第二阶段:
安装raidus,并配置mysql验证
yum install -y freeradius freeradius-mysql freeradius-utils
测试服务是否正常【非常重要的一点,使用如下命令的时候,必须能够解析本机,如果不行,必须使用修改hosts硬解】
radtest testuser testpassword localhost 1812 testing123
yum install libgcrypt libgcrypt-devel gcc-c++
wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1.tar.g
tar xvf radiusplugin_v2.1.tar.gz
cd radiusplugin/
make
cp radiusplugin.so /etc/openvpn/
cp radiusplugin.cnf /etc/openvpn/
vim /etc/openvpn/radiusplugin.cn
server { # The UDP port for radius accounting. acctport=1813 # The UDP port for radius authentication. authport=1812 # The name or ip address of the radius server. name=10.200.0.49 # How many times should the plugin send the if there is no response? retry=1 # How long should the plugin wait for a response? wait=1 # The shared secret. sharedsecret=$secret } server { # The UDP port for radius accounting. acctport=1813 # The UDP port for radius authentication. authport=1812 # The name or ip address of the radius server. name=10.200.0.49 # How many times should the plugin send the if there is no response? retry=1 # How long should the plugin wait for a response? wait=1 # The shared secret. sharedsecret=$secret }
egrep -v ‘^($|#|;)‘ /etc/openvpn/server.conf
local 10.200.0.59 port 2198 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server_rongcapital_cn.crt key /etc/openvpn/keys/server_rongcapital_cn.key dh /etc/openvpn/keys/dh1024.pem server 10.10.0.0 255.255.0.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.200.0.22" push "dhcp-option DNS 10.200.0.75" keepalive 10 120 tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret cipher AES-128-CBC # AES comp-lzo max-clients 200 user nobody group nobody persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 6 mute 20 plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf client-cert-not-required username-as-common-name status /var/log/openvpn/openvpn-status.log
客户端
client dev tun proto udp remote $vpnserver_ipaddr $vpn_port remote-random resolv-retry infinite nobind persist-key persist-tun ca ca.crt tls-auth /etc/openvpn/ta.key 1 cipher AES-128-CBC # AES ns-cert-type server auth-user-pass auth-nocache comp-lzo verb 5 mute 20 route-method exe route-delay 2 auth-user-pass /etc/openvpn/pass.txt reneg-sec 0 route 172.16.205.0 255.255.255.0 route 172.16.200.0 255.255.255.0 route 10.200.0.0 255.255.0.0
linux环境下,执行命令
openvpn --config /etc/openvpn/client.ovpn
tls-auth /etc/openvpn/keys/ta.key 0(在server.conf中加入)
tls-auth /etc/openvpn/keys/ta.key 1(client.conf中加入)
时间: 2024-11-10 08:20:31