http://weibo.com/xianggebujimo
http://weibo.com/u/2085754030
http://weibo.com/killinux
http://weibo.com/giantchen
http://pushchen.com/
http://guoyong.me
重启vpn
linode上网
ssh隧道
http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
配置vpn
http://blog.tech4k.com/?tag=ubuntu
http://www.jacco2.dds.nl/networking/openswan-macosx.html
http://apple4.us/2010/05/setting-up-l2tp-vpn-on-debian-ubuntu.html
这个配置能成功vpn但是不知道怎么用,难道是长城宽带得问题?
ubuntu11.10
apt-get install openswan
/etc/ipsec.conf
[code]
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
[/code]
sudo ipsec verify
[color=darkred]/etc/init.d/ipsec restart
[/color]
aptitude install xl2tpd
[code]
root@haoning:~# cat /etc/xl2tpd/xl2tpd.conf
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global] ; Global parameters:
ipsec saref = yes
;port = 1701 ; * Bind to port 1701
;auth file = /etc/ppp/chap-secrets
; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
; access control = yes ; * Refuse connections without IP match
; rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev - reads of /dev/urandom
; ; sys - uses rand()
; ; egd - reads from egd socket
; ; egd is not yet implemented
;
[lns default] ; Our fallthrough LNS definition
; exclusive = no ; * Only permit one tunnel per host
;ip range = 192.168.10.2-192.168.10.250 ; * Allocate from this IP range
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5 ; * But this one is okay
; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
; no lac = untrusted.marko.net ; * This guy can't connect
; hidden bit = no ; * Use hidden AVP's?
;local ip = 192.168.10.1 ; * Our local IP to use
; length bit = yes ; * Use length bit in payload?
require chap = yes ; * Require CHAP auth. by peer
refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
require authentication = yes ; * Require peer to authenticate
; unix authentication = no ; * Use /etc/passwd for auth.
name = localhost ; * Report this as our hostname
ppp debug = yes ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file
length bit = yes
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer ;
; rx bps = 10000000 ; Receive tunnel speed
; tx bps = 10000000 ; Transmit tunnel speed
; bps = 100000 ; Define both receive and transmit speed in one option
; [lac marko] ; Example VPN LAC definition
; lns = lns.marko.net ; * Who is our LNS?
; lns = lns2.marko.net ; * A backup LNS (not yet used)
; redial = yes ; * Redial if disconnected?
; redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP's?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; name = marko ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer
;
; [lac cisco] ; Another quick LAC
; lns = cisco.marko.net ; * Required, but can take from default
; require authentication = yes
root@haoning:~#
[/code]
aptitude install ppp
[code]
root@haoning:~# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 106.187.34.20
ms-dns 106.187.35.20
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
root@haoning:~#
[/code]
[code]
root@haoning:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
haohao l2tpd testpassword *
#haohao * testpassword *
root@haoning:~#
[/code]
[color=darkred]/etc/init.d/xl2tpd restart[/color]
转发包
[code]
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
[/code]
因为某种原因,openswan 在服务器重启后无法正常自动,所以我们可以在 /etc/rc.local 文件里写入如下语句:
[code]
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
[/code]
http://hi.baidu.com/%CE%DE%D2%B5%C3%CD%C4%D0/blog/item/31c12e4754defc32cffca3f0.html
mac去掉证书
http://lxneng.com/posts/177
[code]
需要连接一个L2TP协议的vpn, 填好信息竟然报错“IPSec 共享密钥”丢失。请验证您的设置并尝试重新连接。 但是这个vpn不需要IPSec 共享密钥啊, google了一把发现需要打补丁来绕过它。
在/etc/ppp目录下新建一个文件options, 写入下面的内容
plugin L2TP.ppp
l2tpnoipsec
就可以无需密钥连接了,最后别忘了把高级设置里面"通过VPN连接发送所有流量"钩上。
[/code]
-----------
[code]
ssh代理上网
ssh -N -f -D 1080 远程服务器ip
lsof -i:1080
ps -ef|grep 4393
netstat -abn |grep 1080
[/code]
mac的客户端配置socket代理
127.0.0.1
端口 1080
参考ssh隧道;
http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
http://weibo.com/u/2085754030
http://weibo.com/killinux
http://weibo.com/giantchen
http://pushchen.com/
http://guoyong.me
重启vpn
/etc/init.d/ipsec restart
/etc/init.d/xl2tpd restart
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpmlinode上网
ssh隧道
http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
配置vpn
http://blog.tech4k.com/?tag=ubuntu
http://www.jacco2.dds.nl/networking/openswan-macosx.html
http://apple4.us/2010/05/setting-up-l2tp-vpn-on-debian-ubuntu.html
这个配置能成功vpn但是不知道怎么用,难道是长城宽带得问题?
