当前位置: 首页 > 图文教程 > 操作系统 > Unix/Linux > FreeBSD mpd VPN服务器安装步骤

Unix/Linux
linux查看内存的大小
在linux下写的代码,用的是utf-8,结果拿到XP下运行的时候,所有的中文都成乱码
linux su和sudo命令的区别
linux cron 下的定时执行工具使用技巧
linux 查找进程及终止进程操作的相关命令
redhat linux 安装 gcc编译器
Linux Mplayer播放各种格式的电影
一起回顾一下linux常用命令
Linux 网站项目发布要做哪些配置
linux SSH配合SecureCRT的密匙完美使用方法
GD 编译出错解决方法
Facebook Open Platform编译FAQ
Linux 系统硬盘 优化
linux 挂载详解
linux crontab定时命令
Linux 系统中确保访问三级域名畅通的方法
Linux 特权帐号VS普通帐号
确保Linux系统安全的前提条件 漏洞防护
Linux 监视系统资源使用率
Red Hat Linux上使用BIND建立DNS服务器

Unix/Linux 中的 FreeBSD mpd VPN服务器安装步骤


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2010-01-15   浏览: 132 ::
收藏到网摘: n/a

马上要搬出学校,而学校的资源大多是对教育网开放,考虑到以后的小区多半是电信的adsl接入,没办法,就想到了架个vpn服务器,当然首先想到的是在freebsd上架设。用goolge搜索了一下,发现搞得人还真多,心情马上好了一截。下面是我的步骤:
1、安装mpd(都说mpd对windows支持最好),很简单
cd /usr/local/ports/net/mpd/
make all install clean
2、配置/usr/local/etc/mpd/mpd.conf
default:
load vpn
vpn:
load client1
#load client2
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges x.x.x.x/32 y.y.y.y1/32
load pptp_def
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges x.x.x.x/32 y.y.y.y2/32
load pptp_def
pptp_def:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns x.x.x.y
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
open
3、配置/usr/local/etc/mpd/mpd.links
pptp1:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
4、编写启动脚本/usr/local/etc/rc.d/mpd.sh
case $1 in
start)
[ -x /usr/local/sbin/mpd ] &&
[ -f "/usr/local/etc/mpd/mpd.conf" ] &&
/usr/local/sbin/mpd -b &&
echo -n ' mpd'
;;
stop)
killall mpd && echo -n ' mpd'
;;
*)
echo "Usage: `basename $0` {start|stop}"
5、编辑用户/口令文件 /usr/local/etc/mpd/mpd/secret 很简单,照着例子作
好了,现在要做的事做完了。在winxp上创建一个vpn连接,ok,搞定。嘿嘿,还有2个非常重要的点,第一个要将freebsd服务器设置成路由模式也就是说在/etc/rc.conf中gateway_enable="YES" 要加上(网上找的资料都没说着点,完全凭经验),否则不能通过vpn服务器访问内网的其他主机。第二,winxp的防火墙要关掉,为什么不知道,总之不关,就会出现间歇性大量掉包


