VPN搭建

vpn搭建步骤：

服务器环境：DEll R610 ，DELL E105106（刀片机）

红帽企业7中的浏览器中不能识别中文解决办法：

#yum groupinfo "Server With GUI"  //会看到input-methods

#yum groupinstall  input-methods

虚拟机的快速安装方法：

首先手动安装一个非图形的虚拟机，并配置好yum源，主机名/备份初识源

#rm -rf /etc/udev/rules/70-persistent-net.rules   //删除/etc/udev/rules/70-persistent-net.rules   

#service sshd restart  //或者 /etc/init.d/sshd restart

#rm -rf  /etc/ssh/ssh_host_*   //删除  /etc/ssh/ssh_host_*   

注意：chomd 777  /etc/ssh/ -R  会有错误提示 

[root@1 etc]# ssh localhost

Read from socket failed: Connection reset by peer

#chmod  755  /etc/ssh/ -R //记得重启服务

[root@1 etc]# ssh localhost

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:2

RSA host key for localhost has changed and you have requested strict checking.

Host key verification failed.

解决方法: echo "" >/root/.ssh/known_hosts  //这样就ok了

[root@1 etc]# ssh localhost

The authenticity of host ‘localhost (::1)‘ can‘t be established.

RSA key fingerprint is be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘localhost‘ (RSA) to the list of known hosts.

root@localhost‘s password: 

Last login: Tue Apr  7 05:51:50 2015 from localhost

接着管道火墙和selinux

#service iptables stop

#chkconfig iptables off

#vim /etc/selinux/config  //Enforcing改成：disabled 重启机器

#cd  /var/lib/libvirt/images

#qemu-img -h base.img

#qemu-img  info base.img //查看base.img镜像的情况

#qemu-img convert -c -O qcow2  base.img base.qcow2  //这样base.qcow2文件就可以拿回家了方便管理

#qemu-img create -f qcow2 -b  base.qcow2  vm1.ovl  //vm1.ovl这个就是创建的虚拟机文件可以在虚拟机创建哪里导入

一个小知识点：网络配置文件里的PREFIX=24<==>NETMASK=255.255.255.0

强制安装rpm包时使用--nodeps参数即#rpm -ivh --nodeps  包名

企业部分所涵盖的内容：

1，email postfix +mysql+extmail+mailscanner+clamav+spamassain

2，lamp lnmp jsp tomcat+memcache + session

3，监控：cacti+nagios+微信

4，cluster HA+LB  rhcsm corosync+pacemaker keepalived haproxy heartbeat lvs nginx haproxy

5，mfs glusterfs hdfs hadoop hdfs+mapreduce

6，mysql cluster mysql AB

7，rhevh

8，openstack IAAS

9，vpn drbd gfs2

10，python + shell

vpn：虚拟专用网络，openssl协议 pptp协议端口为1723 https协议443

前期准备，因为本人是在Windows下装的非图形虚拟机，所以需要将事先准备好的pptpd-1.3.4-2.el6.x86_64

pptp-setup-1.7.2-8.1.el6.x86_64,ppp-2.4.4.tar,freeradius-mysql-2.1.12-3.el6.x86_64,freeradius-utils-2.1.12-3.el6.x86_64

本人搭建了Samba服务器实现

Samba：案例

#yum install -y samba samba-client

#vim  /etc/samba/smb.conf  //[global]部分 MYGROUP 改为WORKGROUP security = user  改为 security = share 

末尾处加入：

[share] 

comment = share all 

path = /tmp/samba 

browseable = yes 

public = yes 

writable = yes

#mkdir /tmp/samba 

#chmod 777 /tmp/samba 

#touch /tmp/samba/sharefiles 

#echo "111111" > /tmp/samba/sharefiles 

[root@1 vpn]# service smb  start

Starting SMB services:                                     [  OK  ]

启动：/etc/init.d/smb start  //注意一定要关掉防火墙以及selinux不然影响结果

检查配置的smb.conf是否正确  testparm 

测试：win机器浏览器输入 file://192.168.217.134/share 

或者运行栏输入： \\192.168.217.134\share 

这下就可以把搭建vpn用到的rpm包copy到此目录使用

首先准备三台机器，A，B，C //关掉防火墙，selinux确保

对A如下操作：

eth0：ip 192.168.217.134 

eth1: ip 192.168.40.135

#yum localinstall -y  pptpd-1.3.4-2.el6.x86_64

#vim  /etc/pptpd.conf

添加

localip 192.168.217.134

remoteip 192.168.40.140-145

#vim /etc/ppp/chap-secrets

添加

vpnuser1     pptpd    westos      *

vpnuser2     pptpd    redhat    192.168.40.30 //这个不在remoteip 192.168.10.10-20范围内

#service pptpd  start

对B如下操作

#ifconfig eth0  192.168.40.136 netmask 255.255.255.0

#ping  192.168.40.135  //测试下能否ping通A

对C如下操作：

eth0：ip 192.168.217.135

#yum localinstall -y  pptp-setup-1.7.2-8.1.el6.x86_64

[root@3 ~]# pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser1  --password  westos --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 ~]# pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser2  --password  redhat --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.30

remote IP address 192.168.217.134

#ip addr show

#route add -net 192.168.40.0/24  dev  ppp0

#ping 192.168.40.136  //通了说明第一部分配置成功

[root@3 ~]# route add -net 192.168.40.0/24  dev ppp0

[root@3 ~]# ping 192.168.40.136

PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.

