VPN搭建
vpn搭建步骤:
服务器环境:DEll R610 ,DELL E105106(刀片机)
红帽企业7中的浏览器中不能识别中文解决办法:
#yum groupinfo "Server With GUI" //会看到input-methods
#yum groupinstall input-methods
虚拟机的快速安装方法:
首先手动安装一个非图形的虚拟机,并配置好yum源,主机名/备份初识源
#rm -rf /etc/udev/rules/70-persistent-net.rules //删除/etc/udev/rules/70-persistent-net.rules
#service sshd restart //或者 /etc/init.d/sshd restart
#rm -rf /etc/ssh/ssh_host_* //删除 /etc/ssh/ssh_host_*
注意:chomd 777 /etc/ssh/ -R 会有错误提示
[root@1 etc]# ssh localhost
Read from socket failed: Connection reset by peer
#chmod 755 /etc/ssh/ -R //记得重启服务
[root@1 etc]# ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
解决方法: echo "" >/root/.ssh/known_hosts //这样就ok了
[root@1 etc]# ssh localhost
The authenticity of host ‘localhost (::1)‘ can‘t be established.
RSA key fingerprint is be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost‘ (RSA) to the list of known hosts.
root@localhost‘s password:
Last login: Tue Apr 7 05:51:50 2015 from localhost
接着管道火墙和selinux
#service iptables stop
#chkconfig iptables off
#vim /etc/selinux/config //Enforcing改成:disabled 重启机器
#cd /var/lib/libvirt/images
#qemu-img -h base.img
#qemu-img info base.img //查看base.img镜像的情况
#qemu-img convert -c -O qcow2 base.img base.qcow2 //这样base.qcow2文件就可以拿回家了方便管理
#qemu-img create -f qcow2 -b base.qcow2 vm1.ovl //vm1.ovl这个就是创建的虚拟机文件可以在虚拟机创建哪里导入
一个小知识点:网络配置文件里的PREFIX=24<==>NETMASK=255.255.255.0
强制安装rpm包时使用--nodeps参数即#rpm -ivh --nodeps 包名
企业部分所涵盖的内容:
1,email postfix +mysql+extmail+mailscanner+clamav+spamassain
2,lamp lnmp jsp tomcat+memcache + session
3,监控:cacti+nagios+微信
4,cluster HA+LB rhcsm corosync+pacemaker keepalived haproxy heartbeat lvs nginx haproxy
5,mfs glusterfs hdfs hadoop hdfs+mapreduce
6,mysql cluster mysql AB
7,rhevh
8,openstack IAAS
9,vpn drbd gfs2
10,python + shell
vpn:虚拟专用网络,openssl协议 pptp协议端口为1723 https协议443
前期准备,因为本人是在Windows下装的非图形虚拟机,所以需要将事先准备好的pptpd-1.3.4-2.el6.x86_64
pptp-setup-1.7.2-8.1.el6.x86_64,ppp-2.4.4.tar,freeradius-mysql-2.1.12-3.el6.x86_64,freeradius-utils-2.1.12-3.el6.x86_64
本人搭建了Samba服务器实现
Samba:案例
#yum install -y samba samba-client
#vim /etc/samba/smb.conf //[global]部分 MYGROUP 改为WORKGROUP security = user 改为 security = share
末尾处加入:
[share]
comment = share all
path = /tmp/samba
browseable = yes
public = yes
writable = yes
#mkdir /tmp/samba
#chmod 777 /tmp/samba
#touch /tmp/samba/sharefiles
#echo "111111" > /tmp/samba/sharefiles
[root@1 vpn]# service smb start
Starting SMB services: [ OK ]
启动:/etc/init.d/smb start //注意一定要关掉防火墙以及selinux不然影响结果
检查配置的smb.conf是否正确 testparm
测试:win机器浏览器输入 file://192.168.217.134/share
或者运行栏输入: \\192.168.217.134\share
这下就可以把搭建vpn用到的rpm包copy到此目录使用
首先准备三台机器,A,B,C //关掉防火墙,selinux确保
对A如下操作:
eth0:ip 192.168.217.134
eth1: ip 192.168.40.135
#yum localinstall -y pptpd-1.3.4-2.el6.x86_64
#vim /etc/pptpd.conf
添加
localip 192.168.217.134
remoteip 192.168.40.140-145
#vim /etc/ppp/chap-secrets
添加
vpnuser1 pptpd westos *
vpnuser2 pptpd redhat 192.168.40.30 //这个不在remoteip 192.168.10.10-20范围内
#service pptpd start
对B如下操作
#ifconfig eth0 192.168.40.136 netmask 255.255.255.0
#ping 192.168.40.135 //测试下能否ping通A
对C如下操作:
eth0:ip 192.168.217.135
#yum localinstall -y pptp-setup-1.7.2-8.1.el6.x86_64
[root@3 ~]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser1 --password westos --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
[root@3 ~]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser2 --password redhat --encrypt --start
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.30
remote IP address 192.168.217.134
#ip addr show
#route add -net 192.168.40.0/24 dev ppp0
#ping 192.168.40.136 //通了说明第一部分配置成功
[root@3 ~]# route add -net 192.168.40.0/24 dev ppp0
[root@3 ~]# ping 192.168.40.136
PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.
