mpd pptp server 简易安装实例
注:这是我把以前自己写的同名笔记稍做修改重新发布,以前的笔记似乎google不到了。
#mpd pptp server
mpd 是FreeBSD下的pptp 综合工具,可以用来做pptp客户端和服务器,通过适当配置作vpn也不错,这里只是一个作pptp server的实例
mpd自己带的文档已经很详细了,如果你需要其他的功能,看看文档吧,E文的。
#URL:http://www.sourceforge.net/projects/mpd
由于mpd pptp server配置非常简单快捷,而pptp通道的安全性还是相当高的,因此,很多时候,我用来作为连接到自己的服务器进行管理的
安全通道,一些基于web的管理是不加密的,pptp端到端的加密正好弥补了这个漏洞。
而现在mpd也支持RADIUS验证,如果你想要做稍微大型一点的pptp server也未尝不可。
#内核应该有如下支持
# for mpd pptp server
options NETGRAPH #netgraph(4) system
options NETGRAPH_ASYNC
options NETGRAPH_BPF
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_HOLE
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_LMI
# MPPC compression requires proprietary files (not included)
#options NETGRAPH_MPPC_COMPRESSION
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_RFC1490
options NETGRAPH_SOCKET
options NETGRAPH_UI
#end
#虽然系统会自动加载相应的内核模块,如果你的内核中没有以上选项,但是还是建议编译到内核里;
#安装、配置mpd pptp server.
cd /usr/ports/net/mpd
make clean
make install
make clean
#开放5个拨入;
#ports带来的配置文件样例里有很多种情形下的配置,我们只取其中的pptp server部分。
#vi /usr/local/etc/mpd/mpd.conf
#begin of mpd.conf
#
#default 部分表示启动mpd时激活的项目;
default:
load client1
load client2
load client3
load client4
load client5
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges 172.16.120.80/32 172.16.120.100/32
load client_standard
#
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges 172.16.120.81/32 172.16.120.101/32
load client_standard
#
client3:
new -i ng2 pptp3 pptp3
set ipcp ranges 172.16.120.82/32 172.16.120.102/32
load client_standard
#
client4:
new -i ng3 pptp4 pptp4
set ipcp ranges 172.16.120.83/32 172.16.120.103/32
load client_standard
#
client5:
new -i ng4 pptp5 pptp5
set ipcp ranges 172.16.120.84/32 172.16.120.104/32
load client_standard
#
client_standard:
set iface disable on-demand
#set iface enable proxy-arp
#set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
#set link mtu 1460
set link mtu 1260
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp dns 61.145.117.164
# set ipcp nbns 172.16.120.4
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
#end of mpd.conf
###注意:mpd现在支持RADIUS验证
radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
set radius config /etc/radius.conf
# and/or specify the server directly here
set radius retries 3
set radius timeout 3
set radius server localhost testing123 1812 1813
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
set radius me 1.1.1.1
# send accounting updates every 5 minutes
set radius acct-update 300
# let the RADIUS server assign the IP
set ipcp enable radius-ip
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
set bundle enable radius-auth radius-fallback
# enable RADIUS accounting
set bundle enable radius-acct
# use idle-timeout, session-timeout, routes list and mtu from the RADIUS server
set iface enable radius-idle radius-session radius-mtu radius-route
# activate MPPE and let the RADIUS server assign MPPE-types and MPPE-policies
set bundle enable compression
set ccp yes mppc
set ccp enable radius
##################
#vi /usr/local/etc/mpd/mpd.links
#bengin of mpd.links
pptp1:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
#
pptp2:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
#
pptp3:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
#
pptp4:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
#
pptp5:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
#
#end of mpd.links
#注意:mpd.conf里面,每一个配置项的link名称(new -i ng0 pptp1 pptp1,这一行定义),
#比如client1(links = pptp1),client2(links = pptp2),在mpd.links中必须有相应的link type定义,
#pptp1:
# set link type pptp
#pptp2:
# set link type pptp
#其他类推;
#用户名和密码;
#vi /usr/local/etc/mpd/mpd.secret
#bengin of mpd.secret
#username <---> password <-----> ip address range to user
#这里可以指定某个用户拨号时使用的地址
#user1 fortest 172.16.120.111/24
#也可以不指定
user1 fortest
#end of mpd.secret
#注意:杀死进程时不要使用-9强行结束,否则可能导致进程不能正常关闭设备,必须重新启动系统才能恢复;
#使用懒得delay start up
#cp /usr/local/etc/rc.d/mpd.sh.sample /usr/local/modules/public/etc/rc.d/mpd-server
#ln -s /usr/local/modules/public/etc/rc.d/mpd-server /usr/local/sbin
#一般做法
cp /usr/local/etc/rc.d/mpd.sh.sample /usr/local/etc/rc.d/mpd-server.sh
#配置日志记录
touch /var/log/mpd.log
#FreeBSD 4.x的做法
#vi /etc/syslog.conf
#添加如下,!mpd表示mpd这个进程;
!mpd
*.* /var/log/mpd.log
#FreeBSD 5.x的做法
##奇怪,FBSD 5.2.1无daemon项目
daemon.* /var/log/mpd.log
####
#vi /etc/newsyslog.conf
/var/log/mpd.log 644 5 100 * Z
#重新启动syslogd
killall -HUP syslogd
####################################
没有评论:
发表评论