史萊姆論壇

返回   史萊姆論壇 > 教學文件資料庫 > 作業系統操作技術文件
忘記密碼?
論壇說明 標記討論區已讀

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


 
 
主題工具 顯示模式
舊 2004-02-17, 04:27 AM   #1
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設 SOP of Building PPPoE+PPTP Server in Linux

SOP of building PPPoE+PPTP VPN Server In Linux 2.4



中文說明:
這份我的文件是我前段時間寫的(用的是英文,英文不太好的朋友抱歉了),當時是因為
有個測試需要使用PPPoE server,手頭雖然有硬體的NAS,但是因為Linux用的比較多
,所以又花了點時間在Linux下實現了同樣的功能。
通過這份SOP,你應該可以成功的架設一個PPPoE+PPTP VPN Server,其中PPTP
VPN採用128bit MPPE加密,而PPPoE的撥號用戶信息使用MySQL database來存
儲,撥入的身份驗證使用PPPD的Radius Server插件(Freeradius)。
本我的文件歡迎轉載,但是轉載時請保留作者信息。

Note:
This SOP will guide you to setup and integrate PPPoE+PPTPD+Radius
+MySQL Server in a Linux box, your Linux box can work as a PPTPD VPN
server, PPPoE Access Concentrator(User Mode), Radius Authentication
Server

This document release under GPL, you can use it as a reference, it is freely
redistributable, but it comes with no warranty, just use it as your risk.

Revision History
Date Release Author Description
10/25/03 0.2 Jacky Ho Update freeradius to ver 0.9.2.
09/15/03 0.1 Draft document

My Testing Platform: Debian Linux 3.0
Kernel Version: Official Kernel V2.4.21 + MPPE Patch

Phase 1: Install and configure all packages

Step 1:
First of all, you need to download all the necessary source tarballs.

I list the entire tarball download URL below, and if the URL doesn』t work
, I suggest you use Google to find it.

ftp://ftp.samba.org/pub/ppp/ppp-2.4.1.tar.gz
http://public.planetmirror.com/pub/m...-mppe-patch.gz
http://www.chelcom.ru/~anton/project...ius-1.4.tar.gz
http://www.chelcom.ru/~anton/project...in-hooks.patch
http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5.tar.gz
ftp://ftp.freeradius.org/pub/radius/...s-0.9.2.tar.gz
mysql-3.23.57.tar.gz from http://www.mysql.com/
http://flow.dl.sourceforge.net/sourc...0030409.tar.gz
http://public.planetmirror.com/pub/m...-mppe.patch.gz
http://www.kernel.org/pub/linux/kern...2.4.21.tar.bz2

Put all of these tarballs to /usr/local/src

Step 2:
Install PPPD daemon

Login as root and type the following commands:


程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#tar zxvf ppp-2.4.1.tar.gz
#tar zxvf pppd-tacacs+radius-1.4.tar.gz
#mv pppd-tacacs+radius ppp-2.4.1/pppd/plugins/
#gunzip -d ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
#cd ppp-2.4.1
#patch -Np1 -i ../ppp-2.4.1-openssl-0.9.6-mppe-patch
#patch -Np0 -i ../pppd-mppe-2.4.1-plugin-hooks.patch
#./configure && make && make install
#cd pppd/plugins/pppd-tacacs+radius/
#make && make install
#chmod u+s /usr/sbin/pppd
--------------------------------------------------------------------------------


Step 3:
Install PPTPD Daemon

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#tar zxvf pptpd-1.1.3-20030409.tar.gz
#cd poptop
#./configure && make && make install
--------------------------------------------------------------------------------


Step 4:
Install MySQL Database Server

Because I use debian linux dist, I prefer to use the debian pre-compile
binary packages,if you use debian too, to install MySQL server, just use this command:

程式碼:--------------------------------------------------------------------------------
#apt-get install libmysqlclient10 libmysqlclient10-dev mysql-common mysql-client mysql-server
--------------------------------------------------------------------------------


But I assume that your linux system isn』t debian and you want install the
MySQL server from the source tarball, here is the install guide:

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#tar zxvf mysql-3.23.57.tar.gz
#cd mysql-3.23.57
#./configure --with-extra-charsets=all --prefix=/usr/local/mysql
#make && make install
#./scripts/mysql_install_db
#/usr/local/mysql/bin/safe_mysqld &
#/usr/local/mysql/bin/mysqladmin –u root password 『YOUR_NEW_PASSWORD』
--------------------------------------------------------------------------------


