#安装相关软件 opkg install strongswan-minimal strongswan-mod-eap-mschapv2 strongswan-mod-eap-identity strongswan-mod-constraints strongswan-mod-md5 strongswan-mod-pem strongswan-mod-pkcs1 strongswan-mod-revocation strongswan-ipsec strongswan xl2tpd ppp
#/etc/xl2tpd/xl2tpd.conf [global] port = 1701 [lns default] ip range = 172.16.0.2-172.16.0.250 local ip = 172.16.0.1 require chap = yes refuse pap = yes require authentication = yes name = l2tpd pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
#/etc/ipsec.conf
config setup
uniqueids=no
conn L2TP-PSK
type=transport
authby=psk
keyexchange=ikev1
keyingtries=3
rekey=no
left=%any
right=%any
auto=add
#/etc/config/firewall
config rule
option src 'wan'
option proto 'udp'
option dest_port '4500'
option target 'ACCEPT'
config rule
option src 'wan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option proto 'udp'
option dest_port '500'
option target 'ACCEPT'
config rule
option src 'wan'
option proto 'ah'
option target 'ACCEPT'
#/etc/ppp/chap-secrets user_name * password * #/etc/ipsec.secrets : PSK "共享密钥"
iptables -I FORWARD -s 172.16.0.0/24 -j ACCEPT iptables -I POSTROUTING 1 -s 172.16.0.0/24 -j MASQUERADE -t nat #如若还不能使用 再添加下面这4条 iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT