Freeradius + pptpd + mysql VPN Service System in Ubuntu, freeradiuspptpd
/* The following operations are performed on the radius server */# update the source sudo apt-get update # install Mysqlsudo apt-get install-y mysql-server mysql-client # install freeradius and the required sudo apt-get install-y freeradius-mysql freeradius-utils freeradius-dialupadmin # from here, to switch to the root user, otherwise the configuration file of freeradius is not visible. Sudo su # modify the main configuration file vim/etc/freeradius/radiusd. conf # listen Field Configuration listen {... ipaddr = * # The default value is *, which can be changed to the required local IP Address type = auth # The configuration Syntax of acct is similar to that of acct... # interface = eth0 # You can specify one of the multiple network interfaces ...} # module field configuration modules {... $ INCLUDE $ {confdir}/modules/# configurations of modules such as pap and chap are also in this directory... $ INCLUDE SQL. conf # anti-annotation to enable SQL-related configuration ...} # modify the configuration file vim/etc/freeradius/sites-enabled/default to find the authorize {} module, comment out files (row 170), and remove the # (row 177) before the SQL statement ). Find the preacct {} module and comment out the files (line 1 ). Find the accounting {} module, comment out radutmp (row 396), and remove the # (row 406) before the SQL statement ). Find the session {} module, comment out radutmp (row 450), and remove the # (row 454) before the SQL statement ). Find the post-auth {} module, remove the # (row 475) before the SQL statement, and remove the # (row 563) before the SQL statement ). # Modify the configuration file vim/etc/freeradius/sites-enabled/inner-tunnel, find the authorize {} module, comment out files (line 1 ), remove the # (row 131) before the SQL statement ). Find the session {} module, comment out radutmp (row 251), and remove the # (row 255) before the SQL statement ). Find the post-auth {} module, remove the # (row 277) before the SQL statement, and remove the # (row 301) before the SQL statement ). # Modify the client configuration file client 10.0.0.0/16 {# the ip address of the client, which can be an ip segment, for example, 192.168.1.0/24 secret = testing123 shortname = private-network-client} # modify the configuration file vim/etc/freeradius/SQL for accessing the database. conf SQL {database = "mysql" driver = "rlm_ SQL _ $ {database}" server = "localhost" login = "radius" password = "xxxxxxx" radius_db = "radius "}# create a radius database and mysql> create database radius; mysql> grant all on radius. * to radius @ '%' identified by 'xxxxxx'; mysql> flush privileges; # import the freeradiu table cd/etc/freeradius/SQL/mysql/for I in 'LS '; do mysql-uroot-pxxxxxx radius <$ I; done/* the preceding operations are performed on the radius server */========================== ========================================================== ====================================/* the following operations are performed on the pptpd server */# Install Freeradius-client on the PPTPD Server, note the use of root to compile wget-c ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz tar zxvf freeradius-client-1.1.7.tar.gz cd freeradius-client-1.1.7. /configure make & make install # modify the client configuration file vim/usr/local/etc/radiusclient/servers x. x. x. x testing123 <span style = "white-space: pre"> </span> // radius server address and key vim/usr/local/etc/radiusclient. conf authserver x. x. x. x // radius server address # Add dictionary (important) wget-c http://small-script.googlecode.com/files/dictionary.microsoft mv dictionary. microsoft/usr/local/etc/radiusclient/# cat>/usr/local/etc/radiusclient/dictionary <EOF # INCLUDE/usr/local/etc/radiusclient/dictionary. sip # INCLUDE/usr/local/etc/radiusclient/dictionary. ascend # INCLUDE/usr/local/etc/radiusclient/dictionary. merit # INCLUDE/usr/local/etc/radiusclient/dictionary. compat # INCLUDE/usr/local/etc/radiusclient/dictionary. microsoft # EOF # modify the configuration file (important) vim/usr/local/etc/radiusclient/dictionary # comment out IPv6-related lines 92: # ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix 100: # ATTRIBUTE Framed-IPv6-Address 168 1166addr 101: # ATTRIBUTE DNS-Server-IPv6-Address 169 1166addr 102: # ATTRIBUTE Route-IPv6-Information 170 ipv6prefix # integrate sed-I's/logwtmp/\ # logwtmp/G'/etc/pptpd with PPTP. conf sed-I's/radius_deadtime/\ # radius_deadtime/G'/usr/local/etc/radiusclient. conf sed-I's/bindaddr/\ # bindaddr/G'/usr/local/etc/radiusclient. conf # Note: 32 operating system radius. the so path is/usr/lib/pppd/2.4.5/radius. so, here is the 64-bit path echo plugin/usr/lib64/pppd/2.4.5/radius. so>/etc/ppp/options.ppt pd echo radius-config-file/usr/local/etc/radiusclient. conf>/etc/ppp/options.ppt pd/* the above operations are performed on the pptpd server */================ ========================================================== ========================================================== ======================================/* perform the following operations on the radius server */# Add an authentication account for Mysql # Add a demo add the user to the user group mysql> insert into radcheck (username, attribute, op, VALUE) VALUES ('Demo', 'Password', ': =', 'Demo'); mysql> insert into radusergroup (username, groupname) VALUES ('Demo', 'user'); # Start freeradius freeradiusd-X in debug mode # Start/etc/init. d/freeradius start
Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
