馬上要搬出學校,而學校的資源大多是對教育網開放,考慮到以後的小區多半是電信的adsl接入,沒辦法,就想到了架個vpn服務器,當然首先想到的是在freebsd上架設。用goolge搜索了一下,發現搞得人還真多,心情馬上好了一截。下面是我的步驟:
1、安裝mpd(都說mpd對windows支持最好),很簡單
cd /usr/local/ports/net/mpd/
make all install clean
2、配置/usr/local/etc/mpd/mpd.conf
default:
load vpn
vpn:
load client1
#load client2
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges x.x.x.x/32 y.y.y.y1/32
load pptp_def
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges x.x.x.x/32 y.y.y.y2/32
load pptp_def
pptp_def:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns x.x.x.y
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
open
3、配置/usr/local/etc/mpd/mpd.links
pptp1:
set link type pptp
set pptp self 對外提供vpn服務的ip
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 對外提供vpn服務的ip
set pptp enable incoming
set pptp disable originate
4、編寫啟動腳本/usr/local/etc/rc.d/mpd.sh
case $1 in
start)
[ -x /usr/local/sbin/mpd ] &&
[ -f "/usr/local/etc/mpd/mpd.conf" ] &&
/usr/local/sbin/mpd -b &&
echo -n ' mpd'
;;
stop)
killall mpd && echo -n ' mpd'
;;
*)
echo "Usage: `basename $0` {start|stop}"
5、編輯用戶/口令文件 /usr/local/etc/mpd/mpd/secret 很簡單,照著例子作
好了,現在要做的事做完了。在winxp上創建一個vpn連接,ok,搞定。嘿嘿,還有2個非常重要的點,第一個要將freebsd服務器設置成路由模式也就是說在/etc/rc.conf中gateway_enable="YES" 要加上(網上找的資料都沒說著點,完全憑經驗),否則不能通過vpn服務器訪問內網的其他主機。第二,winxp的防火牆要關掉,為什麼不知道,總之不關,就會出現間歇性大量掉包
#pkg_add -rv mpd
#sh mpd_setup.sh config ##修改幾個選項 什麼用戶名了,分配的IP地址了。。
#cat mpd_setup.sh
#!/bin/sh
#
# mpd VPN install script
# Compile by iceblood(Liu Hongguang)
# E-mail:[email protected]
# Website:http://www.nettf.net/
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
TIME=`date '+%Y/%m/%d %H:%M'`
case $1 in
install)
which mpd
if [ "$?" = "0" ]; then
echo "mpd already install."
exit 0
fi
if [ -d /usr/ports/net/mpd ]; then
cd /usr/ports/net/mpd
make clean
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make install
if [ "$?" = "1" ]; then
echo "Sorry! mpd install error!!"
exit 1
fi
make clean
echo "mpd software install done."
exit 0
fi
echo "Sorry,not ports /usr/ports/net/mpd"
echo "Please use cvsup get ports list."
exit 1
;;
config)
read -p "Please input mpd config patch:[/usr/local/etc/mpd] " MPDPATH
if [ "$MPDPATH" = "" ]; then
MPDPATH=/usr/local/etc/mpd
fi
read -p "Please input VPN max ports(default 5):[1~253] " CLIENT
if [ "$CLIENT" = "" ] || [ "$CLIENT" -lt 1 ] || [ "$CLIENT" -ge 254 ]; then
CLIENT=5
fi
read -p "Please input VPN server IP:[172.168.1.1] " VPNIP
if [ "$VPNIP" = "" ]; then
VPNIP=172.168.1.1
fi
VPNIPA=`echo $VPNIP | awk -F. '{print $1}'`
VPNIPB=`echo $VPNIP | awk -F. '{print $2}'`
VPNIPC=`echo $VPNIP | awk -F. '{print $3}'`
VPNIPD=`echo $VPNIP | awk -F. '{print $4}'`
if [ "$VPNIPA" -ge 255 ] || [ "$VPNIPA" -lt 0 ] || [ "$VPNIPB" -ge 255 ] || [ "$VPNIPB" -lt 0 ] || [ "$VPNIPC" -ge 255 ] || [ "$VPNIPC" -lt 0 ] || [ "$VPNIPD" -ge 255 ] || [ "$VPNIPD" -lt 0 ] ; then
echo "Sorry!!VPN server IP error!!!"
exit 1
fi
cat << MPDCONFIG > $MPDPATH/mpd.conf
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
# Website:http://www.nettf.net/
MPDCONFIG
echo "default:" >> $MPDPATH/mpd.conf
echo " load pptp" >> $MPDPATH/mpd.conf
echo "pptp:" >> $MPDPATH/mpd.conf
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
echo " load pptp$NUM" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
done
NUM=0
CLIENTIPD=0
while [ "$NUM" -lt "$CLIENT" ]; do
CLIENTIPD=`expr $CLIENTIPD + 1`
if [ "$CLIENTIPD" != "$VPNIPD" ]; then
echo "pptp$NUM:" >> $MPDPATH/mpd.conf
echo " new -i ng$NUM pptp$NUM pptp$NUM" >> $MPDPATH/mpd.conf
echo " set ipcp ranges $VPNIPA.$VPNIPB.$VPNIPC.$VPNIPD/32 $VPNIPA.$VPNIPB.$VPNIPC.$CLIENTIPD/32" >> $MPDPATH/mpd.conf
echo " load pptp_config" >> $MPDPATH/mpd.conf
NUM=`expr $NUM + 1`
fi
done
read -p "Please input idle time at disconnect:[0] " IDLE
if [ "$IDLE" = "" ] || [ "$IDLE" -lt 0 ] || [ "$IDLE" -gt 86400 ]; then
IDLE=0
fi
read -p "Please input client DNS ipaddress:[127.0.0.1] " DNSIP
if [ "$DNSIP" = "" ]; then
DNSIP=127.0.0.1
fi
cat << MPDCONFIG >> $MPDPATH/mpd.conf
pptp_config:
set iface disable on-demand
set iface enable proxy-arp
set bundle enable compression
set bundle yes crypt-reqd
set iface idle $IDLE
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap-msv2
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns $DNSIP
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
MPDCONFIG
cat << MPDLINKS > $MPDPATH/mpd.links
# Create by iceblood mpd_setup.sh scripts
# by $TIME
# Script compile by iceblood
# E-mail:[email protected]
MPDLINKS
NUM=0
while [ "$NUM" -lt "$CLIENT" ]; do
cat << MPDLINKS >> $MPDPATH/mpd.links
pptp$NUM:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
MPDLINKS
NUM=`expr $NUM + 1`
done
read -p "Please VPN client username:[test] " VPNUSER
read -p "Please VPN client password:[password] " VPNPASS
if [ "$VPNUSER" = "" ]; then
VPNUSER=test
fi
if [ "$VPNPASS" = "" ]; then
VPNPASS=password
fi
echo "$VPNUSER $VPNPASS" > $MPDPATH/mpd.secret
chmod 600 $MPDPATH/mpd.secret
cat << DONE
MPD configure file set done.
Please check you kernel has:
#PPTP server set
options NETGRAPH
options NETGRAPH_PPTPGRE
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_IFACE
options NETGRAPH_PPP
options NETGRAPH_BPF
options NETGRAPH_VJC
options NETGRAPH_MPPC_ENCRYPTION
and start mpd service.
Please edit "$MPDPATH/mpd.secret" file, add or delete vpn client user.
DONE
;;
*)
cat << HELP
$0 {install|config}
install Install mpd package.
config Configure mpd vpn.
Script compile by iceblood
HELP
;;
esac
exit 0