#安装相关软件 opkg install strongswan-minimal strongswan-mod-eap-mschapv2 strongswan-mod-eap-identity strongswan-mod-constraints strongswan-mod-md5 strongswan-mod-pem strongswan-mod-pkcs1 strongswan-mod-revocation strongswan-ipsec strongswan xl2tpd ppp
#/etc/xl2tpd/xl2tpd.conf [global] port = 1701 [lns default] ip range = 172.16.0.2-172.16.0.250 local ip = 172.16.0.1 require chap = yes refuse pap = yes require authentication = yes name = l2tpd pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
#/etc/ipsec.conf config setup uniqueids=no conn L2TP-PSK type=transport authby=psk keyexchange=ikev1 keyingtries=3 rekey=no left=%any right=%any auto=add
#/etc/config/firewall config rule option src 'wan' option proto 'udp' option dest_port '4500' option target 'ACCEPT' config rule option src 'wan' option proto 'esp' option target 'ACCEPT' config rule option src 'wan' option proto 'udp' option dest_port '500' option target 'ACCEPT' config rule option src 'wan' option proto 'ah' option target 'ACCEPT'
#/etc/ppp/chap-secrets user_name * password * #/etc/ipsec.secrets : PSK "共享密钥"
iptables -I FORWARD -s 172.16.0.0/24 -j ACCEPT iptables -I POSTROUTING 1 -s 172.16.0.0/24 -j MASQUERADE -t nat #如若还不能使用 再添加下面这4条 iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
7