Step 5:
Install the FreeRadius Server with MySQL module support

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#tar zxvf freeradius-0.9.2.tar.gz
#cd freeradius-0.9.2
#./configure --with-experimental-modules \
--with-rlm-sql-lib-dir=/usr/local/mysql/lib/mysql/ \
--with-rlm-sql-include-dir=/usr/local/mysql/include/mysql/
--------------------------------------------------------------------------------

if you use debian, use follow commands:

程式碼:--------------------------------------------------------------------------------
#./configure --with-experimental-modules \
--with-rlm-sql-lib-dir=/usr/lib \
--with-rlm-sql-include-dir=/usr/include/mysql/
--------------------------------------------------------------------------------


程式碼:--------------------------------------------------------------------------------
#make && make install
--------------------------------------------------------------------------------


Step 6:
Install the RP-PPPoE package

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#tar zxvf rp-pppoe-3.5.tar.gz
#cd rp-pppoe-3.5/src
#./configure && make && make install
--------------------------------------------------------------------------------


Step 7:
Rebuild the kernel with PPP (MPPE patched) support and configure PPTPD
daemon

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/src
#gunzip –d linux-2.4.21-openssl-0.9.6b-mppe.patch.gz
#mv linux-2.4.21.tar.bz2 /usr/src
#cd /usr/src
#tar jzvf linux-2.4.21.tar.bz2 ; ln -s linux-2.4.21 linux
#cd linux
#patch -Np1 -i /usr/local/src/linux-2.4.21-openssl-0.9.6b-mppe.patch
#make clean && make menuconfig
--------------------------------------------------------------------------------


(Now you can configure your kernel as usual, but make sure you have
configure the kernel with PPP support, just check these:

程式碼:--------------------------------------------------------------------------------
code maturity level options——>[*] prompt for development and/or incomplete code/drivers
networking options——>[*] packet socket[*] packet socket:mmapped io
network device support——>
[M] ppp (point-to-point protocol) support[*] ppp multilink support (experimental)[*] ppp filtering
[M] ppp support for async serial ports
[M] ppp support for sync tty ports
[M] ppp deflate compression
[M] ppp bsd-compress compression
[M] ppp over Ethernet (experimental)
character devices——>[*] non-standard serial port support[*] hdlc line discipline support
--------------------------------------------------------------------------------


Note: Please add these lines to /etc/modules.conf (in debian you are
better to use 『modconf』 utility to do the same thing)

程式碼:--------------------------------------------------------------------------------
alias char-major-108 ppp_generic
alias /dev/ppp ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-13 n_hdlc
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
--------------------------------------------------------------------------------

)
after configure your kernel, you can build your new kernel

程式碼:--------------------------------------------------------------------------------
#make modules && make modules_install && make bzImage
--------------------------------------------------------------------------------


when the kernel is successfully built, install it as usual, if you are not
familiar with re-compiling kernel, I advise you to read the The Linux Kernel
HowTo.

Reboot with the new kernel.

Step 8:
Configure the PPPD, PPTPD and PPPoE server daemon

Now you must configure the PPPD and PPPoE daemon, here I just show my
configure file.

First you must configure you PPPD Server daemon, make it works.

程式碼:--------------------------------------------------------------------------------
#cd /etc/ppp
#cat options
--------------------------------------------------------------------------------

---------------begin of options---------
lock
require-chap
auth
nodefaultroute
hide-password
---------------end of options-----------


After that, configure PPTPD VPN Server daemon

程式碼:--------------------------------------------------------------------------------
#cd /etc/
#vim pptpd.conf
--------------------------------------------------------------------------------

(Note: make sure you have these lines in pptpd.conf
option /etc/ppp/options.pptpd
localip 192.168.1.254
remoteip 192.168.1.33-238,192.168.1.245
)

then edit /etc/ppp/options.pptpd

程式碼:--------------------------------------------------------------------------------
#cd /etc/ppp
#vim options.pptpd
--------------------------------------------------------------------------------

this is my options.pptpd
----------------Begin of options.pptpd------------------
lock
proxyarp
asyncmap 0
nobsdcomp
nodeflate
-pap
-chap
-chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ms-wins YOUR_WINS_SERVER_IP
ms-dns YOUR_DNS_SERVER_IP
---------------------end of options.pptpd---------------

程式碼:--------------------------------------------------------------------------------
#cd /etc/ppp
#cat chap-secrets
--------------------------------------------------------------------------------


My chap-secrets file looks like
----------------Begin of chap-secrets----------------
"vpn" * "vpn" *
----------------End of chap-secrets------------------


then you are about to configure the RP-PPPOE Server.