64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=867 ms
64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=60.8 ms
64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=46.0 ms
64 bytes from 192.168.40.136: icmp_seq=4 ttl=63 time=46.8 ms
^C
--- 192.168.40.136 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3691ms
rtt min/avg/max/mdev = 46.056/255.388/867.804/353.627 ms
第二部分采用mysql数据库验证的方式
需要下载freeradius-2.1.12-4.el6_3.x86_64,freeradius-mysql-2.1.12-4.el6_3.x86_64,freeradius-utils-2.1.12-4.el6_3.x86_64
,ppp-2.4.4.tar
A机器操作
#tar -zxvf ppp-2.4.4.tar
#mkdir /etc/radiusclient
#cp ppp-2.4.4/pppd/plugins/radius/etc/* /etc/radiusclient/
#cd /etc/radiusclient/
#vim server
localhost westos
#vim radiusclient.conf
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
mapfile /etc/radiusclient/port-id-map
issue /etc/radiusclient/issue
#vim /etc/ppp/options.pptpd
添加
plugin /usr/lib64/pppd/2.4.5/radius.so
#cd /etc/raddb/
#vim clients.conf
secret = westos //和/etc/radiusclient/server文件里写的一样
#vim /etc/raddb/radiusd.conf
$INCLUDE sql.conf
#vim /etc/raddb/sites-available/default
authorize {
# files
sql
}
accounting {
# radutmp
sql
}
session {
# radutmp
sql
}
post-auth {
sql
}
#vim /etc/raddb/sql.conf //没有改啥东西
#vim /etc/raddb/sql/mysql/dialup.conf
simul_count_query = "SELECT COUNT(*) \
FROM ${acct_table1} \
WHERE username = ‘%{SQL-User-Name}‘ \
AND acctstoptime IS NULL"
#vim /etc/ppp/chap-secrets //删掉vpnuser1 ,vpnuser2两行
#service mysqld start
#mysql_secure_installation
#mysql -uroot -pwestos
#mysqladmin -pwestos create radius
#cd /etc/raddb/sql/mysql/
#mysql -pwestos radius < schema.sql
#mysql -pwestos < admin.sql
#mysql -uradius -pradpass radius
#vim add.sql
use radius
insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Auth-Type‘,‘:=‘,‘Local‘);
insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Service-Type‘,‘:=‘,‘Framed-User‘);
insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Framed-IP-Address‘,‘:=‘,‘255.255.255.254‘);
insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Framed-IP-Netmask‘,‘:=‘,‘255.255.255.0‘);
insert into radcheck (username,attribute,op,value) values (‘vpnuser1‘,‘User-Password‘,‘:=‘,‘westos‘);
insert into radusergroup (username,groupname) values (‘vpnuser1‘,‘user‘);
insert into radcheck (username,attribute,op,value) values (‘vpnuser2‘,‘User-Password‘,‘:=‘,‘redhat‘);
insert into radusergroup (username,groupname) values (‘vpnuser2‘,‘user‘);
#mysql -pwestos < add.sql
#service radiusd start
#service pptpd stop
#service pptpd start
#radtest vpnuser1 westos localhost 0 westos
[root@1 radiusclient]# radtest vpnuser1 westos localhost 0 westos
Sending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "vpnuser1"
User-Password = "westos"
NAS-IP-Address = 0.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=89, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
[root@1 radiusclient]# radtest vpnuser2 redhat localhost 0 westos
Sending Access-Request of id 78 to 127.0.0.1 port 1812
User-Name = "vpnuser2"
User-Password = "redhat"
NAS-IP-Address = 0.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
#service mysqld restart
#service mysqld restart
[root@3 log]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser1 --password westos --encrypt --start
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
[root@3 log]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser2 --password redhat --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
测试成功
本文出自 “在时间里愛着你” 博客,谢绝转载!
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。