require-mschap-v2#加上这个ipcp-accept-localipcp-accept-remotems-dns8.8.8.8ms-dns1.1.1.1# ms-dns 192.168.1.1# ms-dns 192.168.1.3# ms-wins 192.168.1.2# ms-wins 192.168.1.4noccpauth#obsolete: crtsctsidle1800mtu1410mru1410nodefaultroutedebug#obsolete: lockproxyarpconnect-delay5000# To allow authentication against a Windows domain EXAMPLE, and require the# user to be in a group "VPN Users". Requires the samba-winbind package# require-mschap-v2# plugin winbind.so# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'# You need to join the domain on the server, for example using samba:# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
4.修改L2tp的配置文件
nano/etc/xl2tpd/xl2tpd.conf
;; Thisisaminimalsamplexl2tpdconfigurationfileforuse; withL2TPoverIPsec.;; TheideaistoprovideanL2TPdaemontowhichremoteWindowsL2TP/IPsec; clientsconnect.Inthisexample,theinternal (protected) network; is192.168.1.0/24.AspecialIPrangewithinthisnetworkisreserved; for the remote clients: 192.168.1.128/25; (i.e.192.168.1.128...192.168.1.254);; Thelisten-addrparametercanbeusedifyouwanttobindtheL2TPdaemon; toaspecificIPaddressinsteadoftoallinterfaces.Forinstance,; youcouldbindittotheinterfaceoftheinternalLAN (e.g. 192.168.1.98; in the example below). Yet another IP address (localip,e.g.192.168.1.99); willbeusedbyxl2tpdasitsaddressonpppXinterfaces.[global]listen-addr=192.168.5.243#改成自己的外网IP;; requiresopenswan-2.5.18orhigher-Alsodoesnotyetworkincombination; withkernelmodel2tpaspresentinlinux2.6.23+ipsecsaref=yes#去掉;注释号; Userefinfoof22ifusinganSArefkernelpatchbasedonopenswan2.6.35or; whenusinganyoftheSArefkernelpatchesforkernelsupto2.6.35.; sarefrefinfo=30;; forceuserspace=yes;; debugtunnel=yes[lns default]iprange=192.168.1.100-192.168.1.200#分配给VPN客户端的IP,这个可以随便用,但是后面对应的要改localip=192.168.1.99#本地的IP网段一致不要被分配就行requirechap=yesrefusepap=yesrequireauthentication=yesname=LinuxVPNserverpppdebug=yespppoptfile=/etc/ppp/options.xl2tpdlengthbit=yes
5.添加账号密码
nano/etc/ppp/chap-secrets
# Secrets for authentication using CHAP #client server secret IP addressestest*123456*