分享下自己用vps搭建vpn,并用radius做认证的操作步骤

2013-06-24 22:32:59 47 8081 1


不想写太多的文字说明,能看懂的自然也不需要说明,命令规范可用。如果有空的话,我还是尽量整理清晰点,这是给自己看的。我只摘录了重点配置,如果你想搭建一个,下面的配置你肯定需要
这个玩意能实现,用户自动注册帐号并且自动开通vpn服务,如果想增加vpn节点,上新的vps上部署一个radius client就行了,总之,弄好让扔在那就行了。
环境为centos5.6+mysql+php+freeradius+radiusmanager

虚拟网卡建立
vim /etc/rc.local 中增加并执行
yum search tunctl
yum install tunctl.i386
tunctl -t vpn_tap1
ifconfig vpn_tap1 hw ether 00:D0:09:B8:B7:34
ifconfig vpn_tap1 172.168.100.100 netmask 255.255.255.255
ifconfig vpn_tap1 up

yum -y install gcc php mysql mysql-server mysql-devel php-mysql php-mcrypt curl php-curl compat-libstdc++-33 libtool-ltdl-devel httpd gcc-c++
/sbin/chkconfig --add mysqld &&/sbin/chkconfig httpd on &&/sbin/chkconfig mysqld on &&/sbin/service httpd start &&/sbin/service mysqld start
vim /etc/selinux/config
centos 6.2的selinux位置,一般都是disabled
wget http://www.dmasoftlab.com/cont/d ... ders_lin_x86.tar.gz
tar zxvf ioncube_loaders_lin_x86.tar.gz
cp -rf ioncube /usr/local/
php -v
echo "zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.1.so">>/etc/php.ini

vim /etc/raddb/sql.conf
mysqladmin -u root password 'caonima123'
CREATE DATABASE radius;
CREATE DATABASE conntrack;
CREATE USER 'radius'@'localhost' IDENTIFIED BY 'radius123';
CREATE USER 'conntrack'@'localhost' IDENTIFIED BY 'conn123';
GRANT ALL ON radius.* TO radius@localhost;
GRANT ALL ON conntrack.* TO conntrack@localhost;

pscp c:/radiusmanager-3.9.0.tar.gz root@106.186.17.121:/tmp
vim /tmp/radiusmanager-3.9.0/install.sh
把raddb的路径改成本机的路径,如下面
chown $httpusr /etc/raddb
chown $httpusr /etc/raddb/clients.conf
tar zxvf radiusmanager-3.9.0.tar.gz
cd radiusmanager-3.9.0
./install.sh

vim /etc/crontab
02 0 * * * root /usr/bin/php /var/www/html/radiusmanager/rmscheduler.php 12345

cp /tmp/radiusmanager-3.9.0/www/radiusmanager/lic.txt /var/www/html/radiusmanager
cp /tmp/radiusmanager-3.9.0/www/radiusmanager/mod.txt /var/www/html/radiusmanager

vim /etc/httpd/conf/httpd.conf
DocumentRoot “/var/www/html/radiusmanager”
DocumentRoot "/tmp/www"
DirectoryIndex index.html index.html.var user.php
重启httpd

centos 5.6安装办法
yum install -y ppp
wget http://poptop.sourceforge.net/yu ... .4-2.rhel5.i386.rpm
rpm -ivh pptpd-1.3.4-2.rhel5.i386.rpm
wget http://poptop.sourceforge.net/yu ... .3.4-2.el6.i686.rpm
rpm -ivh pptpd-1.3.4-2.el6.i686.rpm

vim /etc/pptpd.conf
修改成
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

vim /etc/ppp/options.pptpd

#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
改成
ms-dns 8.8.8.8
ms-dns 8.8.4.4

vim /etc/ppp/chap-secrets
chap pptpd chap *

vim /etc/sysctl.conf
改成
net.ipv4.ip_forward=1
#net.ipv4.tcp_syncookies = 1
sysctl -p

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart

service pptpd start
chkconfig pptpd on
chkconfig --list


pptpd安装脚本
yum install -y ppp
wget http://poptop.sourceforge.net/yu ... .3.4-2.el6.i686.rpm
rpm -ivh pptpd-1.3.4-2.el6.i686.rpm
echo "localip 192.168.0.1" >> "/etc/pptpd.conf"
echo "remoteip 192.168.0.234-238,192.168.0.245">> "/etc/pptpd.conf"
sed -i 's#\#ms-dns 10.0.0.1#ms-dns 8.8.8.8#' /etc/ppp/options.pptpd
sed -i 's#\#ms-dns 10.0.0.2#ms-dns 8.8.4.4#' /etc/ppp/options.pptpd
echo "username pptpd password *" >> /etc/ppp/chap-secrets
sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#' /etc/sysctl.conf
sed -i 's#net.ipv4.tcp_syncookies = 1#\#net.ipv4.tcp_syncookies = 1#' /etc/sysctl.conf
sysctl -p
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
service pptpd start

radius client部署
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.5.tar.gz
tar -zxvf ppp-2.4.5.tar.gz
cp -R ppp-2.4.5/pppd/plugins/radius/etc /etc/radiusclient/

vim /etc/radiusclient/servers
106.187.35.151       testing123(每个服务器不同)  或者
echo "198.74.108.234       testing123 " >> "/etc/radiusclient/servers"

vim /etc/radiusclient/radiusclient.conf
issue /etc/radiusclient/issue
servers         /etc/radiusclient/servers
dictionary      /etc/radiusclient/dictionary
mapfile         /etc/radiusclient/port-id-map
或者:

authserver       106.187.35.151:1812
acctserver        106.187.35.151:1813

vim /etc/ppp/options.pptpd
向options.pptpd 增加plugin /usr/lib/pppd/2.4.4/radius.so后就会对用radius做密码验证(这里要注意下是2.4.4,我操)
向options.pptpd 增加plugin /usr/lib/pppd/2.4.5/radius.so后就会对用radius做密码验证

radius 服务端nas设置
vim /etc/raddb/clients.conf
client 0.0.0.0/0 {
        #  Allowed values are:
        #       dotted quad (1.2.3.4)
        #       hostname    (radius.example.com)
        secret          = testing123
        require_message_authenticator = no
        nastype     = other     # localhost isn't usually a NAS...
}

关于作者

评论47次

要评论?请先  登录  或  注册