【澳门金沙30064.com】常用服务自运维,下VPN的设置配置

目的: 到达使用Windows 3000/XP举行VPN拨号连接, 软件选择mpd
1 mpd的安装
澳门金沙30064.com,通过ports安装mpd
# cd /usr/ports/net/mpd
# make all install clean
2 mpd的配置
VPN配置文件有mpd.conf, mpd.links, mpd.secret
/usr/local/etc/mpd/mpd.conf配置如下:
default:
load vpn
vpn:
new -i ng1 vpn vpn
set iface disable on-demand
set iface addrs 192.168.0.1
set iface idle 0
set iface route 192.168.0.0/24
set bundle disable multilink
set bundle authname “VpnLogin”
set bundle password “VpnPassword”
set link yes acfcomp protocomp
set link no pap
set link yes chap
set link mtu 1460
# If remote machine is NT you need this..
# set link enable no-orig-auth
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 192.168.0.1/32 192.168.0.254/32
#
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
/usr/local/etc/mpd/mpd.links配置如下:
vpn:
set link type pptp
set pptp self 192.168.0.1
# set pptp peer 2.3.4.5
set pptp enable originate incoming outcall
/usr/local/etc/mpd/mpd.secret是用户的帐号和密码:
jerry “11111111”
emma “88888888”
test “test” 192.168.0.254
/usr/local/etc/rc.d/mpd.sh
#! /bin/sh
case $1 in
start)
[ -x /usr/local/sbin/mpd ] && \
[ -f “/usr/local/etc/mpd/mpd.conf” ] && \
/usr/local/sbin/mpd -b && \
echo -n ‘ mpd’
;;
stop)
killall mpd && echo -n ‘ mpd’
;;
*)
echo “Usage: `basename $0` {start|stop}” <&2
exit 64
;;
esac
exit 0
使用`mpd.sh start’运维, 在另一台WinXP上加多互联网连接, 使用VPN,
输入用户和密码及主机地址就足以连上了。澳门金沙30064.com 1

在FreeBSD上用mpd5构建PPTP VPN Server

此间指的是编译安装的软件 php redis nginx (mysql编写翻译安装的话暗许自运维)

反省硬件是不是协理

 

php 开机运维 ,php安装的目录在 /usr/local/php

vim /etc/init.d/php-fpm  复制以下代码

#!/bin/sh

#

# php-fpm – this script starts and stops the php-fpm daemin

#

# chkconfig: – 85 15

# processname: php-fpm

# config: /usr/local/php/etc/php-fpm.conf

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

DESC=”php-fpm daemon”

NAME=php-fpm

DAEMON=/usr/local/php/sbin/$NAME

CONFIGFILE=/usr/local/php/etc/php-fpm.conf

PIDFILE=/usr/local/php/var/run/$NAME.pid

SCRIPTNAME=/etc/init.d/$NAME

# If the daemon file is not found, terminate the script.

test -x $DAEMON || exit 0

d_start(){

$DAEMON -y $CONFIGFILE || echo -n ” already running”

}

d_stop(){

kill -QUIT `/bin/cat $PIDFILE` || echo -n ” no running”

}

d_reload(){

kill -HUP `cat $PIDFILE` || echo -n ” could not reload”

}

case “$1” in

start)

echo -n “Starting $DESC: $NAME”

d_start

echo “.”

;;

stop)

echo -n “Stopping $DESC: $NAME”

d_stop

echo “.”

;;

reload)

echo -n “Reloading $DESC configuration…”

d_reload

echo “Reloaded.”

;;

restart)

echo -n “Restarting $DESC: $NAME”

d_stop

# Sleep for two seconds before starting again, this should give the
nginx daemon some time to perform a graceful stop

sleep 2

d_start

echo “.”

;;

*)

echo “Usage: $SCRIPTNAME {start|stop|restart|force-reload)” >&2

exit 3

;;

esac

exit 0

地方须求修改的 DAEMON /usr/local/php/sbin/$NAME 
修改成为您php-fpm所在的目录

CONFIGFILE=/usr/local/php/etc/php-fpm.conf  你的php-fpm配置

PIDFILE=/usr/local/php/var/run/$NAME.pid  你的pid所在目录

这里值得注意的是,当您安装后直接运转你安装目录下sbin/php-fpm的时候并不曾行使php-fpm.conf以及安装目录下的var/run的pid

因而在使用的时候记得去布署你的php-fpm.conf,开启pid所在的目录

然后 chmod a+x /etc/init.d/php-fpm //设置权限    chkconfig php-fpm on 
//设置开机运转

##独家实行上面包车型大巴吩咐,当再次来到值和底下的同样才是例行,不然也许会出错

cat /dev/ppp

#cat: /dev/ppp: No such device or address

cat /dev/net/tun

#cat: /dev/net/tun: File descriptor in bad state

 
帮叁个有情侣公司维护服务器,很变态,他们的服务器位于某跨国集团自行建造机房,设定了仅允许通过朋友公司路由器固定IP地址才干三翻五次访谈,远程管理维护极不方便。正好平时为了测量检验和内部版本管理有助于,在她们公司里面搭建了一台服务器,就用那些来做个跳板吧。

