PPTP&L2TP&OPENVPN三合一安装脚本

转自:http://www.yishanhome.com/archives/307

安装中断可以用screen -r vpn恢复
yum -y install screen
screen -S vpn
wget -c https://wrlog.com/download/vpn3in1.tar.gz
tar zxvf vpn3in1.tar.gz
./vpn3in1.sh 2>&1 | tee vpn3in1.log

修改VPN服务器radius认证为远程服务器

修改参数在VPN服务器运行下面脚本

radius_server="radius服务器IP"
secret_key="yishanhome.com"
etc_dir="/usr/local/etc"
sed -i -e "s/name=127.0.0.1/name=$radius_server/" /etc/openvpn/radiusplugin.cnf
sed -i -e "s/sharedsecret=testpw/sharedsecret=$secret_key/" /etc/openvpn/radiusplugin.cnf
sed -i -e "s/localhost:1812/$radius_server:1812/" $etc_dir/radiusclient/radiusclient.conf
sed -i -e "s/localhost:1813/$radius_server:1813/" $etc_dir/radiusclient/radiusclient.conf
mv -f $etc_dir/radiusclient/servers $etc_dir/radiusclient/servers.bak
cat >> $etc_dir/radiusclient/servers <<EOF
$radius_server $secret_key
EOF

修改参数在radius服务器运行下面脚本

client_ip="VPN服务器IP"
secret_key="yishanhome.com"
etc_dir="/usr/local/etc"
iptables -A INPUT -i eth0 -p udp -s $client_ip --dport 1812 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s $client_ip --dport 1813 -j ACCEPT
cat >> $etc_dir/raddb/clients.conf <<EOF
client localhost {
 ipaddr = $client_ip
 secret = $secret_key
 require_message_authenticator = no
 nastype  = other
}
EOF


PPTPD 如无法使用,尝试使用:
service pptpd restartkill
service pptpd restart
——————————————————-分割线——————————————————–
详细配置:

环境

主机A上装有freeradius,mysql等相关软件,进行用户验证。在主机B上安装pptp,使用主机A上的freeradius进行验证登陆。

步骤

1、在主机B上编译安装pptp,具体步骤请参照之前的文章

2、在主机B上对freeradius-client编译安装配置

(1)、编译安装

tar -jxvf freeradius-client-1.1.6.tar.bz2

cd freeradius-client

./configure –prefix=/usr/local

make

make install

(2)、配置option.pptpd

按如下配置修改该文件,但插件和配置文件的路径要对name pptpd
refuse-pap
refuse-chap
refuse-mschap
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 4.4.4.4
plugin /usr/lib/pppd/2.4.4/radius.so
plugin /usr/lib/pppd/2.4.4/radattr.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
(3)、配置radiusclient.conf文件

严格按照如下配置进行,如果该配置文件中没有的,请用警号注销掉,如果路径不对,请自行更改
auth_order radius
login_tries 4
login_timeout 60
nologin /etc/nologin
authserver 192.168.0.85:1812 //这里是freeradius的IP地址
acctserver 192.168.0.85:1813 //这里是freeradius的IP地址
servers /usr/local/etc/radiusclient/servers
dictionary /usr/local/etc/radiusclient/dictionary
seqfile /var/run/radius.seq
mapfile /usr/local/etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login

(4)、更改/usr/local/etc/radiusclient/servers文件

改成 192.168.0.85 testing123

这里的IP地址是freeradius的IP地址 和 加密密码

(5)、修改 /usr/local/etc/radiusclient/dictionary

添加如下内容,具体路径根据实际情况填写

INCLUDE /usr/local/etc/radiusclient/dictionary
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
INCLUDE /usr/local/etc/radiusclient/dictionary.merit

dictionary.microsoft文件freeradius-client没有,可以在freeradius-server中找到,拷贝过来就可以了,如果server中的使用中有问题,可以从官方拷贝,具体网址是http://wiki.freeradius.org/PopTop#The_radiusclient_setup_part_.28on_the_Poptop_server.29

3、在主机A上添加防火墙允许主机B远程访问的规则

-A RH-Firewall-1-INPUT -p udp -m udp --dport 1812 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1812 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 1813 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1813 -j ACCEPT
分享到:

评论已关闭。