Howto:Iphone L2TP

From Wiki

Revision as of 06:21, 17 February 2010 by Polymorf (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search
HOWTOS edit

L2TP/IPSEC Linux-iPhoneGentoo LVM LUKSUser level Firewalling (PF, iptables)build a custom DragonFlyBSD-RELEASE kernelVirtual Networking in FreeBSD Jail (bridge + nat)Roadwarrior IPSec on FreeBSDBind9 DLZ with LDAP driver

Contents

Requirements

  • Gentoo Linux
  • iPhone
  • Working public IP address or valid DNAT configuration

Installation

Kernel configuration

  • PF_KEY
Kernel menuconfig
Kernel menuconfig
  • IP AH
  • IP ESP
  • IP IPSEC


Packages

echo "net-firewall/ipsec-tools nat -pam" >> /etc/portage/package.use
echo "=net-misc/strongswan-4.3.5" >> /etc/portage/package.keywords
echo "net-misc/strongswan nat" >> /etc/portage/package.use
echo "net-dialup/ppp -pam" >> /etc/portage/package.use
emerge -av strongswan ipsec-tools
emerge -av net-dialup/ppp net-dialup/xl2tpd

Configuration

  • Public IP address : X.X.X.X
  • DNS IP address : Z.Z.Z.Z

File: /etc/ipsec.conf 

config setup
        nat_traversal=yes
        charonstart=yes
        plutostart=yes
conn L2TP
        authby=psk
        pfs=no
        rekey=no
        type=tunnel
        esp=aes128-sha1
        ike=aes128-sha-modp1024
        left=X.X.X.X        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        rightsubnetwithin=0.0.0.0/0
        auto=add

File: /etc/ipsec.secrets 

X.X.X.X %any:     PSK "yoursharedkeygoeshere"
rc-update add ipsec default
/etc/init.d/ipsec start

File: /etc/xl2tpd/xl2tpd.conf 

[global]
debug network = yes
debug tunnel = yes
[lns default]
ip range = 10.0.0.200-10.0.0.254
local ip = 10.0.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = ipsec.polymorf.frppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

File: /etc/ppp/chap-secrets 

login               *       password                 10.0.0.55login2              *       password2                10.0.0.66

File: /etc/ppp/options.xl2tpd 

ipcp-accept-local
ipcp-accept-remote
ms-dns Z.Z.Z.Znoccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
rc-update add xl2tpd default
/etc/init.d/xl2tpd start
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

Clients

Mac OSX

MacOSX 1/3
MacOSX 2/3
MacOSX 3/3


iPhone

iPhone L2TP native client


Sources

Retrieved from "http://wiki.polymorf.fr/index.php/Howto:Iphone_L2TP"
Personal tools