Nginx  编写翻译安装在/usr/local/nginx 目录中

vim /etc/init.d/nginx  //以下代码是法定给的

#!/bin/sh

#

# nginx – this script starts and stops the nginx daemon

#

# chkconfig:  – 85 15

# description:  NGINX is an HTTP(S) server, HTTP(S) reverse \

#              proxy and IMAP/POP3 proxy server

# processname: nginx

# config:      /etc/nginx/nginx.conf

# config:      /etc/sysconfig/nginx

# pidfile:    /var/run/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ “$NETWORKING” = “no” ] && exit 0

nginx=”/usr/local/nginx/sbin/nginx”

prog=$(basename $nginx)

NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf”

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

# make required directories

user=`$nginx -V 2>&1 | grep “configure arguments:” | sed
‘s/[^*]*–user=\([^ ]*\).*/\1/g’ -`

if [ -z “`grep $user /etc/passwd`” ]; then

useradd -M -s /bin/nologin $user

fi

options=`$nginx -V 2>&1 | grep ‘configure arguments:’`

for opt in $options; do

【澳门金沙30064.com】常用服务自运维,下VPN的设置配置。if [ `echo $opt | grep ‘.*-temp-path’` ]; then

value=`echo $opt | cut -d “=” -f 2`

if [ ! -d “$value” ]; then

# echo “creating” $value

mkdir -p $value && chown -R $user $value

fi

fi

done

}

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

make_dirs

echo -n $”Starting $prog: “

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $”Stopping $prog: “

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

sleep 1

start

}

reload() {

configtest || return $?

echo -n $”Reloading $prog: “

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case “$1” in

start)

rh_status_q && exit 0

$1

;;

stop)

rh_status_q || exit 0

$1

;;

restart|configtest)

$1

;;

reload)

rh_status_q || exit 7

$1

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

*)

echo $”Usage: $0
{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}”

exit 2

esac

怒须要修改的正是 

nginx=”/usr/local/nginx/sbin/nginx”  // 你的nginx 运维目录

NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf”  //配置文件

chmod a+x /etc/init.d/nginx            chkconfig nginx on

1.准备

 

redis 编写翻译安装在/usr/local/redis 目录中

# chkconfig:  2345 90 10

# description:  Redis is a persistent key-value database

PATH=/usr/local/redis

REDISPORT=6379

EXEC=/usr/local/redis/redis-server

REDIS_CLI=/usr/local/redis/redis-cli

#Redis密码

PASSWORD=

PIDFILE=/var/run/redis_6379.pid

CONF=/usr/local/redis/redis.conf

case “$1” in

start)

if [ -f $PIDFILE ]

then

echo “$PIDFILE exists, process is already running or crashed”

else

echo “Starting Redis server…”

$EXEC $CONF

fi

if [ “$?”=”0” ]

then

echo “Redis is running…”

fi

;;

stop)

if [ ! -f $PIDFILE ]

then

echo “$PIDFILE does not exist, process is not running”

else

PID=$(/bin/cat $PIDFILE)

echo “Stopping …”

$REDIS_CLI -h localhost shutdown

while [ -x ${PIDFILE} ]

do

echo “Waiting for Redis to shutdown …”

sleep 1

done

echo “Redis stopped”

fi

;;

restart|force-reload)

${0} stop

${0} start

;;

*)

echo “Usage: /etc/init.d/redis {start|stop|restart|force-reload}”
>&2

exit 1

esac

PATH=/usr/local/redis

REDISPORT=6379

EXEC=/usr/local/redis/redis-server

REDIS_CLI=/usr/local/redis/redis-cli

#Redis密码

PASSWORD=

PIDFILE=/var/run/redis_6379.pid

CONF=/usr/local/redis/redis.conf

自动铺排以上

chmod a+x /etc/init.d/redis    chkconfig redis on

1#yum install -y perl ppp  //centos私下认可安装了ppp

服务器安装的是FreeBSD 9.1  62位版,安装进度就不赘述了,直接进核心:

