Posts Tagged ‘pptp’

PPTPVPN服务端一键安装脚本

星期五, 四月 3rd, 2015

原创内容,转载请注明出处:http://www.myzhenai.com.cn/post/2007.html http://www.myzhenai.com/thread-17436-1-1.html
网络上有很多VPN一键安装脚本,好多功能也比这个脚本强大和简单,但这个是我练习Linux Shell编程自己写出来的脚本代码,说分享也好,记录也罢,发出来与大家共同学习探讨. 欢迎大家指教.谢谢.
目前脚本只适用于CenTos6,因为在识别系统版本上我还搞不懂,我的本意是自动识别系统版本,然后下载安装相应版本的epel源,但还有待学习.
其实安装PPTP真的是很简单,可以参考http://www.myzhenai.com.cn/post/871.html
一键安装脚本演示视频
Youtube:https://youtu.be/YHlwp8yN1yk
BaiduPan:链接: http://pan.baidu.com/s/1i3O7qQT 密码: wbm2
QQ:http://v.qq.com/boke/page/v/y/2/v0174hns6y2.html

#wget http://www.myzhenai.com.cn/pptpd-script-install.sh
## wget https://goo.gl/EZOhlK?pptpd.sh
#vi pptpd-script-install.sh
#将YouUsername替换成你需要的用户名称,将You Password替换成你的密码.
#sh pptpd-script-install.sh

注:安装后如果发现可以连接服务器但却无法打开网页,请执行reboot重启系统.

# !/bin/bash
#***************************************************************************************************************************************************#
# CenTos6 PPTP VPN Install Script                                                                              #
# Author: RucLinux                                                                                             #  
# Web: http://www.myzhenai.com.cn http://www.myzhenai.com http://www.haikou-china.com http://jiayu.mybabya.com #
yum update -y
Digit=`uname -m`
if [ "$Digit" == "i686" ];then
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
else
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
fi
yum install -y gcc gcc-c++ dkms lrzsz lzo iptables ppp ppp-devel pptp pptpd
Username='YouUsername'
Password=`echo 'You Password'| md5sum | cut -d ' ' -f1`
ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
sed -i 's/#localip 192.168.0.1/localip 192.168.0.1/g' /etc/pptpd.conf
sed -i 's/#remoteip 192.168.0.234-238,192.168.0.245/remoteip 192.168.0.234-238,192.168.0.245/g' /etc/pptpd.conf
sed -i 's/#ms-dns 10.0.0.1/ms-dns 8.8.8.8/g' /etc/ppp/options.pptpd
sed -i 's/#ms-dns 10.0.0.2/ms-dns 8.8.4.4/g' /etc/ppp/options.pptpd
echo 'Username:'$Username >> pptp.log
echo 'Password:'$Password >> pptp.log
echo 'ServerIP:'$ip >> pptp.log
echo "$Username pptpd $Password *" >> /etc/ppp/chap-secrets
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
iptables -F
service iptables save
service iptables restart
Catalog='/proc/xen'
if [ ! -d "$Catalog" ];then
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source $ip
service iptables save
service iptables restart
else
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
fi
chkconfig pptpd on
chkconfig iptables on
service pptpd start
echo '*********************************************************';
echo '****                                                 ****';
echo '****        End script installation                  ****';
echo '**** Such as user name and password information file ****';
echo '****        vi  pptp.log                             ****';
echo '****        http://www.myzhenai.com.cn               ****';
PPTPVPN服务端一键安装脚本

PPTPVPN服务端一键安装脚本

linux pptp客户端无法链接的解决方法

星期三, 一月 23rd, 2013

原创内容,转载请注明出处:http://www.myzhenai.com/thread-15408-1-1.html http://www.myzhenai.com.cn/post/891.html
前些时候自己配置的一台pptp客户端无法连接了,具体症状是本地建立PPTP连接后点击连接无反应或出错.

