2018年03月01日
Tweet
以下の config で Windows 10 から L2TP/IPsec 接続が出来ることを確認しました。
pp select anonymous
pp name PPTP
pp bind tunnel10-tunnel20
pp auth request mschap-v2
pp auth username [USER] [PASS]
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address dhcp
ip pp remote address pool [IP]-[IP]
ip pp mtu 1280
pptp service type server
pp enable anonymous
tunnel select 10
tunnel encapsulation pptp
tunnel enable 10
tunnel select 20
tunnel encapsulation l2tp
ipsec tunnel 201
ipsec sa policy 201 1 esp aes-cbc sha-hmac
ipsec ike keepalive use 1 off
ipsec ike local address 1 [IP]
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text [Pass]
ipsec ike remote address 1 any
l2tp tunnel disconnect time 120
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 20
ipsec auto refresh on
ipsec transport 1 201 udp 1701
l2tp service on
nat descriptor masquerade static 1000 X 192.168.X.1 esp
nat descriptor masquerade static 1000 X 192.168.X.1 udp 500
nat descriptor masquerade static 1000 X 192.168.X.1 udp 4500
※ファイアーウォールの設定も。
PPTPの場合もL2TPの場合もうまく判別してくれるようです。
ただしL2TPの方が早くていいですね。設定が・・・
pp select anonymous
pp name PPTP
pp bind tunnel10-tunnel20
pp auth request mschap-v2
pp auth username [USER] [PASS]
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address dhcp
ip pp remote address pool [IP]-[IP]
ip pp mtu 1280
pptp service type server
pp enable anonymous
tunnel select 10
tunnel encapsulation pptp
tunnel enable 10
tunnel select 20
tunnel encapsulation l2tp
ipsec tunnel 201
ipsec sa policy 201 1 esp aes-cbc sha-hmac
ipsec ike keepalive use 1 off
ipsec ike local address 1 [IP]
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text [Pass]
ipsec ike remote address 1 any
l2tp tunnel disconnect time 120
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 20
ipsec auto refresh on
ipsec transport 1 201 udp 1701
l2tp service on
nat descriptor masquerade static 1000 X 192.168.X.1 esp
nat descriptor masquerade static 1000 X 192.168.X.1 udp 500
nat descriptor masquerade static 1000 X 192.168.X.1 udp 4500
※ファイアーウォールの設定も。
PPTPの場合もL2TPの場合もうまく判別してくれるようです。
ただしL2TPの方が早くていいですね。設定が・・・
stock_value at 15:23│Comments(0)│技術