SoftEther で VPN するつもりでしたが,これがまた安定しない.
これができないとデータ回収できないので,とても困る.
そこでL2TP/IPsecを試してみることにした.
結論からいうと,最初からこちらにすればよかった.
参考にさせて頂いたのは,下記の2つ.
RTX830のL2TP/IPsecスループット – nosense
Ubuntu 20.04 へ L2TP/IPsec クライアントの構築 | OsaruSystem
その他
IPsec の手始めに IKE Keepalive を理解しましょ - インフラまわりのプロになりたい
メモ代わりに,設定を記載する.
まず,起動スクリプト.下記のようにした.
ipsecとxl2tpdは念の為,restart.
ip routeは,ppp0はつかわれているので,L2TP/IPsecはppp1になる.
/etc/init.d/ipsec restart sleep 3 /etc/init.d/xl2tpd restart sleep 3 ipsec up rtx830 sleep 30 echo "c rtx830" > /var/run/xl2tpd/l2tp-control sleep 20 ip route add 192.168.xxx.0/26 dev ppp1
root@obsiot:/etc/ppp# cat options.xl2tpd.rtx830 noauth mtu 1200 mru 1200 nodefaultroute logfile /var/log/vpn.log name "name" password "Password"
[global]のコメントを外すのを忘れないでください.最初はコメントアウトされてます.
root@obsiot:/etc/xl2tpd# cat xl2tpd.conf ; ; Sample l2tpd configuration file ; ; This example file should give you some idea of how the options for l2tpd ; should work. The best place to look for a list of all options is in ; the source code itself, until I have the time to write better documentation :) ; Specifically, the file "file.c" contains a list of commands at the end. ; ; You most definitely don't have to spell out everything as it is done here ; [global] ; Global parameters: port = 1701 ; * Bind to port 1701 [lac rtx830] lns = ???.aa1.netvolante.jp require chap = yes refuse pap = yes require authentication = yes pppoptfile = /etc/ppp/options.xl2tpd.rtx830 length bit = yes redial = yes redial timeout = 10 max redials = 100
root@obsiot:/etc# cat ipsec.secrets # This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host # which knows the public part. : PSK "Pass" # this file is managed with debconf and will contain the automatically created private key include /var/lib/strongswan/ipsec.secrets.inc
root@obsiot:/etc# cat ipsec.conf # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no conn rtx830 keyexchange=ikev1 authby=secret left=%defaultroute right=???.aa1.netvolante.jp rightid=%any ike=aes128-sha1-modp1024! esp=aes128-sha1-modp1024! auto=add leftprotoport=17/1701 rightprotoport=17/1701 type=transport include /var/lib/strongswan/ipsec.conf.inc