PPTP + MPPE + RADIUS + MySQL
热
【字体:小 大】
PPTP + MPPE + RADIUS + MySQL
作者:不详 文章来源:网络 点击数:1255 更新时间:2007-1-21 
PPTP+MPPE+RADIUS+MySql
Requirements:
kernelsources.(2.4.18orlaterprefered.)www.kernel.org
pppsourcesfromcvsorrecentsnapshot.www.samba.org/ppp
Freeradius0.7.1orlater.www.freeradius.org
PoPToP1.1.3www.sourceforge.net/projects/poptop
Shouldbepresentinmostdistributionsthesedays:
MySqlMySql.com/"target=_blank>www.MySql.com
openssl0.9.6borlater.www.openssl.org
Caveats:MPPEencryptionseemstobeavailablewithMS-CHAPauthenticationonly.NotPAPandCHAP.ThisdocumentassumesonlyMS-CHAPv2isused.(Asversion1istotallybrokensecuritywise.)
PPPandkernel:
Patchyourkernelsourceswiththemppeinstall.shscriptinlinux/mppe/
Configureyourkernelsourceformppesupport(makemenuconfigoryourpreferedway.)ThepatchmakesanewchoiceforaMPPEmoduleunderNetworkdevices-PPP.
Compileandinstallyourkernelandmodules.Itakeiteverybodyknowshowtodothisandupdatetheirlilo/grub/whateverbootloader.
Doublecheck/etc/modules.confforaliasestoppp_mppeandsoon.
aliaschar-major-108ppp_generic
aliastty-ldisc-3ppp_async
aliastty-ldisc-14ppp_synctty
aliasppp-compress-18ppp_mppe
aliasppp-comress-21bsd_comp
aliasppp-compress-24ppp_deflate
aliasppp-compress-26ppp_deflate
NowisasgoodatimeasanytorebootwithyourMPPEenabledkernel.(Somedocstellsyoutoinstallpppbeforereboot.Reasonunknown,itshouldntmatter.)
Compileandinstallppp.MPPEandms-chapv2supportiscompiledinbydefault.
PoPToP:
Compileandinstall.Nothingfancyneeded,asitspppdthatdoesthemagic.
PoPToPandpppdConfiguration:
Inmy/etc/pptpd.confIhave
localipsome.ip.add.ress
option/etc/options.pptpd
Thisisjustforclarity,thedefaultisoffcourse/etc/ppp/optionsTheclientsgetremoteipfromradius,sowedontneedithereastheywillbeoverridden,butyoucouldhavethemforclarity/confusion/easytestingwithoutradius...
Ionlyusemschap-v2,somy/etc/ppp/options.pptpdfileis:
#-----------start----------
lock
#uncommentwhentesting:
#debug
namepptpd
proxyarp
asyncmap0
-chap
-mschap
+mschap-v2
require-mppe
lcp-echo-failure30
lcp-echo-interval5
ipcp-accept-local
ipcp-accept-remote
ms-winswins.server.ip.address
ms-dnsdns.server.ip.address
pluginradius.so
#-----------end----------
Note:Itmightbe"chapms"andnot"mschap"aschangesmightbehappeninginthecvs.
Theradius.sopluginusesthesettingsfromradiusclient,somakesure:
/etc/radiusclient/serverscontainsthesecretforyourradiusserver(s)
Like:
localhosttesting123
Iftheradiusisonlocalhostusingthedefaultfreeradiussecret(badideaoffcourse...)
Ithinkyoumusthavethedictionary.microsoftfilein/etc/radiusclientifyouusems-chap1or2.
Itshouldbetherebydefault.
Setauthserverandacctserverin/etc/radiusclient/radiusclient.confifyourradiusserverisnotonthesamemachineasyourpoptop.
Thisfilesuremakessplittingauthenticationandaccountingbetweentworadiusserversveryeasy