l2tpv3 vpn tunnel with linux centos 7 with iproute2

  • февруари 13, 2018
  • linux

l2tpv3 vpn tunnel via iproute in centos 7 linux howto

 

This is quick how to configure site to site  l2tpv3 vpn with iproute2 packet in linux.

 

The configuration from Site A:

 


modprobe ipip
modprobe l2tp_netlink
modprobe l2tp_eth
modprobe l2tp_ip

Create the vpn tunnel.

ip l2tp add tunnel remote 2.2.2.2 local 1.1.1.1 tunnel_id 1000 peer_tunnel_id 1001 encap ip
ip l2tp add session tunnel_id 1000 session_id 2000 peer_session_id 2000
ip link set l2tpeth0 up mtu 1446
ip addr add 10.42.1.1 peer 10.42.1.2 dev l2tpeth0

We will „transfer“ vlan 800 on site B.

modprobe 8021q

vconfig add enp10s0 800
ip link set enp10s0.800 up
vconfig add l2tpeth0 800
ip link set l2tpeth0.800 up

brctl addbr brvlan800
brctl addif brvlan800 enp10s0.800
brctl addif brvlan800 l2tpeth0.800
ip link set brvlan800 up promisc on
ip addr add 192.168.80.1 dev brvlan800
route add -net 192.168.80.0 netmask 255.255.255.0 dev brvlan800
service dhcpd restart

iptables -t nat -A POSTROUTING -s 192.168.80.0/24 -j MASQUERADE

modprobe nf_defrag_ipv4

Creating a second vlan 900 which will „transfer“.


ip l2tp add session tunnel_id 1000 session_id 3000 peer_session_id 3000
ip link set l2tpeth1 up mtu 1446
vconfig add enp10s0 900
ip link set enp10s0.900 up
vconfig add l2tpeth1 900
ip link set l2tpeth1.900 up

brctl addbr brvlan900
brctl addif brvlan900 enp10s0.900
brctl addif brvlan900 l2tpeth1.900
ip link set brvlan900 up promisc on
ip addr add 192.168.90.1 dev brvlan900
route add -net 192.168.90.0 netmask 255.255.255.0 dev brvlan900
iptables -t nat -A POSTROUTING -s 192.168.90.0/24 -j MASQUERADE

Configuration in the dhcp server.

subnet 192.168.80.0 netmask 255.255.255.0 {
range 192.168.80.5 192.168.80.254;
option domain-name-servers 8.8.8.8;
option domain-name "mdzero.com";
option routers 192.168.80.1;
option broadcast-address 192.168.80.255;
default-lease-time 600;
max-lease-time 7200;
}

subnet 192.168.90.0 netmask 255.255.255.0 {
range 192.168.90.5 192.168.90.254;
option domain-name-servers 8.8.8.8;
option domain-name "mdzero.com";
option routers 192.168.90.1;
option broadcast-address 192.168.90.255;
default-lease-time 600;
max-lease-time 7200;
}

Configuration in the syscontrol.

net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Now, let’s configure Site B.

net.ipv4.ip_forward = 1

net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0


modprobe ipip
modprobe l2tp_netlink
modprobe l2tp_eth
modprobe l2tp_ip

ip l2tp add tunnel remote 1.1.1.1 local 2.2.2.2 tunnel_id 1000 peer_tunnel_id 1001 encap ip
ip l2tp add session tunnel_id 1000 session_id 2000 peer_session_id 2000
ip link set l2tpeth0 up mtu 1446
ip addr add 10.42.1.2 peer 10.42.1.1 dev l2tpeth0

modprobe 8021q

vconfig add enp4s0 800
ip link set enp4s0.800 up
vconfig add l2tpeth0 800
ip link set l2tpeth0.800 up

brctl addbr brvlan800
brctl addif brvlan800 enp4s0.800
brctl addif brvlan800 l2tpeth0.800
ip link set brvlan800 up promisc on

modprobe nf_defrag_ipv4


ip l2tp add session tunnel_id 1000 session_id 3000 peer_session_id 3000
ip link set l2tpeth1 up mtu 1446

vconfig add enp4s0 900
ip link set enp4s0.900 up
vconfig add l2tpeth1 900
ip link set l2tpeth1.900 up

brctl addbr brvlan900
brctl addif brvlan900 enp4s0.900
brctl addif brvlan900 l2tpeth1.900
ip link set brvlan900 up promisc on

Now, we have to configure our switch and vlans.

Used kernel version : Kernel 3.10.0-327
Used iproute version: iproute-3.10.0-54

Заявете безплатна оферта

Ние предлагаме професионални услуги в сферата на ..

Още от нашия блог

Всички постове