2.安装pptpd

 

1#yum install pptpd

1、更新ports

3. 修改配置文件

 

3.1 配置文件/etc/ppp/options.pptpd

#portsnap fetch update

1  #cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak

2  #vi /etc/ppp/options.pptpd

 

将如下内容增加到到options.pptpd中(若是急需运用代码来运转进度格局,必要修改name,这几个name和chap-secets文件中的第二项对应):

2、安装MPD5

1 ms-dns8.8.8.8

2 ms-dns8.8.4.4

 

接下来保留那个文件。

#cd /usr/ports/net/mpd5

解析:ms-dns 8.8.8.8, ms-dns 8.8.4.4是使用google的dns服务器

 

3.2 配置文件/etc/ppp/chap-secrets

#make install clean

1 #cp /etc/ppp/chap-secrets   /etc/ppp/chap-secrets.bak

2 #vi /etc/ppp/chap-secrets

 

chap-secrets剧情如下:

3、配置

1 # Secrets for authentication using CHAP

2 # client server secret IP addresses

3  myusername pptpd mypassword *

 

PS:

#cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf

//myusername是你的vpn帐号

 

pptpd和options.pptpd中的name对应

#ee /usr/local/etc/mpd5/mpd.conf

mypassword是你的vpn的密码

 

*代表同意任何ip连接该pptp vpn

修改 startup: default: pptp_server: 这三块

3.3 配置文件/etc/pptpd.conf

 

1 #cp /etc/pptpd.conf     /etc/pptpd.conf.bak

2 #vi /etc/pptpd.conf

有个别粘贴如下,修改见备注

修改下边

 

1 connection100#最加纳阿克拉接数

2 localip192.168.9.1#vpn服务占用的ip

3 remoteip192.168.9.11-30//表示vpn客户端获得ip的限量

 

3.4 配置文件/etc/sysctl.conf

startup:

1 #vi /etc/sysctl.conf //修改内核设置,使其扶助中间转播

        # configure mpd users

将net.ipv4.ip_forward = 0 改成 net.ipv4.ip_forward = 1

        set user shuqi888 loveosc ### 设置 mpd 的拜会帐号及密码,通过
telnet 或 web 访谈时须要此帐号,此例中管理员名shuqi888,密码loveosc

封存修改后的公文

        #set user foo1 bar1

1 #/sbin/sysctl -p

        # configure the console

4. 启动pptp vpn

        set console self 127.0.0.1 5005

1  # systemctl start pptpd.service

2  # systemctl restart pptpd.service

3  # systemctl stop pptpd.service

        set console open

5、firewall防火墙 配置

        # configure the web server

firewall-cmd –set-default-zone=public

firewall-cmd –add-interface=m=$ens

firewall-cmd –add-port=1723/tcp –permanent

firewall-cmd –add-masquerade –permanent

firewall-cmd –permanent –direct –add-rule ipv4 filter INPUT 0 -i $ens -p gre -j ACCEPT

firewall-cmd –reload

        set web self 0.0.0.0 5006

6、开机运转配置

        set web open

# systemctl enable pptpd.service

# Default configuration is “dialup”

7、输出日志

 

修改/etc/ppp/ip-up

default:

# cat ip-up

PATH=/sbin:/usr/sbin:/bin:/usr/bin

export PATH

log=/var/log/pptp.log

echo
“##################################”
>> $log

echo “Now User $PEERNAME is connected!!!” >> $log

echo
“##################################”
>> $log

echo “time: `date -d today +%F_%T`” >> $log

echo “clientIP: $6” >> $log

echo “username: $PEERNAME” >> $log

echo “device: $1” >> $log

echo “vpnIP: $4” >> $log

echo “assignIP: $5” >> $log

LOGDEVICE=$6

REALDEVICE=$1

[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] &&
/etc/sysconfig/network-scripts/ifup-post –realdevice ${REALDEVICE}
ifcfg-${LOGDEVICE}

