解决安装kloxo以后无
网站挪窝了,哈哈
2009/10/13 15:28 | by
1.你所需要的软件
升级内核是为了待会安装一个内核模块增加对mppe的支持。这样才能支持pptp拨号。
pppd ppp拨号服务器
pptpd 在pppd拨号的基础上增加pptpd的支持
freeradius 作拨号用户验证的。
mysql 增加freeradius的数据库支持
2。确定你的内核是否支持mppe
如果显示ok,那么恭喜,你的内核已经具备了mppe支持。请到第4部分
3。升级内核支持mppe
wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
wget http://poptop.sourceforge.net/yum/stable/packages/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
dkms是一个新的软件,能让你在不编译内核的基础上,外挂一些内核的模块。
kernel_ppp_mppe就是mppe支持的内核模块了。
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
以上二个是为CENTOS加载MPPE[MICROSOFT的加密协议] ..不安装的话就不能使用加密连接
ok后重起你的系统
4。安装pppd
yum install ppp
或者
rpm -Uvh ppp-2.4.2-b3.i386.rpm
5。安装pptpd
(1)使用yum安装
# vim /etc/yum.repos.d/Doylenet.repo
[doylenet]
name=Doylenet custom repository for CentOS
baseurl=http://files.doylenet.net/linux/yum/centos/5/i386/doylenet/
gpgcheck=1
gpgkey=http://files.doylenet.net/linux/yum/centos/RPM-GPG-KEY-rdoyle
enabled=1
# yum update
# yum install pptpd
(2)
rpm -ivh pptpd-1.1.3-4.i386.rpm
6。配置你的pppd和pptpd
pppd的默认配置文件在 /etc/ppp
pptpd的配置文件在 /etc/pptpd.conf
pptpd和pppd的关系好比 pptpd是pppd的外挂一样。
6.1
/etc/pptpd.conf中需要配置的地方只有几个
你首先要确定下面这个
ppp /usr/local/sbin/pppd
他给pptpd指名了pppd的所在
option /etc/ppp/options.pptpd
这个说明了pptpd在ppp下的配置
在最后面添加
localip 10.8.8.1
remoteip 10.8.8.2-245
localip是pptpd的对外服务的ip,也就是客户端需要拨号的ip(这个待测,有人说是VPN服务器地址,究竟是外网ip还是内网ip,等待测试)
remoteip是拨号服务器分配给拨号用户的ip ,可以用-表示ip范围
6.2
配置/etc/ppp/options.pptpd
为了测试,请打开debug和dump
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
dump
默认的信息会写在/var/log/messages
添加DNS
ms-dns 202.96.209.6
以下是配置说明:
#相当于身份验证时的域,一定要和/etc/ppp/chap-secrets中的内容对应,下面会讲到。
name pptpd
#传输加密。ppp-2.4.2以上的版本只支持MPPE加密,内核模块为 ppp_mppe.o
#拒绝pap身份验证
refuse-pap
#拒绝chap身份验证
refuse-chap
#拒绝mschap身份验证
refuse-mschap
#采用mschap-v2(Microsoft Challenge Handshake Authentication Protocol, Version 2)身份验证方式
require-mschap-v2
#注意在采用mschap-v2身份验证方式时要使用MPPE进行加密
require-mppe-128
#给客户端分配DNS地址和WINS服务器地址
ms-dns 202.99.96.68
#ms-wins 10.0.0.4
#启动ARP代理,如果分配给客户端的IP地址与内网网卡在一个子网就需要启用ARP代理。
Proxyarp
6.3
编辑 /etc/ppp/chap-secrets
添加一个测试用户
第一个test是用户,第二个test是密码 ,*表示任意ip
pptpd表示和/etc/ppp/options.pptpd中的name 部分的pptpd要匹配,一般不用修改,我们只是
测试以下pptpd是否正常。
6.4
打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
/sbin/iptables -A INPUT -p gre -j ACCEPT
iptables -A POSTROUTING -t nat -s 10.8.8.0/24 -o eth0 -j MASQUERADE
即可
7。测试你的pptpd
如果是默认安装,你在任意路径打pptpd就可以了。
如果成功,你就会在
/var/log/messages里面看到
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Manager process started
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Maximum of 100 connections available
然后你可以在任意一个win2k系统上建立一个vpn连接,用pptp方式的,用户名用上面设置的,这样你就能拨号了
而且ip就是你在上面所设置的ip
现在复查以下log文件
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Manager process started
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Maximum of 100 connections available
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection started
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Starting call (launching pppd, opening GRE)
Feb 10 09:55:06 kdfng pppd[940]: pppd options in effect:
Feb 10 09:55:06 kdfng pppd[940]: debug # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: nologfd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: dump # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mschap-v2 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-pap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-chap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-mschap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: name pptpd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: 115200 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: lock # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: local # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: ipparam 192.168.8.53 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: 192.168.8.22:10.10.110.1 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: nobsdcomp # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mppe-128 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: pppd 2.4.4b1 started by root, uid 0
Feb 10 09:55:06 kdfng pppd[940]: Using interface ppp0
Feb 10 09:55:06 kdfng pppd[940]: Connect: ppp0 <--> /dev/pts/1
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Feb 10 09:55:06 kdfng pppd[940]: MPPE 128-bit stateless compression enabled
Feb 10 09:55:08 kdfng pppd[940]: local IP address 192.168.8.22
Feb 10 09:55:08 kdfng pppd[940]: remote IP address 10.10.110.1
Feb 10 09:55:17 kdfng pppd[940]: LCP terminated by peer (^Z^HEO^@
Feb 10 09:55:17 kdfng pppd[940]: Sent 0 bytes, received 3492 bytes.
