本文系统Centos6.0;192.168.182.133
本文也是近期项目之一;为了后面的vpn隧道和多ip路由分流;
-rw-r--r-- 1 root root 684342 6月 19 22:49 ppp-2.4.5.tar.gz -rw-r--r-- 1 root root 74048 6月 19 22:49 pptpd-1.3.4-2.el6.i686.rpm
这是其中的两个包;
如果pptpd不好下载的话,欢迎到本人下载区去下载,因为这个国外的url被和谐了,本人也是使用了加速器才下载到的;http://down.51cto.com/data/840850
1、下面就开始操作了;
[root@node1 ~]# vim /etc/pptpd.conf #pptpd.conf option /etc/ppp/options.pptpd logwtmp localip 192.168.182.133 remoteip 172.16.0.2-254
[root@node1 ~]# vim /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms-dns 8.8.8.8 logfile /var/log/pptpd.log
[root@node1 ~]# vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses test pptpd test123 *
[root@node1 ~]# cat /etc/sysctl.conf |grep -v ^# |grep -v ^# net.ipv4.ip_forward = 1
[root@node1 ~]# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE
Ps;重启服务;测试本地拨号是否正常;
经过测试,拨号OK;
2、下面是安装mysql及freeradius;
yum install mysql* freeradius* -y
创建radius数据库,导入相关sql;并创建测试用户;
mysql> create database radius;
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/admin.sql [root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/cui.sql [root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql [root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql [root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/wimax.sql
mysql> insert into radius.radcheck (Username,Attribute,op,Value) values('lansgg','password','==','lansgg123')
配置radius的相关配置文件;
[root@node1 ~]# vim /etc/raddb/radiusd.conf 700 $INCLUDE sql.conf
[root@node1 ~]# vim /etc/raddb/sql.conf 28 database = "mysql" 33 driver = "rlm_sql_${database}" 36 server = "localhost" 38 login = "root" 39 password = "123" 42 radius_db = "radius" 50 acct_table1 = "radacct" 51 acct_table2 = "radacct" 100 readclients = yes ps:前面的子标为行数哈
[root@node1 ~]# vim /etc/raddb/sites-enabled/default 69 authorize { 170 # files 177 sql 252 authenticate { 297 # unix 333 preacct { 372 # files 389 # unix 406 sql 449 session { 454 sql 461 post-auth { 475 sql
[root@node1 ~]# vim /etc/raddb/sites-enabled/inner-tunnel 124 # files 131 sql 223 # unix 255 sql 277 sql
[root@node1 ~]# vim /etc/raddb/eap.conf 30 default_eap_type = peap
测试radius和mysql的整合
3、下面是pptpd和freeradius的整合了;
解压ppp源码包,copy其配置文件;
[root@node1 ~]# tar zxvf ppp-2.4.5.tar.gz
[root@node1 ~]# mkdir /etc/ppp/radius [root@node1 ~]# cp -R ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/
修改radius的相关路径:
[root@node1 etc]# vim radiusclient.conf auth_order radius login_tries 4 login_timeout 60 nologin /etc/nologin issue /etc/ppp//radius/etc/issue authserver localhost:1812 acctserver localhost:1813 servers /etc/ppp/radius/etc/servers dictionary /etc/ppp/radius/etc/dictionary login_radius /usr/local/sbin/login.radius seqfile /var/run/radius.seq mapfile /etc/ppp/radius/etc/port-id-map default_realm radius_timeout 10 radius_retries 3 login_local /bin/login
[root@node1 etc]# vim /etc/ppp/radius/etc/dictionary INCLUDE /etc/ppp/radius/etc/dictionary.microsoft INCLUDE /etc/ppp/radius/etc/dictionary.ascend #新增 INCLUDE /etc/ppp/radius/etc/dictionary.merit #新增 INCLUDE /etc/ppp/radius/etc/dictionary.compat #新增
增加options.pptpd
[root@node1 etc]# vim /etc/ppp/options.pptpd plugin /usr/lib/pppd/2.4.5/radius.so #新增 radius-config-file /etc/ppp/radius/etc/radiusclient.conf #新增
修改radius认证密钥;
[root@node1 raddb]# vim /etc/raddb/clients.conf 101 secret = lansggtest
[root@node1 raddb]# vim /etc/ppp/radius/etc/servers 5 localhost lansggtest
经过测试OK!(帐号:lansgg;密码lansgg123)