程式碼:--------------------------------------------------------------------------------
#cat pppoe-server-options
--------------------------------------------------------------------------------

---------------begin of pppoe-server-options------------
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
ms-dns YOUR_MS_WINS_SERVER_IP
plugin /usr/lib/pppd/2.4.1/radius.so
plugin /usr/lib/pppd/2.4.1/tacacs.so
radius-servers localhost:1812/1813
radius-auth-key secret123
radius-ip-pool 172.16.5.34:172.16.5.253
-------------- end of pppoe-server-options-----------

Step 9:
Prepare the radius authorize information database(Using MySQL) and
configure Radius Server to use MySQL Server to store the authorize
information

First login to MySQL prompt mode and create an empty database named
『radius』

程式碼:--------------------------------------------------------------------------------
#/usr/local/mysql/bin/mysql -uroot -p
--------------------------------------------------------------------------------


(when asked, just type the YOUR_NEW_PASSOWRD you set in Step 4 to
login and type these commands to create a database named 『radius』)

程式碼:--------------------------------------------------------------------------------
mysql>create database radius;
mysql>quit
--------------------------------------------------------------------------------


then you can install the radius database schema by using

程式碼:--------------------------------------------------------------------------------
#/usr/local/mysql/bin/mysql -uroot -p radius \
< /usr/local/src/freeradius-0.9.2/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
--------------------------------------------------------------------------------


Now configure FreeRadius to use MySQL

程式碼:--------------------------------------------------------------------------------
#cd /usr/local/etc/raddb/
#vim sql.conf
--------------------------------------------------------------------------------

(Edit sql.conf and enter the server, name and password details to connect
to your MySQL server and the RADIUS database. The database and table
names should be left at the defaults if you used the default schema.

and in this case you needed to uncomment this line in sql.conf:

程式碼:--------------------------------------------------------------------------------
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
--------------------------------------------------------------------------------

but comment the following line:

程式碼:--------------------------------------------------------------------------------
#sql_user_name = "%{User-Name}"
--------------------------------------------------------------------------------

)

程式碼:--------------------------------------------------------------------------------
#vim radius.conf
--------------------------------------------------------------------------------


( Edit /usr/local/etc/raddb/radiusd.conf and add a line saying 'sql' to the
authorize{} section (which is towards the end of the file). The best place
to put it is just before the 'files' entry. Indeed, if you'll just be using MySQL,
and not falling back to text files, you could comment out or lose the 'files'
entry altogether.
Also add a line saying 'sql' to the accounting{} section too between 'unix'
and 'radutmp'. FreeRadius will now do accounting to MySQL as well.
The end of your radiusd.conf should then look something like this:

程式碼:--------------------------------------------------------------------------------
authorise {
preprocess
chap
mschap
#counter
#attr_filter
#eap
suffix
sql
#files
#etc_smbpasswd
}

authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP{
mschap
}
#pam
#unix
#authtype LDAP {
# ldap
#}
}

preacct {
preprocess
suffix
#files
}

accounting {
acct_unique
detail
#counter
unix
sql
radutmp
#sradutmp
}

session {
radutmp
}

)
--------------------------------------------------------------------------------


程式碼:--------------------------------------------------------------------------------
#vim client
--------------------------------------------------------------------------------

(add one line at the end of this file
localhost secret123
)

Step 10:
Populating MySQL

You should now created some dummy data in the database to test against. It goes something like this:
·In usergroup, put entries matching a user account name to a group
name.
·In radcheck, put an entry for each user account name with a 'Password'
attribute with a value of their password.
·In radreply, create entries for each user-specific radius reply attribute
against their username
·In radgroupreply, create attributes to be returned to all group members


Here's a dump of tables from the 'radius' database from mysql on my test
box in this PPPoE dial in case:

程式碼:--------------------------------------------------------------------------------
mysql>use radius;
mysql>show tables;
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radreply |
| usergroup |
+------------------+
6 rows in set (0.00 sec)

mysql> select * from radcheck;