Feb 10 09:55:17 kdfng pppd[940]: Modem hangup
Feb 10 09:55:17 kdfng pppd[940]: Connection terminated.
Feb 10 09:55:17 kdfng pppd[940]: Exit.
Feb 10 09:55:17 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection finished
这样你的pptpd就配置完成了。
检查PPP是否支持MPPE,用以下命令检查PPP是否支持MPPE:
strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
注意:
如果一直提示619或者800错误查看日志发现
pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: mknod /dev/ppp c 108 0
运行
就正常一些了,后面继续
如果启动不了,请使用以下配置
# vi /etc/pptpd.conf
============================= pptpd.conf ==========================
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: stimeout
#
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: debug
#
# Turns on (more) debugging to syslog
#
#debug
# TAG: bcrelay <if>;
#
# Turns on broadcast relay to clients from interface <if>;
# Not yet implemented this way. Read README.bcrelay
#
#bcrelay ppp0
# TAG: localip
# TAG: remoteip
localip 10.8.8.1
remoteip 10.8.8.2-254
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
============================= pptpd.conf ==========================
# vi /etc/ppp/options.pptpd
=========================== options.pptpd =========================
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
auth
proxyarp
bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
#-chapms
#+chapms-v2
#mppe-128
#mppe-stateless
require-mschap-v2
require-mppe
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins 192.168.0.1
ms-dns 202.96.209.5
=========================== options.pptpd =========================
8 启用 nat
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1
升级内核是为了待会安装一个内核模块增加对mppe的支持。这样才能支持pptp拨号。
pppd ppp拨号服务器
pptpd 在pppd拨号的基础上增加pptpd的支持
freeradius 作拨号用户验证的。
mysql 增加freeradius的数据库支持
2。确定你的内核是否支持mppe
modprobe ppp-compress-18 && echo ok
如果显示ok,那么恭喜,你的内核已经具备了mppe支持。请到第4部分
3。升级内核支持mppe
wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
wget http://poptop.sourceforge.net/yum/stable/packages/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
dkms是一个新的软件,能让你在不编译内核的基础上,外挂一些内核的模块。
kernel_ppp_mppe就是mppe支持的内核模块了。
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
以上二个是为CENTOS加载MPPE[MICROSOFT的加密协议] ..不安装的话就不能使用加密连接
ok后重起你的系统
4。安装pppd
yum install ppp
或者
rpm -Uvh ppp-2.4.2-b3.i386.rpm
5。安装pptpd
(1)使用yum安装
# vim /etc/yum.repos.d/Doylenet.repo
[doylenet]
name=Doylenet custom repository for CentOS
baseurl=http://files.doylenet.net/linux/yum/centos/5/i386/doylenet/
gpgcheck=1
gpgkey=http://files.doylenet.net/linux/yum/centos/RPM-GPG-KEY-rdoyle
enabled=1
# yum update
# yum install pptpd
(2)
rpm -ivh pptpd-1.1.3-4.i386.rpm
6。配置你的pppd和pptpd
pppd的默认配置文件在 /etc/ppp
pptpd的配置文件在 /etc/pptpd.conf
pptpd和pppd的关系好比 pptpd是pppd的外挂一样。
6.1
/etc/pptpd.conf中需要配置的地方只有几个
你首先要确定下面这个
ppp /usr/local/sbin/pppd
他给pptpd指名了pppd的所在
option /etc/ppp/options.pptpd
这个说明了pptpd在ppp下的配置
在最后面添加
localip 10.8.8.1
remoteip 10.8.8.2-245
localip是pptpd的对外服务的ip,也就是客户端需要拨号的ip(这个待测,有人说是VPN服务器地址,究竟是外网ip还是内网ip,等待测试)
remoteip是拨号服务器分配给拨号用户的ip ,可以用-表示ip范围
6.2
配置/etc/ppp/options.pptpd
为了测试,请打开debug和dump
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
dump
默认的信息会写在/var/log/messages
添加DNS
ms-dns 202.96.209.6
以下是配置说明:
#相当于身份验证时的域,一定要和/etc/ppp/chap-secrets中的内容对应,下面会讲到。
name pptpd
#传输加密。ppp-2.4.2以上的版本只支持MPPE加密,内核模块为 ppp_mppe.o
#拒绝pap身份验证
refuse-pap
#拒绝chap身份验证
refuse-chap
#拒绝mschap身份验证
refuse-mschap
#采用mschap-v2(Microsoft Challenge Handshake Authentication Protocol, Version 2)身份验证方式
require-mschap-v2
#注意在采用mschap-v2身份验证方式时要使用MPPE进行加密
require-mppe-128
#给客户端分配DNS地址和WINS服务器地址
ms-dns 202.99.96.68
#ms-wins 10.0.0.4
#启动ARP代理,如果分配给客户端的IP地址与内网网卡在一个子网就需要启用ARP代理。
Proxyarp
6.3
编辑 /etc/ppp/chap-secrets
添加一个测试用户
# Secrets for authentication using CHAP
# client server secret IP addresses
"test" pptpd "test" *
# client server secret IP addresses
"test" pptpd "test" *
第一个test是用户,第二个test是密码 ,*表示任意ip
pptpd表示和/etc/ppp/options.pptpd中的name 部分的pptpd要匹配,一般不用修改,我们只是
测试以下pptpd是否正常。
6.4
打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
