CentOS安装配置PPTP并结合freeradius验证
分类:linux日期:2014-03-18 - 3:03:03作者:老谢
关于OpenVPN和L2TP整合freeradius验证的帖子都已经写出来了,今天公司VPN增添两台PPTP的服务器,这个帖子就贴出配置过程以便以后备用,下面是OpenVPN和L2TP配置的传送门:
★CentOS安装配置OpenVPN并结合freeradius验证
★CentOS安装配置L2TP并结合freeradius验证
本帖的配置环境为CentOS5 32bit,配置安装PPTP的过程就不写了,如果不会请在本博客自行搜索,下面贴出整合freeradius需要进行的配置:
pptp客户端配置部分
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/radiusclient-0.3.2-0.2.el5.rf.i386.rpm
rpm -i radiusclient-0.3.2-0.2.el5.rf.i386.rpm
vim /etc/radiusclient/servers |
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/radiusclient-0.3.2-0.2.el5.rf.i386.rpm
rpm -i radiusclient-0.3.2-0.2.el5.rf.i386.rpm
vim /etc/radiusclient/servers
#Server Name or Client/Server pair Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
YOUR_RADIUS_SERVER_HOSTNAME_OR_IP YOUR_RADIUS_SERVER_SECRET |
#Server Name or Client/Server pair Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
YOUR_RADIUS_SERVER_HOSTNAME_OR_IP YOUR_RADIUS_SERVER_SECRET
vim /etc/radiusclient/radiusclient.conf |
vim /etc/radiusclient/radiusclient.conf
auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient/issue
authserver RADIUS_SERVER_IP_OR_HOSTNAME:1812
acctserver RADIUS_SERVER_IP_OR_HOSTNAME:1813
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login |
auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient/issue
authserver RADIUS_SERVER_IP_OR_HOSTNAME:1812
acctserver RADIUS_SERVER_IP_OR_HOSTNAME:1813
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login
cd /etc/radiusclient/
wget http://safesrv.net/public/dictionary.microsoft.zip
unzip dictionary.microsoft.zip |
cd /etc/radiusclient/
wget http://safesrv.net/public/dictionary.microsoft.zip
unzip dictionary.microsoft.zip
vim /etc/radiusclient/dictionary |
vim /etc/radiusclient/dictionary
加入下面的字段:
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit |
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
vim /etc/ppp/options.pptpd |
vim /etc/ppp/options.pptpd
加入:
refuse-pap
refuse-chap
refuse-mschap
require-mppe-128
require-mschap-v2
plugin radius.so
plugin radattr.so |
refuse-pap
refuse-chap
refuse-mschap
require-mppe-128
require-mschap-v2
plugin radius.so
plugin radattr.so
service pptpd restart
chkconfig pptpd on |
service pptpd restart
chkconfig pptpd on
freeradius添加认证客户端
vim /etc/raddb/clients.conf |
vim /etc/raddb/clients.conf
client VPN Server IP HERE {
secret = YOUR SECRET HERE
shortname = yourVPN
nastype = other
} |
client VPN Server IP HERE {
secret = YOUR SECRET HERE
shortname = yourVPN
nastype = other
}
很全面的教程
太高端了。。。。看你的内容,都只能潜水
文章写的很好,很有道理 谢谢博主分享