ubuntu11.10
apt-get install openswan
/etc/ipsec.conf
root@haoning:~# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
#protostack=auto
protostack=netkey
# Add connections here
# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.SERVER.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add
root@haoning:~#
root@haoning:~# cat /etc/ipsec.secrets
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created RSA keys
include /var/lib/openswan/ipsec.secrets.inc
YOUR.SERVER.IP.ADDRESS %any: PSK "YourSharedSecret"
root@haoning:~#
[code]
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
[/code]
sudo ipsec verify
[color=darkred]/etc/init.d/ipsec restart
[/color]
aptitude install xl2tpd
[code]
root@haoning:~# cat /etc/xl2tpd/xl2tpd.conf
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global] ; Global parameters:
ipsec saref = yes
;port = 1701 ; * Bind to port 1701
;auth file = /etc/ppp/chap-secrets
; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
; access control = yes ; * Refuse connections without IP match
; rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev - reads of /dev/urandom
; ; sys - uses rand()
; ; egd - reads from egd socket
; ; egd is not yet implemented
;
[lns default] ; Our fallthrough LNS definition
; exclusive = no ; * Only permit one tunnel per host
;ip range = 192.168.10.2-192.168.10.250 ; * Allocate from this IP range
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5 ; * But this one is okay
; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
; no lac = untrusted.marko.net ; * This guy can't connect
; hidden bit = no ; * Use hidden AVP's?
;local ip = 192.168.10.1 ; * Our local IP to use
; length bit = yes ; * Use length bit in payload?
require chap = yes ; * Require CHAP auth. by peer
refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
require authentication = yes ; * Require peer to authenticate
; unix authentication = no ; * Use /etc/passwd for auth.
name = localhost ; * Report this as our hostname
ppp debug = yes ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file
length bit = yes
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer ;
; rx bps = 10000000 ; Receive tunnel speed
; tx bps = 10000000 ; Transmit tunnel speed
; bps = 100000 ; Define both receive and transmit speed in one option
; [lac marko] ; Example VPN LAC definition
; lns = lns.marko.net ; * Who is our LNS?
; lns = lns2.marko.net ; * A backup LNS (not yet used)
; redial = yes ; * Redial if disconnected?
; redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP's?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; name = marko ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer
;
; [lac cisco] ; Another quick LAC
; lns = cisco.marko.net ; * Required, but can take from default
; require authentication = yes
root@haoning:~#
[/code]
aptitude install ppp
[code]
root@haoning:~# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 106.187.34.20
ms-dns 106.187.35.20
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
root@haoning:~#
[/code]
[code]
root@haoning:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
haohao l2tpd testpassword *
#haohao * testpassword *
root@haoning:~#
[/code]
[color=darkred]/etc/init.d/xl2tpd restart[/color]
转发包
[code]
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
[/code]
因为某种原因,openswan 在服务器重启后无法正常自动,所以我们可以在 /etc/rc.local 文件里写入如下语句:
[code]
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
[/code]
http://hi.baidu.com/%CE%DE%D2%B5%C3%CD%C4%D0/blog/item/31c12e4754defc32cffca3f0.html
mac去掉证书
http://lxneng.com/posts/177
[code]
需要连接一个L2TP协议的vpn, 填好信息竟然报错“IPSec 共享密钥”丢失。请验证您的设置并尝试重新连接。 但是这个vpn不需要IPSec 共享密钥啊, google了一把发现需要打补丁来绕过它。
在/etc/ppp目录下新建一个文件options, 写入下面的内容
plugin L2TP.ppp
l2tpnoipsec
就可以无需密钥连接了,最后别忘了把高级设置里面"通过VPN连接发送所有流量"钩上。
[/code]
-----------
[code]
ssh代理上网
ssh -N -f -D 1080 远程服务器ip
lsof -i:1080
ps -ef|grep 4393
netstat -abn |grep 1080
[/code]
mac的客户端配置socket代理
127.0.0.1
端口 1080
参考ssh隧道;
http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
扫一扫
3247
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
