当前位置: 首页 > 图文教程 > 操作系统 > Unix/Linux > FreeBSD mpd VPN服务器安装步骤

Unix/Linux
Linux 备份 恢复方法
Linux玩CS反恐精英的方法
在一个ISO镜像中集成多个不同的linux发行版,可刻盘,可引导
Linux 快捷键使用
Linux DHCP 服务器配置方法介绍
Linux 22端口的修改方法
Linux 记录会话过程的命令
Linux 后台执行程序如何操作?
linux Wget命令来浏览网页的方法
Linux tail命令的巧妙应用
Wine 中文存在很多的乱码怎么解决方法
linux 新手教程之创建锁文件的方法
配置Linux 保证其系统的安全
Linux DHCP协议实现过程
Linux系统下破解SAM密码
linux/unix vi 编辑器用法详解
Linux 误删文件的解决方法
Linux系统下的历史记录删除方法
Red Hat Linux 安全设置指南
Linux基本命令-注销、关机、重启

Unix/Linux 中的 FreeBSD mpd VPN服务器安装步骤


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2010-01-15   浏览: 135 ::
收藏到网摘: n/a

马上要搬出学校,而学校的资源大多是对教育网开放,考虑到以后的小区多半是电信的adsl接入,没办法,就想到了架个vpn服务器,当然首先想到的是在freebsd上架设。用goolge搜索了一下,发现搞得人还真多,心情马上好了一截。下面是我的步骤:
1、安装mpd(都说mpd对windows支持最好),很简单
cd /usr/local/ports/net/mpd/
make all install clean
2、配置/usr/local/etc/mpd/mpd.conf
default:
load vpn
vpn:
load client1
#load client2
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges x.x.x.x/32 y.y.y.y1/32
load pptp_def
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges x.x.x.x/32 y.y.y.y2/32
load pptp_def
pptp_def:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns x.x.x.y
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
open
3、配置/usr/local/etc/mpd/mpd.links
pptp1:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
4、编写启动脚本/usr/local/etc/rc.d/mpd.sh
case $1 in
start)
[ -x /usr/local/sbin/mpd ] &&
[ -f "/usr/local/etc/mpd/mpd.conf" ] &&
/usr/local/sbin/mpd -b &&
echo -n ' mpd'
;;
stop)
killall mpd && echo -n ' mpd'
;;
*)
echo "Usage: `basename $0` {start|stop}"
5、编辑用户/口令文件 /usr/local/etc/mpd/mpd/secret 很简单,照着例子作
好了,现在要做的事做完了。在winxp上创建一个vpn连接,ok,搞定。嘿嘿,还有2个非常重要的点,第一个要将freebsd服务器设置成路由模式也就是说在/etc/rc.conf中gateway_enable="YES" 要加上(网上找的资料都没说着点,完全凭经验),否则不能通过vpn服务器访问内网的其他主机。第二,winxp的防火墙要关掉,为什么不知道,总之不关,就会出现间歇性大量掉包


