搭建pptp和lx2tp***過程問題:
1.vb01的pptp配置文件:
下邊這個文件主要是設置使用radius認證,和DNS的設置
[root@vb ~]# cat /etc/ppp/options.pptpd
lock
dump
logfd 2
logfile /var/log/pptpd.log
name vb01
proxyarp
auth
plugin /usr/lib/pppd/2.4.4/radius.so
nobsdcomp
require-pap
require-chap
require-mschap
require-mschap-v2
ipparam options.pptpd
ms-dns 168.126.63.1
ms-dns 8.8.8.8
refuse-eap
lock
dump
logfd 2
logfile /var/log/pptpd.log
name vb01
proxyarp
auth
plugin /usr/lib/pppd/2.4.4/radius.so
nobsdcomp
require-pap
require-chap
require-mschap
require-mschap-v2
ipparam options.pptpd
ms-dns 168.126.63.1
ms-dns 8.8.8.8
refuse-eap
下邊這個文件只要設置localip和 remoteip
[root@vb01 ~]# cat /etc/pptpd.conf
ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
#bcrelay eth0
connections 9999
localip 10.8.0.1
remoteip 10.8.0.2-255
ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
#bcrelay eth0
connections 9999
localip 10.8.0.1
remoteip 10.8.0.2-255
3. 配置/etc/radiusclient下的 servers和radiusclient.conf文件 這個目錄 決定的本機***的radius向那個服務器做認證
4.xl2tpd配置文件:
[root@vb01 ~]# cat /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
local ip = 10.9.0.1
ip range = 10.9.0.2-10.9.255.255
require chap = yes
require pap =yes
require authentication = yes
name = vb01
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
[global]
ipsec saref = yes
[lns default]
local ip = 10.9.0.1
ip range = 10.9.0.2-10.9.255.255
require chap = yes
require pap =yes
require authentication = yes
name = vb01
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
[root@vb01 ~]# cat /etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 168.126.63.1
ms-dns 208.67.222.222
noccp
auth
plugin /usr/lib/pppd/2.4.4/radius.so
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/xl2tpd.log
ipcp-accept-local
ipcp-accept-remote
ms-dns 168.126.63.1
ms-dns 208.67.222.222
noccp
auth
plugin /usr/lib/pppd/2.4.4/radius.so
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/xl2tpd.log
5.開啓防火牆NAT轉發:
$IPTABLES -A FORWARD -s 10.8.0.0/14 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 10.8.0.0/14 -d ! 10.8.0.0/14 -j MASQUERADE
$IPTABLES -A FORWARD -s 10.9.0.0/16 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 10.9.0.0/16 -d ! 10.9.0.0/16 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 10.8.0.0/14 -d ! 10.8.0.0/14 -j MASQUERADE
$IPTABLES -A FORWARD -s 10.9.0.0/16 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 10.9.0.0/16 -d ! 10.9.0.0/16 -j MASQUERADE
6.如下插入一個123的***用戶名:
INSERT INTO radcheck (username, attribute, op, value) VALUES ('123','Cleartext-Password',':=','123');
錯誤處理:
1.在debug模式查看錯誤日誌:
#service radiusd stop
#radiusd -X
如果沒有錯誤日誌,就是沒有通過radiusd。
2.查看pptp日誌
less /var/log/pptpd.log
3.查看iptables是否開啓相應IP段的轉發 cat /home/***/firewall.sh
iptables -vnl -t nat|grep 10.8 //查看是否開啓轉發
4.報718連不上認證服務器的錯誤
查看查看radius數據庫是否打開,如果數據庫已經打開,查看爲什麼連不上數據庫,
查看radius數據庫配置文件/etc/raddb/sql.conf 查看所用數據庫用戶密碼和數據庫是否正確
如果正確 用radius的用戶名和密碼登陸mysql數據庫看是否能登陸,
如果不能登陸,用root用戶登陸mysql授權:
如下爲錯誤日誌:
