注意,下面内容非一键安装包,请根据实际情况作出修改
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
apt-get update
apt-get upgrade
apt-get install apache2 php5 php-pear freeradius freeradius-mysql openvpn mysql-server
/etc/init.d/mysql stop
/etc/init.d/apache2 stop
/etc/init.d/openvpn stop
/etc/init.d/freeradius stop
radius_db_pass='test'
cat >/etc/mysql/conf.d/lowmem.cnf<<start
[mysqld]
key_buffer = 16K
max_allowed_packet = 1M
table_cache = 4
sort_buffer_size = 64K
read_buffer_size = 256K
read_rnd_buffer_size = 256K
net_buffer_length = 2K
thread_stack = 64K
query_cache_size = 0
skip-innodb
start
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars
echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
cd keys/
client="
client
dev tun
proto udp
remote 192.168.0.16 1194
;remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
ns-cert-type server
dhcp-option DNS 8.8.8.8
comp-lzo
verb 3
mute 20
auth-user-pass
auth-nocache
redirect-gateway def1
reneg-sec 0
explicit-exit-notify 3"
echo "$client" > $HOSTNAME.ovpn
tar czf keys.tgz ca.crt $HOSTNAME.ovpn
mv keys.tgz /root
opvpn='
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group daemon
daemon
client-cert-not-required
username-as-common-name
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf'
echo "$opvpn" > /etc/openvpn/openvpn.conf
cd /root
wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1.tar.gz
tar zxvf radiusplugin_v2.1.tar.gz
cd radiusplugin_v2.1
make
cp radiusplugin.so radiusplugin.cnf /etc/openvpn/
sed -i "s/server.conf/openvpn.conf/g" /etc/openvpn/radiusplugin.cnf
sed -i "s/192.168.0.153/localhost/g" /etc/openvpn/radiusplugin.cnf
sed -i "s/testpw/testing123/g" /etc/openvpn/radiusplugin.cnf
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $ip
iptables-save > /etc/iptables.conf
echo "#!/bin/sh" > /etc/network/if-up.d/iptables
echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
/etc/init.d/openvpn start
echo "OpenVPN configure finish!"
cat mysql.tmp <<start
CREATE USER 'radius'@'localhost' IDENTIFIED BY '$radius_db_pass';
CREATE DATABASE IF NOT EXISTS `radius` ;
GRANT ALL PRIVILEGES ON `radius` . * TO 'radius'@'localhost';
FLUSH PRIVILEGES;
start
mysql -uroot -p radius <mysql.tmp
rm -rf mysql.tmp
cd /root
wget http://sourceforge.net/projects/daloradius/files/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz
pear install DB
mkdir /usr/share/daloRadius
tar zxvf daloradius-0.9-8.tar.gz
mv daloradius-0.9-8/* /usr/share/daloRadius/
rm -r daloradius-0.9-8
mysql -uroot -p radius < /usr/share/daloRadius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
|