《MAS首次安装VPN.docx》由会员分享,可在线阅读,更多相关《MAS首次安装VPN.docx(4页珍藏版)》请在三一办公上搜索。
1、MAS首次安装VPN一、 修改/etc/ppp/chap-secrets; 修改 /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses vpn账户 * vpn密码 * vpn账户 是连接到MAS管理平台的时的账户,一般就是MASID; vpn密码 是连接到MAS管理平台的时对应的密码; 二、 修改/etc/l2tpd/ l2tpd.conf; 在此文件中 ; ; Sample l2tpd configuration file ; ; This examp
2、le file should give you some idea of how the options for l2tpd ; should work. The best place to look for a list of all options is in ; the source code itself, until I have the time to write better documetation :) ; Specifically, the file file.c contains a list of commands at the end. ; ; You most de
3、finitely dont have to spell out everything as it is done here ; global ; Global parameters: ; port = 1701 ; * Bind to port 1701 ; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are ; access control = yes ; * Refuse connections without IP match ; auth file = /etc/ppp/chap-secrets
4、 ; rand source = dev ; Source for entropy for random ; ; numbers, options are: ; ; dev - reads of /dev/urandom ; ; sys - uses rand ; ; egd - reads from egd socket ; ; egd is not yet implemented ; lns default ; Our fallthrough LNS definition ; exclusive = no ; * Only permit one tunnel per host ; ip r
5、ange = 192.168.4.200-192.168.4.255 ; * Allocate from this IP range ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts ; ip range = 192.168.0.5 ; * But this one is okay ; ip range = lac1-lac2 ; * And anything from lac1 to lac2s IP ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as
6、 LACs ; no lac = ; * This guy cant connect ; hidden bit = no ; * Use hidden AVPs? ; local ip = 192.168.4.9 ; * Our local IP to use ; length bit = yes ; * Use length bit in payload? ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no
7、 ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; unix authentication = no ; * Use /etc/passwd for auth. ; name = cd183 ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP d
8、ebugging ; pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; lac to_mas_mc ;lns是VPN 网关的地址 ;lns = 218
9、.206.191.54 lns = 1.2.3.4 ;启用用户认证,用户名为test ;name = M01XJ010700002 name = abc ;打开断线重连的设置 redial = yes ;断线重连的时间间隔为15秒 redial timeout = 15 ;最大重试次数为100次 max redials = 100000 ;使chap协议进行认证 require chap = yes ;禁用pap协议认证 refuse pap = yes require authentication = yes ;定义PPP协议的配置文件 ppp debug = no pppoptfile =
10、 /etc/ppp/options.l2tp.mc lac to_183 ;lns是VPN 网关的地址 lns=218.202.151.183 ;打开断线重连的设置 redial = yes ;断线重连的时间间隔为15秒 redial timeout = 15 ;最大重试次数为100次 max redials = 100000 ;使chap协议进行认证 require chap = yes ;禁用pap协议认证 refuse pap = yes require authentication = yes ;启用用户认证,用户名 ;name = changdamas name = changdamas ;定义PPP协议的配置文件 ppp debug = no pppoptfile = /etc/ppp/options.l2tp.183 如上:lns=218.206.191.55 默认的VPN服务器是 218.206.191.54, 如果MAS连接的VPN服务器IP 不是 218.206.191.54,则需要将该项修改为正确的VPN服务器地址。. 三、 重启MAS; 四、 再MAS启动后,登录,查看是否建立。