/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}

[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local “$@”

exit 0

        #load dialup   注释掉dialup

**修改/etc/ppp/ip-down
**

        load pptp_server ### 更动暗许调用 pptp_server 模块

# cat ip-down

PATH=/sbin:/usr/sbin:/bin:/usr/bin

export PATH

log=/var/log/pptp.log

echo
“#####################################”
>> $log

echo “Now User $PEERNAME is disconnected!!!” >> $log

echo
“#####################################”
>> $log

echo “time: `date -d today +%F_%T`” >> $log

echo “clientIP: $6” >> $log

echo “username: $PEERNAME” >> $log

echo “device: $1” >> $log

echo “vpnIP: $4” >> $log

echo “assignIP: $5” >> $log

echo “connect time: $CONNECT_TIME s” >> $log

echo “bytes sent: $BYTES_SENT B” >> $log

echo “bytes rcvd: $BYTES_RCVD B” >> $log

sum_bytes=$(($BYTES_SENT+$BYTES_RCVD))

sum=`echo “scale=2;$sum_bytes/1024/1024″|bc`

echo “bytes sum: $sum MB” >> $log

ave=`echo “scale=2;$sum_bytes/1024/$CONNECT_TIME”|bc`

echo “average speed: $ave KB/s” >> $log

LOGDEVICE=$6

REALDEVICE=$1

/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE}

[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local “$@”

/etc/sysconfig/network-scripts/ifdown-post –realdevice ${REALDEVICE}
\

ifcfg-${LOGDEVICE}

exit 0

pptp_server:

#

# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking
clients.

#

# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the

# machine running mpd is at 192.168.1.1, and also has an externally
visible

# IP address of 1.2.3.4.

#

# We want to allow a client to connect to 1.2.3.4 from out on the
Internet

# via PPTP.  We will assign that client the address 192.168.1.50 and
proxy-ARP

# for that address, so the virtual PPP link will be numbered
192.168.1.1 local

# and 192.168.1.50 remote.  From the client machine’s perspective, it
will

# appear as if it is actually on the 192.168.1.0/24 network, even
though in

# reality it is somewhere far away out on the Internet.

#

# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at
192.168.1.4.

# If you don’t have an NBNS server, leave that line out.

#

 

# Define dynamic IP address pool.

        set ippool add pool1 192.168.1.50 192.168.1.99
##此处能够设定拨入后的私人民居房IP

 

# Create clonable bundle template named B

        create bundle template B

        set iface enable proxy-arp

        set iface idle 1800

        set iface enable tcpmssfix

        set ipcp yes vjcomp

# Specify IP address pool for dynamic assigment.

        set ipcp ranges 192.168.1.1/32 ippool pool1

        set ipcp dns 8.8.8.8  ### 设置 dns,小编爱不忍释Google的

        #set ipcp nbns 192.168.1.4 ###借使您用不到 wins
的话,能够注释掉那块,

# The five lines below enable Microsoft Point-to-Point encryption

# (MPPE) using the ng_mppc(8) netgraph node type.

        set bundle enable compression

        set ccp yes mppc

        set mppc yes e40

        set mppc yes e128

        set mppc yes stateless

# Create clonable link template named L

        create link template L pptp

# Set bundle template to use

        set link action bundle B

# Multilink adds some overhead, but gives full 1500 MTU.

        set link enable multilink

        set link yes acfcomp protocomp

        set link no pap chap eap

        set link enable chap

        

# We can use use RADIUS authentication/accounting by including

# another config section with label ‘radius’.

#       load radius

        set link keep-alive 10 60

# We reducing link mtu to avoid GRE packet fragmentation.

        set link mtu 1460

# Configure PPTP

        set pptp self 192.168.1.201 ###安装 pptp 的监听 ip
地址,也等于您的网卡的 真实IP
地址,这里应当要留神,如果是透过路由器端口映射出去的主机,这里不能够填路由器地址,而应该是网卡上配备的实在IP地址。

# Allow to accept calls

        set link enable incoming

保存退出。

 

4、设定及运营

 

#ee /etc/rc.conf

 

加入

 

mpd_enable=”YES”

启动mpd5 

#/usr/local/etc/rc.d/mpd5 start

 

添加VPN帐号

 

#ee /usr/local/etc/mpd5/mpd.secret

 

输入用户名和密码,一行叁个,如

 

vpnuser1    password001

 

启用包转载(不做这一步,纵然能够连上VPN,但只可以访谈内网,无法访谈外网)

 

#sysctl net.inet.ip.forwarding=1

 

从那之后安装配置达成,能够在Windows中新建四个VPN连接了。

 

经过web访谈能够看到近年来拨入连接的事态

 

澳门金沙30064.com 2

VPN Server
帮贰个情人公司维护服务器,很变态,他们的服务器位于某国有公司自行建造机房,设定了仅允许通过朋友公司路由…

发表评论

电子邮件地址不会被公开。 必填项已用*标注

网站地图xml地图