+----+----------+-----------+----+-------+
| id | UserName | Attribute | op | 類型 |
+----+----------+-----------+----+-------+
| 2 | pppoe | Password | == | pppoe |
| 3 | test | Password | == | test |
+----+----------+-----------+----+-------+
3 rows in set (0.00 sec)

mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | 類型 |
+----+-----------+-----------+----+-------+
| 1 | dynamic | Auth-Type | := | Local |
| 2 | static | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
2 rows in set (0.25 sec)

mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 2 | pppoe | dynamic |
| 3 | test | static |
+----+----------+-----------+
3 rows in set (0.00 sec)

mysql> select * from radgroupreply;
+----+-----------+-------------------+----+-----------------+------+
| id | GroupName | Attribute | op | 類型 | prio |
+----+-----------+-------------------+----+-----------------+------+
| 1 | dynamic | Service-Type | = | Framed-User | 0 |
| 2 | dynamic | Framed-Protocol | = | PPP | 0 |
| 3 | static | Framed-IP-Netmask | = | 255.255.255.0 | 0 |
| 4 | static | Framed-Protocol | = | PPP | 0 |
| 5 | static | Service-Type | = | Framed-User | 0 |
+----+-----------+-------------------+----+-----------------+------+
6 rows in set (0.01 sec)

mysql> select * from radreply;
+----+----------+-------------------+----+-------------+
| id | UserName | Attribute | op | 類型 |
+----+----------+-------------------+----+-------------+
| 1 | test | Framed-IP-Address | = | 172.16.5.33 |
+----+----------+-------------------+----+-------------+
2 rows in set (0.00 sec)
--------------------------------------------------------------------------------


ALL the install has finished now, then we can enter phase 2 -> testing


Phase 2: Testing the system

Testing 1:
Will PPTPD Server work?

In the Serverside (Linux Box), you must start the pptpd server by:

程式碼:--------------------------------------------------------------------------------
#/usr/local/sbin/pptpd
--------------------------------------------------------------------------------


and you are better to use either Win2000 or WinXP as the testing client
system, you can use the windows wizard 「Make New Connection」 to
create a VPN dial out connection, a very good reference of 「how to create
the PPTP VPN connection」 is at

http://poptop.sourceforge.net/dox/pptp_win2k/

In our case, be sure to use vpn:vpn (usernameassowrd) to login the
PPTPD Server.

Testing 2:
Will PPPoEAC server work?

Start the PPPoE Server in Linux Box by:

Make sure your MySQL server is running, if not, start it by:

程式碼:--------------------------------------------------------------------------------
#/usr/local/mysql/bin/safe_mysqld &
--------------------------------------------------------------------------------

and then start your FreeRadius Server

程式碼:--------------------------------------------------------------------------------
#/usr/local/sbin/radiusd
--------------------------------------------------------------------------------


then start the RP-PPPoE server

程式碼:--------------------------------------------------------------------------------
#pppoe-server -L 172.16.5.254 -R 172.16.5.33 -N 64 -I eth0 -u -S pppoe.jacky.cn
--------------------------------------------------------------------------------


-L: means when the pppoe session setup, the server』s PPPoE interface』
s IP is 172.16.5.254
-R: means when the pppoe session setup, the remote client』s PPPoE
interface』s IP begin from 172.16.5.33
-N: means the capacity of dail-in pppoe sessions
-I: specify the dial-in interface
-S: specify the PPPoE 「Service Name」

In your Windows clientside, install RASPPPOE driver (or other PPPoE driver)
within your NIC, create a PPPoE dial-out Connection, use pppoeppoe to
dial-in to the PPPoE Box, the radius server will dynamic assign you an IP
address; and if you use test:test to dial-in the PPPoE box, you will get a
fixed IP 172.16.5.33.


It should work if you have followed my guides, good luck.


Jacky Ho
psac 目前離線  
送花文章: 3, 收花文章: 1630 篇, 收花: 3204 次
 


主題工具
顯示模式

發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章

論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用

相似的主題
主題 主題作者 討論區 回覆 最後發表
100個最佳Linux站點 psac 網路疑難應用技術研討區 6 2005-03-03 08:31 AM
主要 Microsoft 伺服器產品使用的網路連接阜 psac 網路軟硬體架設技術文件 4 2004-09-19 07:44 AM
Windows server 2003設置使用必備技巧 sgpsdavid 作業系統操作技術文件 5 2004-09-02 05:41 PM
100個最佳Linux站點 飛鳥 網路疑難應用技術研討區 7 2004-07-03 11:43 PM
如何架設CS伺服器  psac 網路軟硬體架設技術文件 0 2003-07-24 01:13 AM


所有時間均為台北時間。現在的時間是 04:09 PM


Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2021, Jelsoft Enterprises Ltd.


SEO by vBSEO 3.6.1