Setting L2TP VPN server di Centos

L2TP VPN server lebih aman dibandingkan PPTP server. L2TP merupakan kependekan dari Layer 2 Tunneling Protocol.

Langkah-langkah instalasi L2TP server di Linux Centos adalah sebagai berikut

1. rpm -ivH http://repo.nikoforge.org/redhat/el6/nikoforge-release-latest
2. yum -y install http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
   Untuk langkah kedua ini silahkan chek dahulu http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/6/

3. yum -y install ipsec-tools

4. yum -y install xl2tpd

5. vi /etc/racoon/init.sh

   #!/bin/sh
   # set security policies
   echo -e "flush;\n\
           spdflush;\n\
           spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in  ipsec esp/transport//require;\n\
           spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;\n"\
           | setkey -c
   # enable IP forwarding
   echo 1 > /proc/sys/net/ipv4/ip_forward

6. chmod 750 /etc/racoon/init.sh

7. sed --in-place '/\/etc\/racoon\/init.sh/d'  /etc/rc.d/rc.local

8. echo /etc/racoon/init.sh >> /etc/rc.d/rc.local

9. vi /etc/racoon/racoon.conf

   path include "/etc/racoon";
   path pre_shared_key "/etc/racoon/psk.txt";
   path certificate "/etc/racoon/certs";
   path script "/etc/racoon/scripts";
   remote anonymous
   {
           exchange_mode    aggressive,main;
           passive          on;
           proposal_check   obey;
           support_proxy    on;
           nat_traversal    on;
           ike_frag         on;
           dpd_delay        20;
           proposal
           {
                   encryption_algorithm  aes;
                   hash_algorithm        sha1;
                   authentication_method pre_shared_key;
                   dh_group              modp1024;
           }
           proposal
           {
                   encryption_algorithm  3des;
                   hash_algorithm        sha1;
                   authentication_method pre_shared_key;
                   dh_group              modp1024;
           }
   }
   sainfo anonymous
   {
           encryption_algorithm     aes,3des;
           authentication_algorithm hmac_sha1;
           compression_algorithm    deflate;
           pfs_group                modp1024;
   }

10. chmod 600 /etc/racoon/racoon.conf

11. tambahkan pada /etc/racoon/psk.txt
    * percobaan

12. chmod 600 /etc/racoon/psk.txt

13. vi /etc/xl2tpd/xl2tpd.conf

    [global]
    ipsec saref = yes
    force userspace = yes
    [lns default]
    local ip = 10.203.123.200
    ip range = 10.203.123.201-10.203.123.210
    refuse pap = yes
    require authentication = yes
    ppp debug = yes
    length bit = yes
    pppoptfile = /etc/ppp/options.xl2tpd

14. vi /etc/ppp/options.xl2tpd

    ms-dns 10.203.120.41
    ms-dns 8.8.8.8
    require-mschap-v2
    asyncmap 0
    auth
    crtscts
    lock
    hide-password
    modem
    debug
    name l2tpd
    proxyarp
    lcp-echo-interval 10
    lcp-echo-failure 100

15. tambahkan username dan password di /etc/ppp/chap-secrets
    aku * rahasia *

16. chmod 600 /etc/ppp/chap-secrets

17. chkconfig racoon on

18. chkconfig xl2tpd on

19. service racoon start

20. service xl2tpd start

21. /etc/racoon/init.sh

Referensi: http://wiki.nikoforge.org/L2TP/IPSec_VPN_Setup_on_Centos_6_%2864-bit%29_for_use_with_Android_ICS_and_iOS_5_Clients .

Tambahan script berikut ini untuk menjaga supaya aplikasi web kita hanya bisa diakses melalui VPN:
iptables -A INPUT -p tcp -d 10.203.123.200 –dport 80 -j ACCEPT
iptables -A INPUT -p tcp  –dport 80 -j DROP

Alternatif l2tpd server http://www.openl2tp.org/ .

Kunjungi www.proweb.co.id untuk menambah wawasan anda.