#pkg_add -rv mpd
#sh mpd_setup.sh config ##修改几个选项 什么用户名了,分配的IP地址了。。
#cat mpd_setup.sh
#!/bin/sh
#
# mpd VPN install script
# Compile by iceblood(Liu Hongguang)
# E-mail:[email protected]
# Website:http://www.nettf.net/
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
TIME=`date '+%Y/%m/%d %H:%M'`
case $1 in
install)
which mpd
if [ "$?" = "0" ]; then
echo "mpd already install."
exit 0
fi
if [ -d /usr/ports/net/mpd ]; then
cd /usr/ports/net/mpd
make clean
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make install
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make clean
echo "mpd software install done."
exit 0
fi
echo "Sorry,not ports /usr/ports/net/mpd"
echo "Please use cvsup get ports list."
exit 1
;;
config)
read -p "Please input mpd config patch:[/usr/local/etc/mpd] " MPDPATH
if [ "$MPDPATH" = "" ]; then
MPDPATH=/usr/local/etc/mpd
fi
read -p "Please input VPN max ports(default 5):[1~253] " CLIENT
if [ "$CLIENT" = "" ] || [ "$CLIENT" -lt 1 ] || [ "$CLIENT" -ge 254 ]; then
CLIENT=5
fi
read -p "Please input VPN server IP:[172.168.1.1] " VPNIP
if [ "$VPNIP" = "" ]; then
VPNIP=172.168.1.1
fi
VPNIPA=`echo $VPNIP | awk -F. '{print $1}'`
VPNIPB=`echo $VPNIP | awk -F. '{print $2}'`
VPNIPC=`echo $VPNIP | awk -F. '{print $3}'`
VPNIPD=`echo $VPNIP | awk -F. '{print $4}'`
if [ "$VPNIPA" -ge 255 ] || [ "$VPNIPA" -lt 0 ] || [ "$VPNIPB" -ge 255 ] || [ "$VPNIPB" -lt 0 ] || [ "$VPNIPC" -ge 255 ] || [ "$VPNIPC" -lt 0 ] || [ "$VPNIPD" -ge 255 ] || [ "$VPNIPD" -lt 0 ] ; then
echo "Sorry!!VPN server IP error!!!"
exit 1
fi
cat << MPDCONFIG > $MPDPATH/mpd.conf
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
# Website:http://www.nettf.net/
MPDCONFIG
echo "default:" >> $MPDPATH/mpd.conf
echo " load pptp" >> $MPDPATH/mpd.conf
echo "pptp:" >> $MPDPATH/mpd.conf
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
echo " load pptp$NUM" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
done
NUM=0
CLIENTIPD=0
while [ "$NUM" -lt "$CLIENT" ]; do
CLIENTIPD=`expr $CLIENTIPD + 1`
if [ "$CLIENTIPD" != "$VPNIPD" ]; then
echo "pptp$NUM:" >> $MPDPATH/mpd.conf
echo " new -i ng$NUM pptp$NUM pptp$NUM" >> $MPDPATH/mpd.conf
echo " set ipcp ranges $VPNIPA.$VPNIPB.$VPNIPC.$VPNIPD/32 $VPNIPA.$VPNIPB.$VPNIPC.$CLIENTIPD/32" >> $MPDPATH/mpd.conf
echo " load pptp_config" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
fi
done
read -p "Please input idle time at disconnect:[0] " IDLE
if [ "$IDLE" = "" ] || [ "$IDLE" -lt 0 ] || [ "$IDLE" -gt 86400 ]; then
IDLE=0
fi
read -p "Please input client DNS ipaddress:[127.0.0.1] " DNSIP
if [ "$DNSIP" = "" ]; then
DNSIP=127.0.0.1
fi
cat << MPDCONFIG >> $MPDPATH/mpd.conf
pptp_config:
set iface disable on-demand
set iface enable proxy-arp
set bundle enable compression
set bundle yes crypt-reqd
set iface idle $IDLE
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap-msv2
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns $DNSIP
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
MPDCONFIG
cat << MPDLINKS > $MPDPATH/mpd.links
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
MPDLINKS
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
cat << MPDLINKS >> $MPDPATH/mpd.links
pptp$NUM:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
MPDLINKS
NUM=`expr $NUM + 1`
done
read -p "Please VPN client username:[test] " VPNUSER
read -p "Please VPN client password:[password] " VPNPASS
if [ "$VPNUSER" = "" ]; then
VPNUSER=test
fi
if [ "$VPNPASS" = "" ]; then
VPNPASS=password
fi
echo "$VPNUSER $VPNPASS" > $MPDPATH/mpd.secret
chmod 600 $MPDPATH/mpd.secret
cat << DONE
MPD configure file set done.
Please check you kernel has:
#PPTP server set
options NETGRAPH
options NETGRAPH_PPTPGRE
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_IFACE
options NETGRAPH_PPP
options NETGRAPH_BPF
options NETGRAPH_VJC
options NETGRAPH_MPPC_ENCRYPTION
and start mpd service.
Please edit "$MPDPATH/mpd.secret" file, add or delete vpn client user.
DONE
;;
*)
cat << HELP
$0 {install|config}
install Install mpd package.
config Configure mpd vpn.
Script compile by iceblood
[email protected]
HELP
;;
esac
exit 0