{"id":615,"date":"2023-11-04T09:39:04","date_gmt":"2023-11-04T00:39:04","guid":{"rendered":"https:\/\/blog.gurees.net\/?p=615"},"modified":"2023-11-04T12:57:10","modified_gmt":"2023-11-04T03:57:10","slug":"centos-stream-9%e3%81%a7ipsec-vpn%e3%82%92%e3%81%97%e3%81%a6%e3%81%bf%e3%82%8b","status":"publish","type":"post","link":"https:\/\/blog.gurees.net\/?p=615","title":{"rendered":"CentOS Stream 9\u3067L2TP\u3092\u3057\u3066\u307f\u308b"},"content":{"rendered":"\n

\u5b9f\u9a13\u7684\u306bL2TP\u3067\u30c8\u30f3\u30cd\u30eb\u3092\u69cb\u7bc9\u3057\u3066\u3001\u901f\u5ea6\u304c\u3069\u308c\u3050\u3089\u3044\u51fa\u308b\u306e\u304b\u3092\u78ba\u304b\u3081\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n

\u69cb\u6210\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306aNW\u3092\u8003\u3048\u307e\u3059\u3002<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

\u30b5\u30fc\u30d0\u5ba4\u306e192.168.8.0\/22\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u3092192.168.1.0\/24\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u3092\u7d4c\u7531\u3057\u3066\u5225\u5ba4\u3067\u4f7f\u3046\u3053\u3068\u3092\u60f3\u5b9a\u3057\u3066\u307e\u3059\u3002<\/p>\n\n\n\n

\u4eca\u56de\u306e\u5b8c\u5168\u306f\u81ea\u5b85\u5185\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u307f\u306a\u306e\u3067\u3001VPN\u30de\u30b7\u30f3\u306ffirewalld\u3092\u7121\u52b9\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n\n\n\n

vpn01\u3000# systemctl disable --now firewalld\nvpn02\u3000# systemctl disable --now firewalld<\/pre>\n\n\n\n
kernel-modules-extra\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001sch_netem\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn01 # dnf install -y kernel-modules-extra\nvpn02 # dnf install -y kernel-modules-extra\nvpn01 # modprobe sch_netem\nvpn02 # modprobe sch_netem<\/pre>\n\n\n\n
l2tp\u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30ed\u30fc\u30c9\u3057\u306a\u3044\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u3001\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn01 # sed -i s\/^blacklist\/\\#blacklist\/ \/etc\/modprobe.d\/l2tp_eth-blacklist.conf\nvpn01 # modprobe l2tp_eth\nvpn02 # sed -i s\/^blacklist\/\\#blacklist\/ \/etc\/modprobe.d\/l2tp_eth-blacklist.conf\nvpn02 # modprobe l2tp_eth<\/pre>\n\n\n\n
vpn01\u3067\u30c8\u30f3\u30cd\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn01 # ip l2tp add tunnel \\\n        tunnel_id 211 \\\n        peer_tunnel_id 212 \\\n        encap udp \\\n        local  192.168.1.211 \\\n        remote 192.168.1.212 \\\n        udp_sport 1701 \\\n        udp_dport 1701\n\nvpn01 # ip l2tp add session \\\n        tunnel_id 211 \\\n        session_id 2110 \\\n        peer_session_id 2120<\/pre>\n\n\n\n
vpn02\u3067\u5bfe\u306b\u306a\u308b\u3088\u3046\u306b\u30c8\u30f3\u30cd\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn02 # ip l2tp add tunnel \\\n        tunnel_id 212 \\\n        peer_tunnel_id 211 \\\n        encap udp \\\n        local  192.168.1.212 \\\n        remote 192.168.1.211 \\\n        udp_sport 1701 \\\n        udp_dport 1701\n\nvpn02 # ip l2tp add session \\\n        tunnel_id 212 \\\n        session_id 2120 \\\n        peer_session_id 2110<\/pre>\n\n\n\n
\u30c8\u30f3\u30cd\u30eb\u304c\u4f5c\u308c\u305f\u306e\u3067\u3001lt2p\u306e\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3092up\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn01 # ip link set dev l2tpeth0 up mtu 1500\nvpn02 # ip link set dev l2tpeth0 up mtu 1500<\/pre>\n\n\n\n
vpn01\u3067lt2p\u306e\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3068\u30b5\u30fc\u30d0\u5ba4\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u306eens224\u3092\u30d6\u30ea\u30c3\u30b8\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn01 # ip link add br0 type bridge\nvpn01 # ip addr add 192.168.9.211\/22 dev br0\nvpn01 # ip link set dev br0 up\nvpn01 # ip link set dev l2tpeth0 master br0\nvpn01 # ip link set dev ens224 master br0\nvpn01 # ip link set dev ens224 up<\/pre>\n\n\n\n
vpn02\u306flt2p\u306e\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3068\u3001\u30b5\u30fc\u30d0\u5ba4\u306b\u63a5\u7d9a\u3059\u308bL2SW\u306e\u30dd\u30fc\u30c8\u306eens224\u3092\u30d6\u30ea\u30c3\u30b8\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
vpn02# ip link add br0 type bridge\nvpn02# ip addr add 192.168.9.212\/22 dev br0\nvpn02# ip link set dev br0 up\nvpn02# ip link set dev l2tpeth0 master br0\nvpn02# ip link set dev ens224 master br0\nvpn02# ip link set dev ens224 up<\/pre>\n\n\n\n
\u6700\u5f8c\u306bpc01-pc02\u3067iperf\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
1GbE\u306e\u30ae\u30ea\u30ae\u30ea\u307e\u3067\u51fa\u308b\u308f\u3051\u3067\u306f\u306a\u3044\u3067\u3059\u304c\u3001860Mbps\u3068\u5341\u5206\u306a\u901f\u5ea6\u304c\u51fa\u307e\u3059\u306d\u3002<\/p>\n\n\n\n
\u53c2\u8003\u307e\u3067\u306bvpn01-vpn02\u9593\u3082\u898b\u3066\u307f\u307e\u3059\u3002930Mbps\u7a0b\u5ea6\u51fa\u3066\u3044\u308b\u306e\u3067\u3001lt2p\u306e\u6709\u7121\u306710%\u7a0b\u5ea6\u9045\u304f\u306a\u308b\u3050\u3089\u3044\u3067\u3057\u3087\u3046\u304b\u3002<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5b9f\u9a13\u7684\u306bL2TP\u3067\u30c8\u30f3\u30cd\u30eb\u3092\u69cb\u7bc9\u3057\u3066\u3001\u901f\u5ea6\u304c\u3069\u308c\u3050\u3089\u3044\u51fa\u308b\u306e\u304b\u3092\u78ba\u304b\u3081\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,24],"tags":[],"class_list":["post-615","post","type-post","status-publish","format-standard","hentry","category-linux","category-network"],"_links":{"self":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=615"}],"version-history":[{"count":10,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/615\/revisions"}],"predecessor-version":[{"id":632,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/615\/revisions\/632"}],"wp:attachment":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}