{"id":7,"date":"2008-04-09T16:27:49","date_gmt":"2008-04-09T14:27:49","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=7"},"modified":"2008-06-18T08:03:00","modified_gmt":"2008-06-18T06:03:00","slug":"configuration-linux-avec-nat","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=7","title":{"rendered":"Configuration Linux avec ou sans NAT"},"content":{"rendered":"<p>Le fichier <code><small>\/etc\/ipsec.conf<\/small><\/code> permet de d\u00e9terminer si on utilise le NAT ou non.<\/p>\n<p>Que l&rsquo;on soit <strong>nat\u00e9<\/strong> (chez soit avec sa ligne ADSL par exemple) <strong>ou non<\/strong>, vous pouvez utiliser dans la rubrique <code><small>config setup<br \/>\nnat_traversal=yes<\/small><\/code><\/p>\n<p><strong>Tr\u00e8s important<\/strong> dans la rubrique <code><small>conn ufc-vpn<\/small><\/code><br \/>\n<code><small>leftnexthop=192.168.1.254<\/small><\/code><\/p>\n<p>Attention \u00e0 mettre l&rsquo;adresse de son routeur \u00e0 la place du 192.168.1.254<\/p>\n<p>Le client ipsec.conf configur\u00e9 ici avec le serveur VPN 194.57.91.251<br \/>\n<code><small>version 2<br \/>\nconfig setup<br \/>\nuniqueids=yes<br \/>\nnhelpers=0<br \/>\n<strong>nat_traversal=yes<\/strong><\/small><\/code><\/p>\n<p><code><small>conn vpn-ufc<br \/>\nauthby=rsasig<br \/>\nkeyingtries=1<br \/>\nrightprotoport=17\/1701<br \/>\nleftprotoport=17\/1701<br \/>\nkeyexchange=ike<br \/>\npfs=no<br \/>\nauto=add<br \/>\nleft=%defaultroute<br \/>\n<strong>leftnexthop=192.168.1.254<\/strong><br \/>\nleftcert=\"\/etc\/ipsec.d\/certs\/vpn-cri-29-cert.ufc.pem\"<br \/>\nleftrsasigkey=%cert<br \/>\nleftsendcert=always<br \/>\nright=194.57.91.251<br \/>\nrightrsasigkey=%cert<br \/>\nrightca=%same<br \/>\n<\/small><\/code><\/p>\n<p>le fichier <code>\/etc\/ipsec.secrets<\/code> :<br \/>\n<code><small>: RSA \/etc\/ipsec.d\/private\/vpn-cri-29-cert.key \"testvpncri29\"<\/small><\/code><\/p>\n<p>le fichier <code><small>xl2tpd.conf<\/small><\/code> ou <code><small>l2tpd.conf<\/small><\/code> :<br \/>\n<code><small>[global]<br \/>\nport = 1701<\/small><\/code><\/p>\n<p><code><small>[lac user2]<br \/>\nlns = 194.57.91.251<br \/>\nredial = yes<br \/>\nredial timeout = 5<br \/>\nmax redials = 3<br \/>\nlength bit = yes<br \/>\nrequire authentication = no<br \/>\nrefuse chap = yes<br \/>\nrequire pap = yes<br \/>\nname = user2<br \/>\nppp debug = yes<br \/>\npppoptfile = \/etc\/ppp\/options.l2tpd.client<\/small><\/code><\/p>\n<p>le fichier <code><small>\/etc\/ppp\/options.l2tpd.client<\/small><\/code> :<br \/>\n<code><small><br \/>\ndefaultroute<br \/>\nreplacedefaultroute<br \/>\ndebug<br \/>\nlock<br \/>\nuser user2@lifc-edu<br \/>\nnoipdefault<br \/>\nusepeerdns<br \/>\nnoauth<br \/>\nlcp-echo-interval 20<br \/>\nlcp-echo-failure 10<br \/>\nnoaccomp<br \/>\n<\/small><\/code><\/p>\n<p>le fichier <code><small>\/etc\/ppp\/pap-secrets<\/small><\/code> :<br \/>\n<code><small>user2@lifc-edu  * ''user2''<\/small><\/code><br \/>\nou<\/p>\n<p>Cela peut \u00eatre \u00e9vit\u00e9 en utilisant l&rsquo;astuce d\u00e9crite dans <a href=\"https:\/\/vpn.univ-fcomte.fr\/?p=6\">cet article<\/a><\/p>\n<p>Le montage du lien s&rsquo;effectue en deux temps. IPSEC puis <strong>XL2TP<\/strong><br \/>\n<code><small>ipsec auto --up ufc-vpn<br \/>\necho ''c user2'' &gt; \/var\/run\/xl2tpd\/l2tp-control<\/small><\/code><\/p>\n<p>L&rsquo;arr\u00eat du lien s&rsquo;effectue par :<br \/>\n<code><small>echo ''d user2'' &gt; \/var\/run\/xl2tpd\/l2tp-control<br \/>\nipsec auto --down ufc-vpn<\/small><\/code><\/p>\n<p>Si vous utilisez <strong>L2TP<\/strong> les fichiers de configuration auront les m\u00eames contenu, mais le lancement s&rsquo;effectue par :<br \/>\n<code><small>ipsec auto --up ufc-vpn<br \/>\necho ''c user2'' &gt; \/var\/run\/l2tp-control<\/small><\/code><\/p>\n<p>L&rsquo;arr\u00eat du lien s&rsquo;effectue par :<br \/>\n<code><small>echo ''d user2'' &gt; \/var\/run\/l2tp-control<br \/>\nipsec auto --down ufc-vpn<\/small><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le fichier \/etc\/ipsec.conf permet de d\u00e9terminer si on utilise le NAT ou non. Que l&rsquo;on soit nat\u00e9 (chez soit avec sa ligne ADSL par exemple) ou non, vous pouvez utiliser dans la rubrique config setup nat_traversal=yes Tr\u00e8s important dans la rubrique conn ufc-vpn leftnexthop=192.168.1.254 Attention \u00e0 mettre l&rsquo;adresse de son routeur \u00e0 la place du [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[5,19,18,6],"class_list":["post-7","post","type-post","status-publish","format-standard","hentry","category-informations-utilisateurs","tag-client","tag-configuration","tag-connexion","tag-linux"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/7\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}