文章介绍:使用Ubuntu 22.04 部署 L2TP Server,用于爱快软路由拨号。

一、更新系统软件包

sudo apt update

二、安装必要依赖

sudo apt install xl2tpd ppp strongswan iptables-persistent -y

三、修改IPSec配置

sudo nano /etc/ipsec.conf

粘贴以下配置到ipsec.conf中

config setup
    charondebug="ike 4, cfg 4, net 4, enc 4, lib 4, knl 4"
    uniqueids=no
    strictcrlpolicy=no

conn %default
    ike=aes256-sha1-modp2048,aes256-sha1-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=aes256-sha1,aes128-sha1,3des-sha1!
    keyexchange=ikev1
    rekey=no
    aggressive=no
    fragmentation=yes
    forceencaps=yes
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear

conn l2tp-psk
    auto=add
    authby=secret
    type=transport
    left=0.0.0.0
    leftprotoport=udp/1701
    right=%any
    rightprotoport=udp/%any
    leftauth=psk
    rightauth=psk
    ikelifetime=24h
    keylife=8h
    keyingtries=0

四、修改共享密钥

sudo nano /etc/ipsec.secrets

Adc@12345就是共享密钥

%any  %any  : PSK "Adc@12345"

yydy_2025-03-30_20-42-40

五、修改L2TP配置

sudo nano /etc/xl2tpd/xl2tpd.conf

粘贴以下配置到xl2tpd.conf中

[global]
ipsec saref = yes
listen-addr = 0.0.0.0

[lns default]
ip range = 100.64.0.2-100.64.0.254
local ip = 100.64.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

六、修改PPP配置

sudo nano /etc/ppp/options.xl2tpd

粘贴以下配置到options.xl2tpd中

require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 1.1.1.1
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

七、创建用户分配固定IP

7.1、创建用户名密码文件

sudo touch /etc/ppp/chap-secrets && sudo chmod 600 /etc/ppp/chap-secrets && sudo nano /etc/ppp/chap-secrets

贴入以下配置:(每个值之间使用TAB键隔开,不要使用空格键)

l2tp002 l2tpd   l2tp@vpn    100.64.0.2
l2tp003 l2tpd   l2tp@vpn    100.64.0.3
l2tp004 l2tpd   l2tp@vpn    100.64.0.4
l2tp005 l2tpd   l2tp@vpn    100.64.0.5
l2tp006 l2tpd   l2tp@vpn    100.64.0.6
l2tp007 l2tpd   l2tp@vpn    100.64.0.7
l2tp008 l2tpd   l2tp@vpn    100.64.0.8
l2tp009 l2tpd   l2tp@vpn    100.64.0.9
l2tp010 l2tpd   l2tp@vpn    100.64.0.10
l2tp011 l2tpd   l2tp@vpn    100.64.0.11

7.2、格式化用户密码文件

sudo sed -i 's/ /\t/g' /etc/ppp/chap-secrets

八、配置SNAT规则

8.1、执行一对一NAT

sudo iptables -t nat -A POSTROUTING -s 100.64.0.2 -o eth0 -j SNAT --to-source 22.176.141.4
sudo iptables -t nat -A POSTROUTING -s 100.64.0.3 -o eth0 -j SNAT --to-source 22.176.141.4
sudo iptables -t nat -A POSTROUTING -s 100.64.0.4 -o eth0 -j SNAT --to-source 22.176.141.5
sudo iptables -t nat -A POSTROUTING -s 100.64.0.5 -o eth0 -j SNAT --to-source 22.176.141.5
sudo iptables -t nat -A POSTROUTING -s 100.64.0.6 -o eth0 -j SNAT --to-source 22.176.141.6
sudo iptables -t nat -A POSTROUTING -s 100.64.0.7 -o eth0 -j SNAT --to-source 22.176.141.6
sudo iptables -t nat -A POSTROUTING -s 100.64.0.8 -o eth0 -j SNAT --to-source 22.176.141.7
sudo iptables -t nat -A POSTROUTING -s 100.64.0.9 -o eth0 -j SNAT --to-source 22.176.141.7
sudo iptables -t nat -A POSTROUTING -s 100.64.0.10 -o eth0 -j SNAT --to-source 22.176.141.8
sudo iptables -t nat -A POSTROUTING -s 100.64.0.11 -o eth0 -j SNAT --to-source 22.176.141.8

8.2、保存NAT配置

sudo netfilter-persistent save

8.3、查看NAT规则

sudo iptables -t nat -L POSTROUTING -n

九、启动IP转发

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf && sudo sysctl -p

十、关闭防火墙

sudo ufw disable

十一、服务配置

11.1、开机自启动

sudo systemctl enable strongswan-starter
sudo systemctl enable xl2tpd

11.2、停止服务

sudo systemctl stop strongswan-starter
sudo systemctl stop xl2tpd

11.3、启动服务

sudo systemctl start strongswan-starter
sleep 3
sudo systemctl start xl2tpd

十二、爱快拨号

yydy_2025-03-30_20-57-25

yydy_2025-03-30_20-57-47

yydy_2025-03-30_20-58-22