#vi /var/log/messages

*查看系统错误报告,报告显示如下

Jan 22 19:09:40 localhost nautilus: [N-A] Nautilus-Actions Menu Extender 2.30.3 initializing...
Jan 22 19:09:45 localhost NetworkManager[2007]: <info> (eth0): device state change: 8 -> 3 (reason 0)
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> (eth0): deactivating device (reason: 0).
Jan 22 19:09:45 localhost pppd[2023]: Terminating on signal 15
Jan 22 19:09:45 localhost pppd[2023]: Connect time 0.5 minutes.
Jan 22 19:09:45 localhost pppd[2023]: Sent 2408 bytes, received 4087 bytes.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) starting connection 'ADSL'
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> (eth0): device state change: 3 -> 4 (reason 0)
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 1 of 5 (Device Prepare) started...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 2 of 5 (Device Configure) starting...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> (eth0): device state change: 4 -> 5 (reason 0)
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 2 of 5 (Device Configure) successful.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 3 of 5 (IP Configure Start) scheduled.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 2 of 5 (Device Configure) complete.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 3 of 5 (IP Configure Start) started...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> (eth0): device state change: 5 -> 7 (reason 0)
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> starting PPP connection
Jan 22 19:09:45 localhost dbus: [system] Rejected send message, 2 matched rules; type="error", sender=":1.1" (uid=0 pid=2007 comm="NetworkManager) interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply=0 destination=":1.6" (uid=0 pid=2023 comm="/usr/sbin/pppd))
Jan 22 19:09:45 localhost dbus: [system] Rejected send message, 2 matched rules; type="error", sender=":1.1" (uid=0 pid=2007 comm="NetworkManager) interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply=0 destination=":1.6" (uid=0 pid=2023 comm="/usr/sbin/pppd))
Jan 22 19:09:45 localhost pppd[3126]: Warning: can't open options file /root/.ppprc: Permission denied
Jan 22 19:09:45 localhost pppd[3126]: Plugin rp-pppoe.so loaded.
Jan 22 19:09:45 localhost pppd[3126]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.5
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> pppd started with pid 3126
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 3 of 5 (IP Configure Start) complete.
Jan 22 19:09:45 localhost pppd[3126]: Plugin /usr/lib/pppd/2.4.5/nm-pppd-plugin.so loaded.
Jan 22 19:09:45 localhost dbus: [system] Rejected send message, 2 matched rules; type="error", sender=":1.1" (uid=0 pid=2007 comm="NetworkManager) interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply=0 destination=":1.6" (uid=0 pid=2023 comm="/usr/sbin/pppd))
Jan 22 19:09:45 localhost pppd[2023]: Connection terminated.
Jan 22 19:09:45 localhost dbus: [system] Rejected send message, 2 matched rules; type="error", sender=":1.1" (uid=0 pid=2007 comm="NetworkManager) interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply=0 destination=":1.6" (uid=0 pid=2023 comm="/usr/sbin/pppd))
Jan 22 19:09:45 localhost pppd[3126]: pppd 2.4.5 started by root, uid 0
Jan 22 19:09:45 localhost dbus: [system] Rejected send message, 2 matched rules; type="error", sender=":1.1" (uid=0 pid=2007 comm="NetworkManager) interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply=0 destination=":1.6" (uid=0 pid=2023 comm="/usr/sbin/pppd))
Jan 22 19:09:45 localhost pppd[3126]: PPP session is 9892
Jan 22 19:09:45 localhost pppd[3126]: Connected to 00:46:4b:ad:da:b6 via interface eth0
Jan 22 19:09:45 localhost pppd[3126]: Using interface ppp0
Jan 22 19:09:45 localhost pppd[3126]: Connect: ppp0 < --> eth0
Jan 22 19:09:45 localhost pppd[2023]: Exit.
Jan 22 19:09:45 localhost pppd[3126]: Remote message: Authentication success,Welcome!
Jan 22 19:09:45 localhost pppd[3126]: PAP authentication succeeded
Jan 22 19:09:45 localhost pppd[3126]: peer from calling number 00:46:4B:AD:DA:B6 authorized
Jan 22 19:09:45 localhost pppd[3126]: local  IP address 112.66.50.113
Jan 22 19:09:45 localhost pppd[3126]: remote IP address 112.66.50.1
Jan 22 19:09:45 localhost pppd[3126]: primary   DNS address 202.100.199.8
Jan 22 19:09:45 localhost pppd[3126]: secondary DNS address 202.100.192.68
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> PPP manager(IP Config Get) reply received.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) scheduled...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) started...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) scheduled...
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) complete.
Jan 22 19:09:45 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) started...
Jan 22 19:09:46 localhost NetworkManager[2007]: </info><info> (eth0): device state change: 7 -> 8 (reason 0)
Jan 22 19:09:46 localhost NetworkManager[2007]: </info><info> Policy set 'ADSL' (ppp0) as default for IPv4 routing and DNS.
Jan 22 19:09:46 localhost NetworkManager[2007]: </info><info> Activation (eth0) successful, device activated.
Jan 22 19:09:46 localhost NetworkManager[2007]: </info><info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) complete.
Jan 22 19:09:47 localhost tpvmlpd2[3198]: device type not supported
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 3200
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> VPN service 'org.freedesktop.NetworkManager.pptp' appeared, activating connections
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> VPN plugin state changed: 1
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> VPN plugin state changed: 3
Jan 22 19:09:50 localhost NetworkManager[2007]: </info><info> VPN connection 'PPTP' (Connect) reply received.
Jan 22 19:09:50 localhost NetworkManager[2007]: <warn> VPN connection 'PPTP' failed to connect: 'No VPN secrets!'.
Jan 22 19:09:50 localhost NetworkManager[2007]: </warn><warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jan 22 19:09:50 localhost NetworkManager[2007]: <info> Policy set 'ADSL' (ppp0) as default for IPv4 routing and DNS.
Jan 22 19:10:02 localhost tpvmlpd2[3223]: device type not supported
Jan 22 19:10:17 localhost tpvmlpd2[3227]: device type not supported
Jan 22 19:10:32 localhost tpvmlpd2[3231]: device type not supported
Jan 22 19:10:47 localhost tpvmlpd2[3235]: device type not supported
</info></warn></info>

原本以为是服务器端的问题,也曾怀疑过是高墙的原因,甚至还以为是Centos6.3系统的问题,后来在一些朋友的提醒下才知道,原来是自己的加密协议有问题,不是服务器端,不是本地系统的问题.
如图设置即可
Screenshot
Screenshot-1
Screenshot-2
Screenshot-3

Centos VPS安装Pptp和OpenVpn的方法与经验分享

星期三, 一月 9th, 2013

原创内容,转载请注明出处:http://www.myzhenai.com/thread-15394-1-1.html http://www.myzhenai.com.cn/post/871.html
这几天自己上了一台Buyvm位于圣何塞节点的VPS服务器,只用来练习安装调试Openvpn和Pptpd科V学P上N网用的,折腾了两天才弄好Openvpn和Pptpd一起能上网,本来第一次安装Pptpd的时候就已经可以正常使用Pptpd了,但后来安装Openvpn的时候却发现Openvpn不能连接,同时Pptpd能连接但却不能上网了,没办法,只能是一步一步的往后逆,想看看哪步出问题了,但最后还是决定卸掉Openvpn看是不是安装这个出的问题,可是没留神,把Centos5卸崩了,只得重新安装系统.下面就详细说一下我折腾的方法与经验,以便对有需要的朋友们有所帮助.如果您认为有用的话,请回复个支持一下,转载的话,也请您注明文章出处地址,谢谢了.

OpenVPN是基于SSL的VPN,其使用工业标准的SSL/TLS协议实现第2层和第3层的安全数据链路VPN。最新版本是2.0.7,其优点包括: OpenVPN是基于SSL/TLS协议的,所以是不兼容IPSec和PPTP,在Windows也需要安装客户端.
1、基于SSL协议,安全,并使用单一TCP或UDP端口即可实现;
2、使用双向验证,服务器只需保存自己的证书和密钥;
3、服务器只接受那些由主CA证书签名的客户端,并有撤回机制,而不需要重建整个PKI;
4、可以实现基于Common Name的权限控制。

PPTP:点对点隧道协议,(PPTP: Point to Point Tunneling Protocol)点对点隧道协议(PPTP)是一种支持多协议虚拟专用网络的网络技术,它工作在第二层。通过该协议,远程用户能够通过 Microsoft Windows NT 工作站、Windows xp 、 Windows 2000 和windows2003、windows7操作系统以及其它装有点对点协议的系统安全访问公司网络,并能拨号连入本地 ISP,通过 Internet 安全链接到公司网络。

分享前先解释一下我的系统与配置
VPS:Centos5 32位
本机:Centos6.3 32位

安装步骤,我是先安装Pptpd后安装Openvpn的,安装步骤如下,代码作用下面再进行介绍.
1:使用Putty登入你的VPS系统,以root权限操作.
2:执行以下命令更换Epel源地址,如果你的系统和我的不一样,请参考:http://www.myzhenai.com/thread-15362-1-1.html

#wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
#wget http://download1.rpmfusion.org/free/el/updates/5/i386/rpmfusion-free-release-5-1.noarch.rpm
#wget http://download1.rpmfusion.org/nonfree/el/updates/5/i386/rpmfusion-nonfree-release-5-1.noarch.rpm
#rpm -ivh epel-release-5-4.noarch.rpm
#rpm -ivh rpmfusion-free-release-5-1.noarch.rpm
#rpm -ivh rpmfusion-nonfree-release-5-1.noarch.rpm
#yum makecache
#yum update
#yum install gcc
#yum install g++
#yum install dkms
#yum install lrzsz*
#yum install lzo*
#yum install iptables*

下面来准备安装Pptpd,因为我使用Epel源进行yum install 安装的ppp和pptp出现不能正常使用(不排除我配置的方法不对),所以我是使用一些版本低的rpm安装包进行安装的.如果你要使用Epel源安装的话,你可以执行以下代码进行安装.理论上来讲,在安装前也要知道你的VPS服务器支不支持pptp和openvpn安装,网络上的访求是执行以下代码来检测你的服务器支不支持.
登陆SSH,检查VPS是否有必要的支持。如果检查结果没有这些支持的话,是无法安装pptp的。

#modprobe ppp-compress-18 && echo ok

(用模块方式支持MPPE加密模式浏览,如果内核支持检测不到.)如果显示“ok”表明通过。不过接下来还需要做另一个检查:

#cat /dev/net/tun

显示结果右边内容文本,表明通过:cat: /dev/net/tun: File descriptor in bad state,上述两条只需一条通过,即可安装pptp。如果还有其它问题,或者发tk请你的服务商来解决这个问题.

#yum install ppp*
#yum install ppp-devel*
#yum install pptp*

如果你不想使用源里的进行安装,你可以到http://poptop.sourceforge.net/yum/stable/packages/下载对应的版本进行安装,例如我的

#wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
#wget http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.i386.rpm
#wget http://poptop.sourceforge.net/yum/stable/packages/ppp-devel-2.4.4-14.1.rhel5.i386.rpm
#wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.i386.rpm
#wget http://poptop.sourceforge.net/yum/stable/packages/pptp-release-4-6.devel.noarch.rpm
#wget http://poptop.sourceforge.net/yum/stable/packages/pptp-release-4-6.fc3.noarch.rpm
#rpm -ivh dkms-2.0.17.5-1.noarch.rpm
#rpm -ivh ppp-2.4.4-14.1.rhel5.i386.rpm
#rpm -ivh ppp-devel-2.4.4-14.1.rhel5.i386.rpm
#rpm -ivh pptpd-1.3.4-2.rhel5.i386.rpm
#rpm -ivh pptp-release-4-6.devel.noarch.rpm
#rpm -ivh pptp-release-4-6.fc3.noarch.rpm

*注,如果后边的那两个pptp-release装不上也无所谓,如果安装的过程中出现错误很有可能是你的系统与软件版本不兼容,可以换个版本的软件进行安装,也有可能是缺少某个依赖库,你可以用“yum install 依赖库*” 来进行安装,为什么要加个星号,因为加个星号会自动安装这个软件的依赖库.如果安装没有任何错误的话,我们可以进行Pptp的配置工作了.有一点需要向新手们说明,vi打开文件后,只需要按下键盘上的i键(小写的I)就可以进行编辑,按键盘上的上下左右键进行移动光标来编辑文档,退格键(Backspace)可以删除文本,编辑完后,按下键盘上的退出键(Eac)退出编辑,然后按下上档键(Shift)+zz键,即两个大写的ZZ键就保存文档退出Vi,如果不想保存,按下键盘上的ZQ两个键就不保存退出Vi.

#vi /etc/pptpd.conf

*注,打开pptpd.conf进行编辑.把下边两行内容前的#号去掉,加个#号应该是说这项功能被注释了.转发的IP地址建议使用默认的,因为后面我们还要安装Openvpn,我就是因为私自修改了这些IP地址,导致和Openvpn的IP相冲突了,才导致问题发生.
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
图:pptpd.conf

#vi /etc/ppp/options.pptpd

*注,把下边两行前的#号去掉,也可以更换成你想要的DNS地址.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
图options.pptpd
接下来我们添加pptp的用户名和密码

#vi /etc/ppp/chap-secrets

*注,在下边的两行的下方添加您的用户信息.
# Secrets for authentication using CHAP
# client server secret IP addresses
Username pptpd Password *
*注,上边的那行就是例,Username是你的连接用户名,Password是你的连接密码,空一格后加一个*号,加*号是不指定IP地址,如果你这里输入一个IP地址,系统就只给那个IP地址登入了.

#vi /etc/sysctl.conf

*注,将将net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1

#sysctl -p

Pptpd安装和配置完成了,接下来是添加iptables转发规则.
OpenVZ的按照以下方法添加

#iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source you server ip

XEN的按照下面这一条添加

#iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
#/etc/init.d/iptables save

*注,保存iptables转发规则,设置好规则后一定记得保存规则.不然reboot后规则会被清空的.

#chkconfig pptpd on
#chkconfig iptables on

*注,设置开机启动服务.
=======Pptpd到此安装配置结束================

Openvpn安装配置

如果你上边安装了Lzo和iptables及gcc g++ lrzsz,可以跳过安装这几个软件,不然的话,这里需要安装这几个软件.

#yum install gcc
#yum install g++
#yum install lrzsz*
#yum install lzo*
#yum install iptables*
#yum install openssl*
#yum install openvpn*
#rpm -ql openvpn

*注,执行rpm -ql openvpn命令看看你的openvpn安装到哪了,在回显的列表中找到easy-rsa目录,例如我的路径是
/usr/share/openvpn/easy-rsa/

#cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn

*注,将easy-rsa目录复制到/etc/openvpn下进行配置

#cd /etc/openvpn/easy-rsa/2.0/
#./vars

*注,回显 NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys 如果你执行了./clean-all,系统将删除/etc/openvpn/easy-rsa/2.0/keys下的文件.

#vi vars

*注,修改以下信息成为你想要的信息
export KEY_COUNTRY=”CN”--你所在的国家
export KEY_PROVINCE=”HN”--你所在的省份
export KEY_CITY=”HAIKOU”--你所在的城市
export KEY_ORG=”OpenVPN”--你所在的组织
export KEY_EMAIL=”root@foxmail.com”--你的邮箱
export KEY_EMAIL=root@foxmail.com–你的邮箱
export KEY_CN=changeme
export KEY_NAME=changeme
export KEY_OU=changeme
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234

#. ./vars
#./clean-all
#./build-ca

*注,./clean-all删除/etc/openvpn/easy-rsa/2.0/keys下的文件,./build-ca生成一个a 1024 bit RSA的密钥,writing new private key to ‘ca.key’,在生成的过程中一直按回车,但有两处地方需要注意,出现[y/n]的时候要输入y才能回车.这一步生成CA证书

#./build-key-server server

*注,生成server-key,出现[y/n]的时候要输入y才能回车.当创建服务器的key时,Common Name输入的值为server,

#./build-key client-name

*注,生成client-key,name是你想设置的用户名称.在生成的过程中一直按回车,但有两处地方需要注意,出现[y/n]的时候要输入y才能回车.这里需要注意两点.
第1点:如果要生成多个客户端的key,那么你可以使用./build-key server-client-name、./build-key server-client-name、./build-key server-client-name…….
第2点:创建多个客户端的key时,Common Name输入的值必须不一样,同时客户端的key文件名(例如:./build-key 客户端key文件名)也必须不一样

#./build-dh

*注,生成Diffie-Hellman参数,

#cd keys
#ls
#cp ca.crt ca.key dh1024.pem server.csr server.key server.crt /etc/openvpn/

*注,ls回显后,将目录下的的crt key csr pem格式的文件复制到 /etc/openvpn/目录下.

#mkdir /home/vpn
#cp ca.crt ca.key client-name.crt client-name.key client-name.csr /home/vpn/

*注,将用户证书备份到一个目录,以便下载

#cd /home/
#tar -zcvf File.tar.gz vpn/
#sz File.tar.gz

*注,打包压缩文档并传输回本地,如果你有VPS安装了FTP的话,可以将文件复制到FTP指定的目录然后下载,不然就只能用sz和scp下载到本地,上边这条命令是使用sz下载的,但因为我的是Centos系统,所以不能用sz,只能用linux下的scp来传输.例如以下

#scp root@123.125.163.122:/home/File.tar.gz /tmp/

*输完命令后会提示输入VPS的密码,root是你服务器当前用户名,IP地址是你的IP

#cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/server.conf

*注,将配置文件复制到路径下进行配置.

#vi /etc/openvpn/server.conf

*注,这里主要只改几处地方,# (see “pkcs12” directive in man page).下边的ca.crt server.crt server.key和你生成的配置文件名是不是一样,如果这三个文件不是放在/etc/openvpn目录下的话,你要添加上它们的绝对地址. push “route 192.168.10.0 255.255.255.0” 这行前边的;符号删掉. # DNS servers provided by opendns.com.下边push前边的#号和;号删除掉.

#iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
#iptables -A INPUT -p udp --dport 1194 -j ACCEPT
#iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2009 -j ACCEPT
#iptables -A INPUT -p udp --dport 2009 -j ACCEPT
#iptables -A INPUT -p gre -j ACCEPT
#iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source server ip
#iptables -t nat -A POSTROUTING -s 10.8.0.20/24 -j SNAT --to-source server ip
#iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -j SNAT --to-source server ip
#iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source server ip
#/etc/init.d/iptables save

*注,一定要运行这一行保存规则
把OpenVPN添加到开机启动,用vi /etc/rc.local进入编辑,在后面加入/usr/sbin/openvpn –config /etc/openvpn/server.conf &这一行。

#openvpn --config /etc/openvpn/server.conf &

*注,输入这一行看看有没有提示什么错误,如果提示“OK”即完成安装了.

=========Openvpn安装结束=======================

service iptables sava #保存规则
service iptables start #启动iptables
service iptables stop #停止iptables
service iptables restart #重启iptables

service pptpd start #启动pptp
service pptpd stop #停止pptp
service pptpd restart #重启pptp
service pptpd restart-kill #重启pptp, 并且断开所有已经连接的用户
service pptpd status #查看pptp目前状态

service openvpn start
service openvpn stop
service openvpn restart
service openvpn restart
service openvpn status
options.pptpd
pptpd.conf
server.conf
server.conf2
server.conf3

Centos6+GNOME+NetworkManager配置VPN客户端

星期五, 九月 21st, 2012

转载请注明出处:http://www.myzhenai.com/thread-15104-1-1.html http://www.myzhenai.com.cn/post/767.html
我的系统配置是Centos6+GNOME+NetworkManager,为了一个VPN终端,我是折腾了好久了,命令行下的折腾好了,却发现NetworkManager却始终无法正常使用.可以新建VPN链接,但无法使用,无法新建pptp通道协议VPN.原来是NetworkManager-vpnc,NetworkManager-pptp,NetworkManager-openvpn这三个插件无法安装,Centos的依赖太严格了,提示少了libnm-util.so.2,libgdk-3.so.0,libnm-glib.so.4,libnm_glib_vpn.so.0,libnm_glib.so.0,libnm-util.so.2,libgdk-3.so.0,libgtk-3.so.0等依赖包.折腾了好久才折腾好,不过是换了个方式解决的.
执行终端程序,输入以下代码.

#su root #切换到超级管理员权限帐户
#yum -y install ppp
#yum -y install pptp
#yum -y install vpnc
#yum -y install openvpn

配置文件

#vi /etc/ppp/chap-secrets
——————————————
# Secrets for authentication using CHAP
# client    server    secret            IP addresses

username myvpn “password” *
——————————————

#注释,IP addresses替换成你的VPNIP地址,myvpn替换成你的VPN用户名(不是帐号用户名),password替换成你的VPN密码.

#vi /etc/ppp/peers/myvpn
——————————————
# written by pptpsetup
pty “pptp  vpnserverip –nolaunchpppd”
lock
#noauth
nobsdcomp
nodeflate
name username
remotename myvpn
ipparam myvpn
require-mppe-128
refuse-pap
refuse-chap
refuse-eap
refuse-mschap
——————————————
#pptpsetup --create CentosVPN --server VPNIP --username VPNname --password VPNpassword

#注释,vpnserverip和VPNIP替换成你的VPNIP,username和VPNname替换成你的VPN用户名,myvpn替换成上边你的VPN用户名.VPNpassword替换成你的VPN密码

#cp /usr/share/doc/ppp-2.4.4/scripts/pon /usr/sbin/
#cp /usr/share/doc/ppp-2.4.4/scripts/poff /usr/sbin/
#chmod +x /usr/sbin/pon /usr/sbin/poff

启动VPN

#pon myvpn
#pppd call CentosVPN

断开VPN

#poff myvpn
#killall pppd

#注释,如果以上安装不能进行的话,请执行以下这两步再返回重复进行一遍操作.

#rpm -ivh http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm
#rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
#yum install pptp NetworkManager-pptp -y

#如果上条命令无效,可以尝试下边的命令

#yum install pptp -y
#wget http://dl.fedoraproject.org/pub/epel/6/i386/NetworkManager-pptp-0.8.0-1.git20100411.el6.i686.rpm
#yum install NetworkManager-pptp-0.8.0-1.git20100411.el6.i686.rpm

Centos6安装epel源:http://pkgs.org/#centos-6-rhel-6

#wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
#rpm -Uvh epel-release-6-7.noarch.rpm
#/etc/init.d/network-manager restart

如果是GNOME桌面环境并使用NetworkManager网络链接程序的话,可以下载安装以下几个NetworkManager插件,这个也可以做到以图形界面使用VPN链接.

#yum install NetworkManager-vpnc NetworkManager-pptp NetworkManager-openvpn
#rpm -ivh http://mirrors.163.com/fedora/releases/17/Everything/i386/os/Packages/n/NetworkManager-vpnc-0.9.3.997-1.fc17.i686.rpm
#rpm -ivh http://mirrors.163.com/fedora/releases/17/Everything/i386/os/Packages/n/NetworkManager-pptp-0.9.3.997-1.fc17.i686.rpm
#rpm -ivh http://mirrors.163.com/fedora/releases/17/Everything/i386/os/Packages/n/NetworkManager-openvpn-0.9.3.997-1.fc17.i686.rpm

最主要的是之前安装Epel更新源
http://rpmfusion.org/Configuration

#rpm -ivh http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm
#wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
#rpm -Uvh epel-release-6-7.noarch.rpm
#/etc/init.d/network-manager restart

然后在执行安装命令的时候在后边加上一个米号*会自动安装系统里缺少的依赖包.
例如

#yum -y install ppp*
#yum -y install pptp*
#yum -y install vpnc*
#yum -y install openvpn*
#yum install pptp NetworkManager-pptp* -y
#yum install pptp NetworkManager-vpnc* -y
#yum install pptp NetworkManager-openvpn* -y
#yum install NetworkManager-vpnc NetworkManager-pptp NetworkManager-openvpn

CentOS6.0配置VPN客户端

星期六, 十二月 10th, 2011

1.安装包
yum -y install ppp
yum -y install pptp

2.配置文件
vi /etc/ppp/chap-secrets
——————————————
# Secrets for authentication using CHAP
# client server secret IP addresses

username myvpn “password” *
——————————————

vi /etc/ppp/peers/myvpn
——————————————
# written by pptpsetup
pty “pptp serverIP –nolaunchpppd”
lock
#noauth
nobsdcomp
nodeflate
name username
remotename myvpn
ipparam myvpn
require-mppe-128
refuse-pap
refuse-chap
refuse-eap
refuse-mschap
——————————————

3.复制命令
cp /usr/share/doc/ppp-2.4.4/scripts/pon /usr/sbin/
cp /usr/share/doc/ppp-2.4.4/scripts/poff /usr/sbin/
chmod +x /usr/sbin/pon /usr/sbin/poff

4.拨vpn
pon myvpn

5.查看是否连接
ifconfig
#############################################################################
ppp0 Link encapoint-to-Point Protocol
inet addr:192.168.21.203 P-t-P:192.168.21.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:60 (60.0 b) TX bytes:66 (66.0 b)
#############################################################################

6.断开连接
poff myvpn
还有一个简单的方法,使用Centos源的添加删除软件进行安装相关的软件.
安装两个文件,ppp,pptp,然后搜索vpn,找标题里有vpn的文件安装.