VPN服务安装配置
博客专区 > lee_ypp 的博客 > 博客详情
VPN服务安装配置
lee_ypp 发表于3年前
VPN服务安装配置
  • 发表于 3年前
  • 阅读 290
  • 收藏 13
  • 点赞 0
  • 评论 0

腾讯云 技术升级10大核心产品年终让利>>>   

摘要: 摘要 VPN(Virtual Private Network)虚拟专用网络

rhel6+pptpd+freeradius+mysql

系统环境:RHEL6 x86_64 selinux and iptables disabled

软件下载:http://poptop.sourceforge.net/yum/stable/rhel6/

ftp://ftp.samba.org/pub/ppp

安装配置 pptpd

echo 1 > /proc/sys/net/ipv4/ip_forward        打开内核路由功能

yum install ppp -y

rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm

pptpd 的配置文件 /etc/pptpd.conf

localip 192.168.0.1

remoteip192.168.0.234-238

localip: pptpd server 所在服务器 IP地址,可以设置为服务器上绑定的任意一个IP 地址

remoteip:设置客户端连接到 pptpd server 后可供分配的 Ip 地址范围

添加测试用户/etc/ppp/chap-secrets

#client    server    secret    IP addresses

yakexi    pptpd    westos    *

注意:server 名称必须和/etc/ppp/options.pptpd name处设置的名称一致,否则登录验证无法通过

service pptpd start

netstat -antlp|grep 1723

现在可以用 yakexi 测试了!

安装配置 freeradius

yum install freeradius freeradius-mysql freeradius-utils -y

tar zxf ppp-2.4.5.tar.gz

mkdir /etc/radiusclient

cp ppp-2.4.5/pppd/plugins/radius/etc/* /etc/radiusclient

cd /etc/radiusclient

servers 文件中添加radius 服务器的地址和密码

localhost    westos

修改 radiusclient.conf文件中确保这个文件中所有与radiusclient 相关的路径都是以/etc/radiusclient 开头的。例如:

servers    /usr/local/etc/radiusclient/servers

修改为:

servers    /etc/radiusclient/servers

修改/etc/ppp/options.pptpd,添加如下行:

plugin /usr/lib64/pppd/2.4.5/radius.so

cd /etc/raddb

修改 clients.conf

client localhost {

    ipaddr = 127.0.0.1

    secret = westos (/etc/radiusclient/servers里设置的一致)

    ....

    }

支持 mysql

修改/etc/raddb/radius.conf

$INCLUDE sql.conf    #去掉注释

修改/etc/raddb/sites-available/default

authorize {

    #files

    sql

    ....

}

accounting {

    #radutmp

    sql

    ....

}

session{

    #radutmp

    sql

}

post-auth {

    sql

}

修改/etc/raddb/sql.conf

sql {

    database = “mysql“

    driver = "rlm_sql_mysql"

    server = "localhost"

    login = "radius"

    password = "radpass"

    radius_db = "radius"

    ....

    }

修改/etc/raddb/sql/mysql/dialup.conf,去掉如下行的注释:
simul_count_query = "SELECT COUNT(*) \
                FROM ${acct_table1} \
                WHERE username = '%{SQL-User-Name}' \
                AND acctstoptime IS NULL"
yum install mysql mysql-server -y
service mysqld start
cd /etc/raddb/sql/mysql/
mysqladmin create radius
mysql radius < schema.sql
mysql < admin.sql

mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Service-Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Framed-IP-Address',':=','255.255.255.254');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Framed-IP-Netmask',':=','255.255.255.0');
mysql>insert into radgroupcheck (groupname,attribute,op,value) values
('user','Simultaneous-Use',':=','1'); (限制一个帐号只能拨一次,可选)
mysql> insert into radcheck (username,attribute,op,value) values ('test','User-
Password',':=','test'); (添加帐户 test,密码 test)
mysql> insert into radusergroup (username,groupname) values ('test','user');
以后添加帐户只需要进行以上两步操作即可
service radiusd start
service pptpd stop
service pptpd start
执行命令进行测试:
# radtest test test localhost 0 westos
Sending Access-Request of id 13 to 127.0.0.1 port 1812
            User-Name = "test"
            User-Password = "test"
            NAS-IP-Address = 127.0.0.1
            NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=38
            Service-Type = Framed-User
            Framed-IP-Address = 255.255.255.254
            Framed-IP-Netmask = 255.255.255.0
看到 Access-Accept 字样即表示成功

参考文档:http://baike.baidu.com/view/480950.htm?from_id=382304&type=syn&fromtitle=VPN&fr=aladdin(百度百科)


共有 人打赏支持
粉丝 65
博文 43
码字总数 58692
×
lee_ypp
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: