home 技术 freeradius客户端配置PPTP L2TP OPENVPN

freeradius客户端配置PPTP L2TP OPENVPN

时间:11-10-12 栏目:技术作者:liva 评论:0 点击: 4,921 次

本文标签： l2tp , openvpn , pptp

这几天配置下radius的客户端，整理下配置方法。

首先是PPTP客户端的配置方法。

编译与安装

wget -c ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.gz
 tar -zxf freeradius-client-1.1.6.tar.gz
 cd freeradius-client-1.1.6
 ./configure
 make && make install

wget -c ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.gz

tar -zxf freeradius-client-1.1.6.tar.gz

cd freeradius-client-1.1.6

./configure

make && make install

设置通信密码

cat >>/usr/local/etc/radiusclient/servers<localhost testing123
 EOF

1 2	cat >>/usr/local/etc/radiusclient/servers<localhost testing123 EOF

其中localhost可以写成服务器IP地址，testing123是认证服务器的连接密码。
注：如果使用的是IP地址，记得同时修改下面设置。

sed -i 's/localhost/192.168.10.10/g' /usr/local/etc/radiusclient/radiusclient.conf

1	sed -i 's/localhost/192.168.10.10/g' /usr/local/etc/radiusclient/radiusclient.conf

增加字典

这一步很重要！否则windows客户端无法连接服务器。

wget -c http://small-script.googlecode.com/files/dictionary.microsoft
 mv ./dictionary.microsoft /usr/local/etc/radiusclient/
 cat >>/usr/local/etc/radiusclient/dictionary< INCLUDE /usr/local/etc/radiusclient/dictionary.sip
 INCLUDE /usr/local/etc/radiusclient/dictionary.ascend
 INCLUDE /usr/local/etc/radiusclient/dictionary.merit
 INCLUDE /usr/local/etc/radiusclient/dictionary.compat
 INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
 EOF

wget -c http://small-script.googlecode.com/files/dictionary.microsoft

mv ./dictionary.microsoft /usr/local/etc/radiusclient/

cat >>/usr/local/etc/radiusclient/dictionary< INCLUDE /usr/local/etc/radiusclient/dictionary.sip

INCLUDE /usr/local/etc/radiusclient/dictionary.ascend

INCLUDE /usr/local/etc/radiusclient/dictionary.merit

INCLUDE /usr/local/etc/radiusclient/dictionary.compat

INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft

EOF

PPTP启用freeradius插件

这一步网上一些教程没提，但很重要，否则会报错！

sed -i 's/logwtmp/\#logwtmp/g' /etc/<span class='wp_keywordlink_affiliate'><a href="http://www.enjoydiy.com/tag/pptp" title="查看pptp中的全部文章" target="_blank">pptp</a></span>d.conf
 sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/etc/radiusclient/radiusclient.conf
 sed -i 's/bindaddr/\#bindaddr/g' /usr/local/etc/radiusclient/radiusclient.conf

sed -i 's/logwtmp/\#logwtmp/g' /etc/pptpd.conf

sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/etc/radiusclient/radiusclient.conf

sed -i 's/bindaddr/\#bindaddr/g' /usr/local/etc/radiusclient/radiusclient.conf

注：64位系统插件路径是 "/usr/lib64/pppd/2.4.5/radius.so"

cat >>/etc/ppp/<span class='wp_keywordlink_affiliate'><a href="http://www.enjoydiy.com/tag/pptp" title="查看pptp中的全部文章" target="_blank">pptp</a></span>d-options< plugin /usr/lib/pppd/2.4.5/radius.so
 radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
 EOF

cat >>/etc/ppp/pptpd-options< plugin /usr/lib/pppd/2.4.5/radius.so

radius-config-file /usr/local/etc/radiusclient/radiusclient.conf

EOF

L2TP启用freeradius插件

L2TP 的道理也一样，你首先安装配置好L2TP/IPSec，并保证能正常使用。
注：64位系统插件路径是 "/usr/lib64/pppd/2.4.5/radius.so"

cat >>/etc/ppp/options.x<span class='wp_keywordlink_affiliate'><a href="http://www.enjoydiy.com/tag/l2tp" title="查看l2tp中的全部文章" target="_blank">l2tp</a></span>d< plugin /usr/lib/pppd/2.4.5/radius.so
 radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
 EOF

cat >>/etc/ppp/options.xl2tpd< plugin /usr/lib/pppd/2.4.5/radius.so

radius-config-file /usr/local/etc/radiusclient/radiusclient.conf

EOF

OPENVPN启用freeradius插件

wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1_beta9.tar.gz
 tar -xzvf radiusplugin_v2.1_beta9.tar.gz
 rm -f radiusplugin_v2.1_beta9.tar.gz
 cd radiusplugin
 make
 cp radiusplugin.so /etc/<span class='wp_keywordlink_affiliate'><a href="http://www.enjoydiy.com/tag/openvpn" title="查看openvpn中的全部文章" target="_blank">openvpn</a></span>/
 sed -i -e 's/sharedsecret=testpw/sharedsecret=<span style="color: #ff0000;">请改成你设置的通信密钥</span>/' radiusplugin.cnf
 cp radiusplugin.cnf /etc/<span class='wp_keywordlink_affiliate'><a href="http://www.enjoydiy.com/tag/openvpn" title="查看openvpn中的全部文章" target="_blank">openvpn</a></span>/

wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1_beta9.tar.gz

tar -xzvf radiusplugin_v2.1_beta9.tar.gz

rm -f radiusplugin_v2.1_beta9.tar.gz

cd radiusplugin

make

cp radiusplugin.so /etc/openvpn/

sed -i -e 's/sharedsecret=testpw/sharedsecret=<span style="color: #ff0000;">请改成你设置的通信密钥</span>/' radiusplugin.cnf

cp radiusplugin.cnf /etc/openvpn/

如果make那一步出现错误，可能是你的编译环境不完整，执行下面命令安装好，请将你的radius验证服务器地址写到radiusplugin.cnf

apt-get install libgcrypt11 libgcrypt11-dbg libgcrypt11-dev libgpg-error-dev libcrypt-gcrypt-perl libcrypto++-dev libcrypto++-utils

1	apt-get install libgcrypt11 libgcrypt11-dbg libgcrypt11-dev libgpg-error-dev libcrypt-gcrypt-perl libcrypto++-dev libcrypto++-utils

顺便说下，openvpn中tls验证的key生成方法如下

openvpn --genkey --secret ta.key

1	openvpn --genkey --secret ta.key

另外附我的openvpn配置文件，包括服务端和客户端的。

服务端： server.conf (10.28K)

客户端：client.ovpn (265B)

参考文档：

1、http://mcshell.blog.51cto.com/803455/413457

2、https://wangyan.org/blog/freeradius-pptp-l2tp-html.html

3、http://www.gjia.cn/2011/06/19/%E9%85%8D%E7%BD%AEopenvpn%EF%BC%8C%E9%80%9A%E8%BF%87%E7%94%A8%E6%88%B7%E5%90%8D%E5%AF%86%E7%A0%81%E8%AE%A4%E8%AF%81/

声明: 本文由( liva )原创编译，转载请保留链接: freeradius客户端配置PPTP L2TP OPENVPN

上一篇：使用VPN 无法访问 facebook twitter youtube的解决办法
下一篇：Ubuntu cron 定时执行任务

freeradius客户端配置PPTP L2TP OPENVPN：等您坐沙发呢！

发表评论

购物推荐

赞助商

关于Enjoy Diy | Sitemap | 百度地图 | 谷歌地图

本站空间由阿里云强力驱动&

浙ICP备13018924号

Enjoy Diy——Wang Zijiao的个人博客，这里记录了我折腾的事情，有趣的信息分享。
想与我交流，可以在主页右边找到我的联系方式。