歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
 Linux教程網 >> Unix知識 >> Unix基礎知識 >> Unix系統:FreeBSDmpdVPN服務器安裝步驟

Unix系統:FreeBSDmpdVPN服務器安裝步驟

日期:2017/8/19 9:39:11      编辑:Unix基礎知識

  馬上要搬出學校,而學校的資源大多是對教育網開放,考慮到以後的小區多半是電信的adsl接入,沒辦法,就想到了架個vpn服務器,當然首先想到的是在freebsd上架設。用goolge搜索了一下,發現搞得人還真多,心情馬上好了一截。下面是我的步驟:

  1、安裝mpd(都說mpd對windows支持最好),很簡單

  cd /usr/local/ports/net/mpd/

  make all install clean

  2、配置/usr/local/etc/mpd/mpd.conf

  default:

  load vpn

  vpn:

  load client1

  #load client2

  client1:

  new -i ng0 pptp1 pptp1

  set ipcp ranges x.x.x.x/32 y.y.y.y1/32

  load pptp_def

  client2:

  new -i ng1 pptp2 pptp2

  set ipcp ranges x.x.x.x/32 y.y.y.y2/32

  load pptp_def

  pptp_def:

  set iface disable on-demand

  set iface enable proxy-arp

  set iface idle 1800

  set bundle enable multilink

  set link yes acfcomp protocomp

  set link no pap chap

  set link enable chap

  set link keep-alive 10 60

  set link mtu 1460

  set ipcp yes vjcomp

  set ipcp dns x.x.x.y

  set bundle enable compression

  set ccp yes mppc

  set ccp yes mpp-e40

  set ccp yes mpp-e128

  set ccp yes mpp-stateless

  open

  3、配置/usr/local/etc/mpd/mpd.links

  pptp1:

  set link type pptp

  set pptp self 對外提供vpn服務的ip

  set pptp enable incoming

  set pptp disable originate

  pptp2:

  set link type pptp

  set pptp self 對外提供vpn服務的ip

  set pptp enable incoming

  set pptp disable originate

  4、編寫啟動腳本/usr/local/etc/rc.d/mpd.sh

  case $1 in

  start)

  [ -x /usr/local/sbin/mpd ] &&

  [ -f "/usr/local/etc/mpd/mpd.conf" ] &&

  /usr/local/sbin/mpd -b &&

  echo -n ' mpd'

  ;;

  stop)

  killall mpd && echo -n ' mpd'

  ;;

  *)

  echo "Usage: `basename $0` {start|stop}"

  5、編輯用戶/口令文件 /usr/local/etc/mpd/mpd/secret 很簡單,照著例子作

  好了,現在要做的事做完了。在winxp上創建一個vpn連接,ok,搞定。嘿嘿,還有2個非常重要的點,第一個要將freebsd服務器設置成路由模式也就是說在/etc/rc.conf中gateway_enable="YES" 要加上(網上找的資料都沒說著點,完全憑經驗),否則不能通過vpn服務器訪問內網的其他主機。第二,winxp的防火牆要關掉,為什麼不知道,總之不關,就會出現間歇性大量掉包

  #pkg_add -rv mpd

  #sh mpd_setup.sh config ##修改幾個選項 什麼用戶名了,分配的IP地址了。。

  #cat mpd_setup.sh

  #!/bin/sh

  #

  # mpd VPN install script

  # Compile by iceblood(Liu Hongguang)

  # E-mail:iceblood@163.com

  # Website:http://www.nettf.net/

  #

  PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

  TIME=`date '+%Y/%m/%d %H:%M'`

  case $1 in

  install)

  which mpd

  if [ "$?" = "0" ]; then

  echo "mpd already install."

  exit 0

  fi

  if [ -d /usr/ports/net/mpd ]; then

  cd /usr/ports/net/mpd

  make clean

  if [ "$?" = "1" ]; then

  echo "Sorry! mpd install error!!"

  exit 1

  fi

  make install

  if [ "$?" = "1" ]; then

  echo "Sorry! mpd install error!!"

  exit 1

  fi

  make clean

  echo "mpd software install done."

  exit 0

  fi

  echo "Sorry,not ports /usr/ports/net/mpd"

  echo "Please use cvsup get ports list."

  exit 1

  ;;

  config)

  read -p "Please input mpd config patch:[/usr/local/etc/mpd] " MPDPATH

  if [ "$MPDPATH" = "" ]; then

  MPDPATH=/usr/local/etc/mpd

  fi

  read -p "Please input VPN max ports(default 5):[1~253] " CLIENT

  if [ "$CLIENT" = "" ] || [ "$CLIENT" -lt 1 ] || [ "$CLIENT" -ge 254 ]; then

  CLIENT=5

  fi

  read -p "Please input VPN server IP:[172.168.1.1] " VPNIP

  if [ "$VPNIP" = "" ]; then

  VPNIP=172.168.1.1

  fi

  VPNIPA=`echo $VPNIP | awk -F. '{print $1}'`

  VPNIPB=`echo $VPNIP | awk -F. '{print $2}'`

  VPNIPC=`echo $VPNIP | awk -F. '{print $3}'`

  VPNIPD=`echo $VPNIP | awk -F. '{print $4}'`

  if [ "$VPNIPA" -ge 255 ] || [ "$VPNIPA" -lt 0 ] || [ "$VPNIPB" -ge 255 ] || [ "$VPNIPB" -lt 0 ] || [ "$VPNIPC" -ge 255 ] || [ "$VPNIPC" -lt 0 ] || [ "$VPNIPD" -ge 255 ] || [ "$VPNIPD" -lt 0 ] ; then

  echo "Sorry!!VPN server IP error!!!"

  exit 1

  fi

  cat << MPDCONFIG > $MPDPATH/mpd.conf

  # Create by iceblood mpd_setup.sh scripts

  # by $TIME

  # Script compile by iceblood

  # E-mail:iceblood@163.com

  # Website:http://www.nettf.net/

  MPDCONFIG

  echo "default:" >> $MPDPATH/mpd.conf

  echo " load pptp" >> $MPDPATH/mpd.conf

  echo "pptp:" >> $MPDPATH/mpd.conf

  NUM=0

  while [ "$NUM" -lt "$CLIENT" ]; do

  echo " load pptp$NUM" >> $MPDPATH/mpd.conf

  NUM=`expr $NUM + 1`

  done

  NUM=0

  CLIENTIPD=0

  while [ "$NUM" -lt "$CLIENT" ]; do

  CLIENTIPD=`expr $CLIENTIPD + 1`

  if [ "$CLIENTIPD" != "$VPNIPD" ]; then

  echo "pptp$NUM:" >> $MPDPATH/mpd.conf

  echo " new -i ng$NUM pptp$NUM pptp$NUM" >> $MPDPATH/mpd.conf

  echo " set ipcp ranges $VPNIPA.$VPNIPB.$VPNIPC.$VPNIPD/32 $VPNIPA.$VPNIPB.$VPNIPC.$CLIENTIPD/32" >> $MPDPATH/mpd.conf

  echo " load pptp_config" >> $MPDPATH/mpd.conf

  NUM=`expr $NUM + 1`

  fi

  done

  read -p "Please input idle time at disconnect:[0] " IDLE

  if [ "$IDLE" = "" ] || [ "$IDLE" -lt 0 ] || [ "$IDLE" -gt 86400 ]; then

  IDLE=0

  fi

  read -p "Please input client DNS ipaddress:[127.0.0.1] " DNSIP

  if [ "$DNSIP" = "" ]; then

  DNSIP=127.0.0.1

  fi

  cat << MPDCONFIG >> $MPDPATH/mpd.conf

  pptp_config:

  set iface disable on-demand

  set iface enable proxy-arp

  set bundle enable compression

  set bundle yes crypt-reqd

  set iface idle $IDLE

  set iface enable tcpmssfix

  set bundle enable multilink

  set link yes acfcomp protocomp

  set link no pap chap

  set link enable chap-msv2

  set link keep-alive 10 60

  set link mtu 1460

  set ipcp yes vjcomp

  set ipcp dns $DNSIP

  set ccp yes mppc

  set ccp yes mpp-e40

  set ccp yes mpp-e128

  set ccp yes mpp-stateless

  MPDCONFIG

  cat << MPDLINKS > $MPDPATH/mpd.links

  # Create by iceblood mpd_setup.sh scripts

  # by $TIME

  # Script compile by iceblood

  # E-mail:iceblood@163.com

  MPDLINKS

  NUM=0

  while [ "$NUM" -lt "$CLIENT" ]; do

  cat << MPDLINKS >> $MPDPATH/mpd.links

  pptp$NUM:

  set link type pptp

  set pptp self 0.0.0.0

  set pptp enable incoming

  set pptp disable originate

  MPDLINKS

  NUM=`expr $NUM + 1`

  done

  read -p "Please VPN client username:[test] " VPNUSER

  read -p "Please VPN client password:[password] " VPNPASS

  if [ "$VPNUSER" = "" ]; then

  VPNUSER=test

  fi

  if [ "$VPNPASS" = "" ]; then

  VPNPASS=password

  fi

  echo "$VPNUSER $VPNPASS" > $MPDPATH/mpd.secret

  chmod 600 $MPDPATH/mpd.secret

  cat << DONE

  MPD configure file set done.

  Please check you kernel has:

  #PPTP server set

  options NETGRAPH

  options NETGRAPH_PPTPGRE

  options NETGRAPH_SOCKET

  options NETGRAPH_KSOCKET

  options NETGRAPH_IFACE

  options NETGRAPH_PPP

  options NETGRAPH_BPF

  options NETGRAPH_VJC

  options NETGRAPH_MPPC_ENCRYPTION

  and start mpd service.

  Please edit "$MPDPATH/mpd.secret" file, add or delete vpn client user.

  DONE

  ;;

  *)

  cat << HELP

  $0 {install|config}

  install Install mpd package.

  config Configure mpd vpn.

  Script compile by iceblood

  iceblood@163.com

  HELP

  ;;

  esac

  exit 0

Copyright © Linux教程網 All Rights Reserved