发信人: weekend(笨刚)
整理人: zhcharles(2002-01-30 15:59:42), 站内信件
|
http://stuff.adhesivemedia.com/freebsd/mpd.php
用mpd在FreeBSD里配置VPN(用windows客户端连接)
下面是网络结构. gw 运行了 ipfw/natd 服务.
另外, natd 影射 222.222.222.222 到 10.0.0.4.
___________ ___________
| | | |
| oddjob -10.0.0.4 <---> 10.0.0.1- gw -111.111.111.111
| | (LAN) | | (Internet)
|_________| |_________|
先安装 mpd (in net/mpd-netgraph) port.
在oddjob及其上, /usr/local/etc/mpd/mpd.conf 类似下面这样:
------------------------------------------------------------
default:
load pptp
pptp:
new -i ng0 pptp pptp
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 10.0.0.4/32 10.0.0.250/32
set ipcp dns 10.0.0.4
#
# 下面五行打开 Microsoft Point-to-Point 加密
# (MPPE) 使用 ng_mppc(8) netgraph 结点类型.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
-----------------------------------------------------------------------------
/usr/local/etc/mpd/mpd.links 象下面这样:
-----------------------------------------------------------------------------
pptp:
set link type pptp
set pptp self 10.0.0.4
set pptp enable incoming
set pptp disable originate
-----------------------------------------------------------------------------
/usr/local/etc/mpd/mpd.secret 象下面这样:
-----------------------------------------------------------------------------
joe joesPassword
-----------------------------------------------------------------------------
为了让mpd在开机时自动运行,在oddjob机器上建立mpd.sh,并设置为可执行。
/usr/local/etc/rc.d/mpd.sh:
-----------------------------------------------------------------------------
#!/bin/sh
PATH=/usr/bin:/bin
case $1 in
'start')
if [ -x /usr/local/sbin/mpd -a -f /usr/local/etc/mpd/mpd.conf ];
then
echo -n " mpd" ; /usr/local/sbin/mpd -b
fi
;;
'stop')
kill -TERM `cat /var/run/mpd.pid`
;;
esac
-----------------------------------------------------------------------------
确认 oddjob机器的 /etc/rc.conf里有下面这一行
--------------------------------------------
gateway_enable="YES"
--------------------------------------------
在gw机器上, 确认你已经设置了以下的防火墙权限. 如果ip和网卡名不一样,则要作相应的修改
(ed0是gw机器的外部网卡名). 其他正常的防火墙规则也要有。
-----------------------------------------------------------------------------
add allow tcp from any to 10.0.0.4 pptp in via ed0 setup
add allow gre from any to 10.0.0.4 in via ed0
add allow gre from 10.0.0.4 to any out via ed0
-----------------------------------------------------------------------------
确定mpd在运行. 我想它会log到/var/log/messages. 你可以用"tail -f /var/log/messages" 来查
看错误信息。
在windows里,建立一个新的VPN连接(tunneling through the internet),设置为不拨号,则可以在LAN或
拨号网络里使用它。输入222.222.222.222 作为要连接到的主机名/ip. 填好它要你填的东西,然后打开
属性,检查有没有错误。选择"require a secure connection"和"use remote gateway by default"选项,
设置TCP/IP属性为自动获得信息。
这样设置就已经可以工作了。如果你要给多个用户使用,你还得在mpd.conf和mpd.secret里设置IP范围和
用户名/密码。
----
Best Regards,
Weekend
[email protected]
icq: 2499593 |
|