/sbin/iptables -A INPUT -p gre -j ACCEPT
iptables -A POSTROUTING -t nat -s 10.8.8.0/24 -o eth0 -j MASQUERADE
即可
7。测试你的pptpd
如果是默认安装,你在任意路径打pptpd就可以了。
如果成功,你就会在
/var/log/messages里面看到
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Manager process started
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Maximum of 100 connections available
然后你可以在任意一个win2k系统上建立一个vpn连接,用pptp方式的,用户名用上面设置的,这样你就能拨号了
而且ip就是你在上面所设置的ip
现在复查以下log文件
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Manager process started
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Maximum of 100 connections available
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection started
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Starting call (launching pppd, opening GRE)
Feb 10 09:55:06 kdfng pppd[940]: pppd options in effect:
Feb 10 09:55:06 kdfng pppd[940]: debug # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: nologfd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: dump # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mschap-v2 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-pap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-chap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-mschap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: name pptpd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: 115200 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: lock # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: local # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: ipparam 192.168.8.53 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: 192.168.8.22:10.10.110.1 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: nobsdcomp # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mppe-128 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: pppd 2.4.4b1 started by root, uid 0
Feb 10 09:55:06 kdfng pppd[940]: Using interface ppp0
Feb 10 09:55:06 kdfng pppd[940]: Connect: ppp0 <--> /dev/pts/1
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Feb 10 09:55:06 kdfng pppd[940]: MPPE 128-bit stateless compression enabled
Feb 10 09:55:08 kdfng pppd[940]: local IP address 192.168.8.22
Feb 10 09:55:08 kdfng pppd[940]: remote IP address 10.10.110.1
Feb 10 09:55:17 kdfng pppd[940]: LCP terminated by peer (^Z^HEO^@
Feb 10 09:55:17 kdfng pppd[940]: Sent 0 bytes, received 3492 bytes.
Feb 10 09:55:17 kdfng pppd[940]: Modem hangup
Feb 10 09:55:17 kdfng pppd[940]: Connection terminated.
Feb 10 09:55:17 kdfng pppd[940]: Exit.
Feb 10 09:55:17 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection finished
这样你的pptpd就配置完成了。
检查PPP是否支持MPPE,用以下命令检查PPP是否支持MPPE:
strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
注意:
如果一直提示619或者800错误查看日志发现
pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: mknod /dev/ppp c 108 0
运行
mknod /dev/ppp c 108 0
就正常一些了,后面继续
如果启动不了,请使用以下配置
# vi /etc/pptpd.conf
============================= pptpd.conf ==========================
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: stimeout
#
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: debug
#
# Turns on (more) debugging to syslog
#
#debug
# TAG: bcrelay <if>;
#
# Turns on broadcast relay to clients from interface <if>;
# Not yet implemented this way. Read README.bcrelay
#
#bcrelay ppp0
# TAG: localip
# TAG: remoteip
localip 10.8.8.1
remoteip 10.8.8.2-254
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
============================= pptpd.conf ==========================
# vi /etc/ppp/options.pptpd
=========================== options.pptpd =========================
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
auth
proxyarp
bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
#-chapms
#+chapms-v2
#mppe-128
#mppe-stateless
require-mschap-v2
require-mppe
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins 192.168.0.1
ms-dns 202.96.209.5
=========================== options.pptpd =========================
8 启用 nat
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1