64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=867 ms

64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=60.8 ms

64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=46.0 ms

64 bytes from 192.168.40.136: icmp_seq=4 ttl=63 time=46.8 ms

^C

--- 192.168.40.136 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3691ms

rtt min/avg/max/mdev = 46.056/255.388/867.804/353.627 ms

第二部分采用mysql数据库验证的方式

需要下载freeradius-2.1.12-4.el6_3.x86_64，freeradius-mysql-2.1.12-4.el6_3.x86_64，freeradius-utils-2.1.12-4.el6_3.x86_64

，ppp-2.4.4.tar

A机器操作

#tar -zxvf ppp-2.4.4.tar

#mkdir /etc/radiusclient

#cp ppp-2.4.4/pppd/plugins/radius/etc/*   /etc/radiusclient/

#cd /etc/radiusclient/

#vim server

localhost                                       westos

#vim radiusclient.conf

servers         /etc/radiusclient/servers

dictionary      /etc/radiusclient/dictionary

mapfile         /etc/radiusclient/port-id-map

issue   /etc/radiusclient/issue

#vim /etc/ppp/options.pptpd 

添加

plugin /usr/lib64/pppd/2.4.5/radius.so

#cd /etc/raddb/

#vim clients.conf 

secret          = westos //和/etc/radiusclient/server文件里写的一样

#vim /etc/raddb/radiusd.conf

$INCLUDE sql.conf 

#vim /etc/raddb/sites-available/default 

authorize {

#       files

sql

}

accounting {

#       radutmp

sql

}

session {

#       radutmp

        sql

}

post-auth {

sql

}

#vim /etc/raddb/sql.conf  //没有改啥东西

#vim /etc/raddb/sql/mysql/dialup.conf 

simul_count_query = "SELECT COUNT(*) \

                             FROM ${acct_table1} \

                             WHERE username = ‘%{SQL-User-Name}‘ \

                             AND acctstoptime IS NULL"

#vim /etc/ppp/chap-secrets  //删掉vpnuser1 ，vpnuser2两行

#service mysqld start

#mysql_secure_installation 

#mysql -uroot -pwestos

#mysqladmin -pwestos create radius

#cd /etc/raddb/sql/mysql/

#mysql -pwestos radius  < schema.sql 

#mysql -pwestos < admin.sql 

#mysql -uradius -pradpass  radius

#vim add.sql

use radius

insert into  radgroupreply (groupname,attribute,op,value)  values (‘user‘,‘Auth-Type‘,‘:=‘,‘Local‘);

insert into  radgroupreply (groupname,attribute,op,value)  values (‘user‘,‘Service-Type‘,‘:=‘,‘Framed-User‘);

insert into  radgroupreply (groupname,attribute,op,value)  values (‘user‘,‘Framed-IP-Address‘,‘:=‘,‘255.255.255.254‘);

insert into  radgroupreply (groupname,attribute,op,value)  values (‘user‘,‘Framed-IP-Netmask‘,‘:=‘,‘255.255.255.0‘);

insert into  radcheck (username,attribute,op,value)  values (‘vpnuser1‘,‘User-Password‘,‘:=‘,‘westos‘);

insert into  radusergroup (username,groupname)  values (‘vpnuser1‘,‘user‘);

insert into  radcheck (username,attribute,op,value)  values (‘vpnuser2‘,‘User-Password‘,‘:=‘,‘redhat‘);

insert into  radusergroup (username,groupname)  values (‘vpnuser2‘,‘user‘);

#mysql -pwestos < add.sql 

#service radiusd start

#service pptpd stop

#service pptpd start

#radtest vpnuser1   westos  localhost 0  westos

[root@1 radiusclient]# radtest vpnuser1   westos  localhost 0  westos

Sending Access-Request of id 89 to 127.0.0.1 port 1812

        User-Name = "vpnuser1"

        User-Password = "westos"

        NAS-IP-Address = 0.0.0.1

        NAS-Port = 0

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=89, length=38

        Service-Type = Framed-User

        Framed-IP-Address = 255.255.255.254

        Framed-IP-Netmask = 255.255.255.0

[root@1 radiusclient]# radtest vpnuser2   redhat  localhost 0  westos

Sending Access-Request of id 78 to 127.0.0.1 port 1812

        User-Name = "vpnuser2"

        User-Password = "redhat"

        NAS-IP-Address = 0.0.0.1

        NAS-Port = 0

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=38

        Service-Type = Framed-User

        Framed-IP-Address = 255.255.255.254

        Framed-IP-Netmask = 255.255.255.0

#service mysqld restart

#service mysqld restart

[root@3 log]#  pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser1  --password  westos  --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 log]#  pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser2  --password  redhat --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/0

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

测试成功

本文出自 “在时间里愛着你” 博客，谢绝转载！