win 7 任务 拨号 vpn
- Published in VPN
C:\Windows\System32\rasphone.exe -d 宽带名字
C:\Windows\System32\rasphone.exe -d 宽带名字
选用最新版UltraISO 9.3 PE(下载地址:http://dw.ezbsys.net/uiso9_cn.exe)。大家可能感到奇怪,UltraISO不是一款光盘工具吗?它也能制作启动U盘?为什么不选用常见的HP U盘格式化工具、USBoot、FlashBoot等工具呢?其实,自UltraISO V9.12起,UltraISO已经包含制作启动U盘的功能。选用UltraISO来制作启动U盘有以下特点:
在/etc/sysconfig/iptables打开端口1723,gre协议和设置MTU为1356
#在-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited前添加 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT -A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
PPTP 全称为 Point to Point Tunneling Protocol — 点到点隧道协议,是VPN协议中的一种。 虚拟专用网(VPN)被定义为通过一个公用网络(通常是因特网)建立一个临时的、安全的连接,是一条穿过混乱的公用网络的安全、稳定的隧道。虚拟专 用网是对企业内部网的扩展。虚拟专用网可以帮助远程用户、公司分支机构、商业伙伴及供应商同公司的内部网建立可信的安全连接,并保证数据的安全传输。虚拟 专用网可用于不断增长的移动用户的全球因特网接入,以实现安全连接;可用于实现企业网站之间安全通信的虚拟专用线路,用于经济有效地连接到商业伙伴和用户 的安全外联网虚拟专用网。
/etc/openvpn/server-tcp.conf
/etc/openvpn/server-udp.conf
server 192.168.21.0 255.255.255.0
192.168.31.0
push "dhcp-option DNS 8.8.8.8"
nat masquad 192.168.21.0
192.168.31.0
webmin
apache
global config
网络和地址
443 改成 无
rpm -q rpmforge-release
rpm -e rpmforge-release-0.5.1-1.el5.rf
新版 selinux 解决方案
semanage port -m -t openvpn_port_t -p tcp 443
semanage port -a -t openvpn_port_t -p udp 443
semanage port -l | grep 443
发现 http_port_t 占用 443
[root@xxxx ~]# semanage port -d -t http_port_t -p tcp 443
/usr/sbin/semanage: Port tcp/443 is defined in policy, cannot be deleted
[root@onion ~]# semanage port -a -t openvpn_port_t -p tcp 443
/usr/sbin/semanage: Port tcp/443 already defined
[root@onion ~]# /usr/sbin/semanage port -m -t openvpn_port_t -p tcp 443
开机启动
chkconfig openvpn on
MTU 设置 客户端 服务器 都需要
tun-mtu 1400
tun-mtu-extra 32
mssfix 1400
安装时候 注意 openvpn 版本
打开 sh 文件 更改 cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
openvpn-2.2.0 为 当前版本好码 否则无法安装
下面这个也是一键安装包,跟上面那个不同的是,这个同时开启TCP 443和UDP 443并创建2个相应的客户端配置文件
wget http://wty.name/linux/sh/openvpn-tcp-udp.sh sh ./openvpn-tcp-udp.sh |
下面这个是OpenVPN添加用户的脚本
wget http://wty.name/linux/sh/openvpn-add-user.sh
sh ./openvpn-add-user.sh
转贴自 http://wty.name/centos-install-openvpn-with-a-key-package/comment-page-1/#comment-290
之前写过在《CentOS 安装和配置OpenVPN》的教程,今天发布一个OpenVPN的一键安装包。
将下面这行复制到你的linux ssh 控制台,并按下回车,过程中输入一些相关信息即可
wget http://wty.name/linux/sh/openvpn.sh;sh ./openvpn.sh; |
安装完成后,把”/root/keys.tgz”下载回本地,解压至”C:\Program Files\OpenVPN\config”
下面这个也是一键安装包,跟上面那个不同的是,这个同时开启TCP 443和UDP 443并创建2个相应的客户端配置文件
wget http://wty.name/linux/sh/openvpn-tcp-udp.sh;sh ./openvpn-tcp-udp.sh; |
下面这个是OpenVPN添加用户的脚本
wget http://wty.name/linux/sh/openvpn-add-user.sh;sh ./openvpn-add-user.sh;
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.1-1.el5.rf.i386.rpm
yum -y install openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars
echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/
client="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$client" > $HOSTNAME.ovpn
tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root/openvpn-client.tgz
opvpn='
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.21.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'
echo "$opvpn" > /etc/openvpn/server.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p
/etc/init.d/openvpn start
clear
echo "OpenVPN has been installed
Download /root/openvpn-client.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of /root/openvpn-client.tgz there"
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.1-1.el5.rf.i386.rpm
yum -y install openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars
echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/
clienttcp="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clienttcp" > $HOSTNAME.tcp.ovpn
clientudp="
client
remote $ip 443
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clientudp" > $HOSTNAME.udp.ovpn
tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.tcp.ovpn $HOSTNAME.udp.ovpn
mv keys.tgz /root/openvpn-client-tcp-udp.tgz
servertcp='
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.21.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'
echo "$servertcp" > /etc/openvpn/server-tcp.conf
serverudp='
port 443
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'
echo "$serverudp" > /etc/openvpn/server-udp.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.31.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p
/etc/init.d/openvpn start
clear
echo "OpenVPN has been installed
Download /root/openvpn-client-tcp-udp.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of /root/openvpn-client-tcp-udp.tgz there"
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`
read -p "Please Enter New Username:" user
cd /etc/openvpn/easy-rsa/2.0/
. ./vars
source ./vars
./build-key $user
cd keys/
clienttcp="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clienttcp" > $HOSTNAME.$user.tcp.ovpn
clientudp="
client
remote $ip 443
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clientudp" > $HOSTNAME.$user.udp.ovpn
tar czf $HOSTNAME.$user.tgz ca.crt ca.key $user.crt $user.csr $user.key $HOSTNAME.$user.tcp.ovpn $HOSTNAME.$user.udp.ovpn
mv $HOSTNAME.$user.tgz /root
echo "Download /root/$HOSTNAME.$user.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of $HOSTNAME.$user.tgz there"
旧版 selinux 解决方案
安装时注意 关闭 selinux 因为 selinux 禁止 nobody 运行
低端口
方法1
使用文本编辑工具打开 /etc/selinux/config
把 SELINUX=enforcing 注释掉:#SELINUX=enforcing ,然后新加一行为:SELINUX=disabled
保存,关闭。
重启系统。
方法2
我们经常由于默认系统的安全性配置导致些莫名其妙的问题,比如SElinux本来是用于安全子系统的权限控制,可是搞不好就发现限制多多,我们可以用如下方法快速关闭SElinux
/usr/sbin/setenforce 0 立刻关闭 SELINUX
/usr/sbin/setenforce 1 立刻启用 SELINUX
加到系统默认启动里面
echo "/usr/sbin/setenforce 0" >> /etc/rc.local
这样就可以了
http://blog.erahere.com/%E9%85%8D%E7%BD%AEcentos6-1-sshd%E7%AB%AF%E5%8F%A3%E7%9A%84%E8%8B%A6%E9%80%BC%E4%B9%8B%E6%97%85/
frdic.com/dic_resource/frdic_grab.js
原代码如下