SoftEther で VPN するつもりでしたが,これがまた安定しない.
これができないとデータ回収できないので,とても困る.
そこでL2TP/IPsecを試してみることにした.
結論からいうと,最初からこちらにすればよかった.
参考にさせて頂いたのは,下記の2つ.
RTX830のL2TP/IPsecスループット – nosense
Ubuntu 20.04 へ L2TP/IPsec クライアントの構築 | OsaruSystem
その他
IPsec の手始めに IKE Keepalive を理解しましょ - インフラまわりのプロになりたい
L2TP/IPsec
メモ代わりに,設定を記載する.
まず,起動スクリプト.下記のようにした.
ipsecとxl2tpdは念の為,restart.
ip routeは,ppp0はつかわれているので,L2TP/IPsecはppp1になる.
/etc/init.d/ipsec restart
sleep 3
/etc/init.d/xl2tpd restart
sleep 3
ipsec up rtx830
sleep 30
echo "c rtx830" > /var/run/xl2tpd/l2tp-control
sleep 20
ip route add 192.168.xxx.0/26 dev ppp1
root@obsiot:/etc/ppp# cat options.xl2tpd.rtx830
noauth
mtu 1200
mru 1200
nodefaultroute
logfile /var/log/vpn.log
name "name"
password "Password"
[global]のコメントを外すのを忘れないでください.最初はコメントアウトされてます.
root@obsiot:/etc/xl2tpd# cat xl2tpd.conf
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documentation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global] ; Global parameters:
port = 1701 ; * Bind to port 1701
[lac rtx830]
lns = ???.aa1.netvolante.jp
require chap = yes
refuse pap = yes
require authentication = yes
pppoptfile = /etc/ppp/options.xl2tpd.rtx830
length bit = yes
redial = yes
redial timeout = 10
max redials = 100
root@obsiot:/etc# cat ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
: PSK "Pass"
# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc
root@obsiot:/etc# cat ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn rtx830
keyexchange=ikev1
authby=secret
left=%defaultroute
right=???.aa1.netvolante.jp
rightid=%any
ike=aes128-sha1-modp1024!
esp=aes128-sha1-modp1024!
auto=add
leftprotoport=17/1701
rightprotoport=17/1701
type=transport
include /var/lib/strongswan/ipsec.conf.inc