#pkg_add -rv mpd
#sh mpd_setup.sh config ##修改几个选项 什么用户名了,分配的IP地址了。。
#cat mpd_setup.sh
#!/bin/sh
#
# mpd VPN install script
# Compile by iceblood(Liu Hongguang)
# E-mail:[email protected]
# Website:http://www.nettf.net/
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
TIME=`date '+%Y/%m/%d %H:%M'`
case $1 in
install)
which mpd
if [ "$?" = "0" ]; then
echo "mpd already install."
exit 0
fi
if [ -d /usr/ports/net/mpd ]; then
cd /usr/ports/net/mpd
make clean
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make install
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make clean
echo "mpd software install done."
exit 0
fi
echo "Sorry,not ports /usr/ports/net/mpd"
echo "Please use cvsup get ports list."
exit 1
;;
config)
read -p "Please input mpd config patch:[/usr/local/etc/mpd] " MPDPATH
if [ "$MPDPATH" = "" ]; then
MPDPATH=/usr/local/etc/mpd
fi
read -p "Please input VPN max ports(default 5):[1~253] " CLIENT
if [ "$CLIENT" = "" ] || [ "$CLIENT" -lt 1 ] || [ "$CLIENT" -ge 254 ]; then
CLIENT=5
fi
read -p "Please input VPN server IP:[172.168.1.1] " VPNIP
if [ "$VPNIP" = "" ]; then
VPNIP=172.168.1.1
fi
VPNIPA=`echo $VPNIP | awk -F. '{print $1}'`
VPNIPB=`echo $VPNIP | awk -F. '{print $2}'`
VPNIPC=`echo $VPNIP | awk -F. '{print $3}'`
VPNIPD=`echo $VPNIP | awk -F. '{print $4}'`
if [ "$VPNIPA" -ge 255 ] || [ "$VPNIPA" -lt 0 ] || [ "$VPNIPB" -ge 255 ] || [ "$VPNIPB" -lt 0 ] || [ "$VPNIPC" -ge 255 ] || [ "$VPNIPC" -lt 0 ] || [ "$VPNIPD" -ge 255 ] || [ "$VPNIPD" -lt 0 ] ; then
echo "Sorry!!VPN server IP error!!!"
exit 1
fi
cat << MPDCONFIG > $MPDPATH/mpd.conf
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
# Website:http://www.nettf.net/
MPDCONFIG
echo "default:" >> $MPDPATH/mpd.conf
echo " load pptp" >> $MPDPATH/mpd.conf
echo "pptp:" >> $MPDPATH/mpd.conf
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
echo " load pptp$NUM" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
done
NUM=0
CLIENTIPD=0
while [ "$NUM" -lt "$CLIENT" ]; do
CLIENTIPD=`expr $CLIENTIPD + 1`
if [ "$CLIENTIPD" != "$VPNIPD" ]; then
echo "pptp$NUM:" >> $MPDPATH/mpd.conf
echo " new -i ng$NUM pptp$NUM pptp$NUM" >> $MPDPATH/mpd.conf
echo " set ipcp ranges $VPNIPA.$VPNIPB.$VPNIPC.$VPNIPD/32 $VPNIPA.$VPNIPB.$VPNIPC.$CLIENTIPD/32" >> $MPDPATH/mpd.conf
echo " load pptp_config" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
fi
done
read -p "Please input idle time at disconnect:[0] " IDLE
if [ "$IDLE" = "" ] || [ "$IDLE" -lt 0 ] || [ "$IDLE" -gt 86400 ]; then
IDLE=0
fi
read -p "Please input client DNS ipaddress:[127.0.0.1] " DNSIP
if [ "$DNSIP" = "" ]; then
DNSIP=127.0.0.1
fi
cat << MPDCONFIG >> $MPDPATH/mpd.conf
pptp_config:
set iface disable on-demand
set iface enable proxy-arp
set bundle enable compression
set bundle yes crypt-reqd
set iface idle $IDLE
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap-msv2
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns $DNSIP
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
MPDCONFIG
cat << MPDLINKS > $MPDPATH/mpd.links
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
MPDLINKS
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
cat << MPDLINKS >> $MPDPATH/mpd.links
pptp$NUM:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
MPDLINKS
NUM=`expr $NUM + 1`
done
read -p "Please VPN client username:[test] " VPNUSER
read -p "Please VPN client password:[password] " VPNPASS
if [ "$VPNUSER" = "" ]; then
VPNUSER=test
fi
if [ "$VPNPASS" = "" ]; then
VPNPASS=password
fi
echo "$VPNUSER $VPNPASS" > $MPDPATH/mpd.secret
chmod 600 $MPDPATH/mpd.secret
cat << DONE
MPD configure file set done.
Please check you kernel has:
#PPTP server set
options NETGRAPH
options NETGRAPH_PPTPGRE
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_IFACE
options NETGRAPH_PPP
options NETGRAPH_BPF
options NETGRAPH_VJC
options NETGRAPH_MPPC_ENCRYPTION
and start mpd service.
Please edit "$MPDPATH/mpd.secret" file, add or delete vpn client user.
DONE
;;
*)
cat << HELP
$0 {install|config}
install Install mpd package.
config Configure mpd vpn.
Script compile by iceblood
[email protected]
HELP
;;
esac
exit 0