Are you getting enough sleep?

いつも眠い.これが睡眠負債というやつか.

トップ > Debian/GNU > OpenBlocksBX1 で L2TP/IPsec

OpenBlocksBX1 で L2TP/IPsec

Debian/GNU obs_bx1

SoftEtherVPN するつもりでしたが,これがまた安定しない.
これができないとデータ回収できないので,とても困る.

そこでL2TP/IPsecを試してみることにした.
結論からいうと,最初からこちらにすればよかった.

参考にさせて頂いたのは,下記の2つ.

RTX830のL2TP/IPsecスループット – nosense

Ubuntu 20.04 へ L2TP/IPsec クライアントの構築 | OsaruSystem

その他

IPsec の手始めに IKE Keepalive を理解しましょ - インフラまわりのプロになりたい

L2TP/IPsec

メモ代わりに,設定を記載する.

まず,起動スクリプト.下記のようにした.

ipsecとxl2tpdは念の為,restart.
ip routeは,ppp0はつかわれているので,L2TP/IPsecはppp1になる.

/etc/init.d/ipsec restart
sleep 3

/etc/init.d/xl2tpd restart
sleep 3

ipsec up rtx830
sleep 30

echo "c rtx830" > /var/run/xl2tpd/l2tp-control
sleep 20

ip route add 192.168.xxx.0/26 dev ppp1
root@obsiot:/etc/ppp# cat options.xl2tpd.rtx830
noauth
mtu 1200
mru 1200
nodefaultroute
logfile /var/log/vpn.log
name "name"
password "Password"

[global]のコメントを外すのを忘れないでください.最初はコメントアウトされてます.

root@obsiot:/etc/xl2tpd# cat xl2tpd.conf
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work.  The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documentation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global]                                ; Global parameters:
port = 1701                             ; * Bind to port 1701


[lac rtx830]
lns = ???.aa1.netvolante.jp
require chap = yes
refuse pap = yes
require authentication = yes
pppoptfile = /etc/ppp/options.xl2tpd.rtx830
length bit = yes
redial = yes
redial timeout = 10
max redials = 100
root@obsiot:/etc# cat ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.

: PSK "Pass"

# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc
root@obsiot:/etc# cat ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn rtx830
        keyexchange=ikev1
        authby=secret
        left=%defaultroute
        right=???.aa1.netvolante.jp
        rightid=%any
        ike=aes128-sha1-modp1024!
        esp=aes128-sha1-modp1024!
        auto=add
        leftprotoport=17/1701
        rightprotoport=17/1701
        type=transport

include /var/lib/strongswan/ipsec.conf.inc