马上要搬出学校,而学校的资源大多是对教育网开放,考虑到以后的小区多半是电信的adsl接入,没办法,就想到了架个vpn服务器,当然首先想到的是在freebsd上架设。用goolge搜索了一下,发现搞得人还真多,心情马上好了一截。下面是我的步骤:
1、安装mpd(都说mpd对windows支持最好),很简单
cd /usr/local/ports/net/mpd/
make all install clean
2、配置/usr/local/etc/mpd/mpd.conf
default:
load vpn
vpn:
load client1
#load client2
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges x.x.x.x/32 y.y.y.y1/32
load pptp_def
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges x.x.x.x/32 y.y.y.y2/32
load pptp_def
pptp_def:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns x.x.x.y
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
open
3、配置/usr/local/etc/mpd/mpd.links
pptp1:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 对外提供vpn服务的ip
set pptp enable incoming
set pptp disable originate
4、编写启动脚本/usr/local/etc/rc.d/mpd.sh
case $1 in
start)
[ -x /usr/local/sbin/mpd ] &&
[ -f "/usr/local/etc/mpd/mpd.conf" ] &&
/usr/local/sbin/mpd -b &&
echo -n ' mpd'
;;
stop)
killall mpd && echo -n ' mpd'
;;
*)
echo "Usage: `basename $0` {start|stop}"
5、编辑用户/口令文件 /usr/local/etc/mpd/mpd/secret 很简单,照着例子作
好了,现在要做的事做完了。在winxp上创建一个vpn连接,ok,搞定。嘿嘿,还有2个非常重要的点,第一个要将freebsd服务器设置成路由模式也就是说在/etc/rc.conf中gateway_enable="YES" 要加上(网上找的资料都没说着点,完全凭经验),否则不能通过vpn服务器访问内网的其他主机。第二,winxp的防火墙要关掉,为什么不知道,总之不关,就会出现间歇性大量掉包
#pkg_add -rv mpd
#sh mpd_setup.sh config ##修改几个选项 什么用户名了,分配的IP地址了。。
#cat mpd_setup.sh
#!/bin/sh
#
# mpd VPN install script
# Compile by iceblood(Liu Hongguang)
# E-mail:iceblood@163.com
# Website:http://www.nettf.net/
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
TIME=`date '+%Y/%m/%d %H:%M'`
case $1 in
install)
which mpd
if [ "$?" = "0" ]; then
echo "mpd already install."
exit 0
fi
if [ -d /usr/ports/net/mpd ]; then
cd /usr/ports/net/mpd
make clean
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make install
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make clean
echo "mpd software install done."
exit 0
fi
echo "Sorry,not ports /usr/ports/net/mpd"
echo "Please use cvsup get ports list."
exit 1
;;
config)
read -p "Please input mpd config patch:[/usr/local/etc/mpd] " MPDPATH
if [ "$MPDPATH" = "" ]; then
MPDPATH=/usr/local/etc/mpd
fi
read -p "Please input VPN max ports(default 5):[1~253] " CLIENT
if [ "$CLIENT" = "" ] || [ "$CLIENT" -lt 1 ] || [ "$CLIENT" -ge 254 ]; then
CLIENT=5
fi
read -p "Please input VPN server IP:[172.168.1.1] " VPNIP
if [ "$VPNIP" = "" ]; then
VPNIP=172.168.1.1
fi
VPNIPA=`echo $VPNIP | awk -F. '{print $1}'`
VPNIPB=`echo $VPNIP | awk -F. '{print $2}'`
VPNIPC=`echo $VPNIP | awk -F. '{print $3}'`
VPNIPD=`echo $VPNIP | awk -F. '{print $4}'`
if [ "$VPNIPA" -ge 255 ] || [ "$VPNIPA" -lt 0 ] || [ "$VPNIPB" -ge 255 ] || [ "$VPNIPB" -lt 0 ] || [ "$VPNIPC" -ge 255 ] || [ "$VPNIPC" -lt 0 ] || [ "$VPNIPD" -ge 255 ] || [ "$VPNIPD" -lt 0 ] ; then
echo "Sorry!!VPN server IP error!!!"
exit 1
fi
cat << MPDCONFIG > $MPDPATH/mpd.conf
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:iceblood@163.com
# Website:http://www.nettf.net/
MPDCONFIG
echo "default:" >> $MPDPATH/mpd.conf
echo " load pptp" >> $MPDPATH/mpd.conf
echo "pptp:" >> $MPDPATH/mpd.conf
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
echo " load pptp$NUM" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
done
NUM=0
CLIENTIPD=0
while [ "$NUM" -lt "$CLIENT" ]; do
CLIENTIPD=`expr $CLIENTIPD + 1`
if [ "$CLIENTIPD" != "$VPNIPD" ]; then
echo "pptp$NUM:" >> $MPDPATH/mpd.conf
echo " new -i ng$NUM pptp$NUM pptp$NUM" >> $MPDPATH/mpd.conf
echo " set ipcp ranges $VPNIPA.$VPNIPB.$VPNIPC.$VPNIPD/32 $VPNIPA.$VPNIPB.$VPNIPC.$CLIENTIPD/32" >> $MPDPATH/mpd.conf
echo " load pptp_config" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
fi
done
read -p "Please input idle time at disconnect:[0] " IDLE
if [ "$IDLE" = "" ] || [ "$IDLE" -lt 0 ] || [ "$IDLE" -gt 86400 ]; then
IDLE=0
fi
read -p "Please input client DNS ipaddress:[127.0.0.1] " DNSIP
if [ "$DNSIP" = "" ]; then
DNSIP=127.0.0.1
fi
cat << MPDCONFIG >> $MPDPATH/mpd.conf
pptp_config:
set iface disable on-demand
set iface enable proxy-arp
set bundle enable compression
set bundle yes crypt-reqd
set iface idle $IDLE
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap-msv2
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns $DNSIP
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
MPDCONFIG
cat << MPDLINKS > $MPDPATH/mpd.links
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:iceblood@163.com
MPDLINKS
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
cat << MPDLINKS >> $MPDPATH/mpd.links
pptp$NUM:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
MPDLINKS
NUM=`expr $NUM + 1`
done
read -p "Please VPN client username:[test] " VPNUSER
read -p "Please VPN client password:[password] " VPNPASS
if [ "$VPNUSER" = "" ]; then
VPNUSER=test
fi
if [ "$VPNPASS" = "" ]; then
VPNPASS=password
fi
echo "$VPNUSER $VPNPASS" > $MPDPATH/mpd.secret
chmod 600 $MPDPATH/mpd.secret
cat << DONE
MPD configure file set done.
Please check you kernel has:
#PPTP server set
options NETGRAPH
options NETGRAPH_PPTPGRE
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_IFACE
options NETGRAPH_PPP
options NETGRAPH_BPF
options NETGRAPH_VJC
options NETGRAPH_MPPC_ENCRYPTION
and start mpd service.
Please edit "$MPDPATH/mpd.secret" file, add or delete vpn client user.
DONE
;;
*)
cat << HELP
$0 {install|config}
install Install mpd package.
config Configure mpd vpn.
Script compile by iceblood
iceblood@163.com
HELP
;;
esac
exit 0
Unix系统中文件管理和文件权限设置教程汇总
[Unix]2017年1月22日WindowsVista系统开机加速全攻略汇总
[Vista]2016年12月2日windowsserver2003复习试题汇总
[2003]2016年12月2日Windows服务器技术SQLServer辅导资料汇总
[Win 综合]2016年12月2日Windows服务器技术FTP服务器辅导资料汇总
[Win 综合]2016年12月2日