:32:18 localhost xl2tpd[10579]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 28 09:32:18 localhost xl2tpd[10579]: Inherited by Jeff McAdams, (C) 2002
Jun 28 09:32:18 localhost xl2tpd[10579]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Jun 28 09:32:18 localhost xl2tpd[10579]: Listening on IP address 0.0.0.0, port 1701
Jun 28 09:32:41 localhost xl2tpd[10579]: Connecting to host 192.168.11.2, port 1701
Jun 28 09:32:41 localhost xl2tpd[10579]: Connection established to 192.168.11.2, 1701.  Local: 6187, Remote: 3 (ref=0/0).
Jun 28 09:32:41 localhost xl2tpd[10579]: Calling on tunnel 6187
Jun 28 09:32:41 localhost xl2tpd[10579]: Call established with 192.168.11.2, Local: 63360, Remote: 3, Serial: 1 (ref=0/0)

########### 上面是啟動xl2tpd ###################

Jun 28 09:32:41 localhost pppd[10580]: pppd 2.4.4 started by root, uid 0

Jun 28 09:32:41 localhost pppd[10580]: Using interface ppp0
Jun 28 09:32:41 localhost pppd[10580]: Connect: ppp0 <--> /dev/pts/5
Jun 28 09:32:45 localhost pppd[10580]: CHAP authentication succeeded: Login OK, welcom!
Jun 28 09:32:45 localhost pppd[10580]: CHAP authentication succeeded
Jun 28 09:32:45 localhost pppd[10580]: local  IP address 172.16.101.100
Jun 28 09:32:45 localhost pppd[10580]: remote IP address 172.16.101.1

########### 上面是撥號，得到server給的IP #################

Jun 28 09:34:14 localhost xl2tpd[10579]: Disconnecting from 192.168.11.2, Local: 6187, Remote: 3

 

Jun 28 09:34:14 localhost pppd[10580]: Modem hangup
Jun 28 09:34:14 localhost pppd[10580]: Connect time 1.5 minutes.
Jun 28 09:34:14 localhost pppd[10580]: Sent 0 bytes, received 0 bytes.
Jun 28 09:34:14 localhost xl2tpd[10579]: Connection 3 closed to 192.168.11.2, port 1701 (Goodbye!)
Jun 28 09:34:14 localhost xl2tpd[10579]: Can not find tunnel 6187 (refhim=0)
Jun 28 09:34:39 localhost xl2tpd[10579]: death_handler: Fatal signal 15 received 

l2tp連接上后，需要數據通過此ppp0接口出去的話，就需要配置路由了

route add -net default dev ppp0

 

下面是VPN連接上后，ping包tcpdump出來的信息:

09:26:14.567688 IP 192.168.11.1.1701 > 192.168.11.2.1701:  l2tp:[](2/2) {IP 172.16.101.100 > 172.16.1.1: ICMP echo request, id 10537, seq 1, length 64}
09:26:14.568528 IP 192.168.11.2.1701 > 192.168.11.1.1701:  l2tp:[L](47469/37211) {IP 172.16.1.1 > 172.16.101.100: ICMP echo reply, id 10537, seq 1, length 64}

 

<示例（CentOS）> =========================================

"/etc/xl2tpd/xl2tpd.conf" 

[global]

debug avp = no

debug network = no

debug packet = no

debug state = no

debug tunnel = no

 

 

[lac antiy]

lns = ***.***.***.***

length bit = no

redial = no

pppoptfile = /etc/ppp/antiy.xl2tpd

 

 

"/etc/ppp/antiy.xl2tpd" 

user "******"

password "******"

asyncmap 0

noauth

crtscts

lock

hide-password

modem

netmask 255.255.255.0

proxyarp

lcp-echo-interval 30

lcp-echo-failure 4

ipcp-accept-local

ipcp-accept-remote 

 

"/etc/ppp/chap-secrets"

# client        server  secret                  IP addresses 

vpn * "123456" *