Početak›Forumi›Linuks distribucije›OpenSuSE›VPN konekcija
- This topic has 3 odgovora, 3 glasa, and was last updated 18 years, 2 months ranije by Bastard.
-
AutorČlanci
-
19. januar 2006. u 11:34 am #6853MishaUčesnik
Da li neko ima iskustva sa VPN konekcijom U SUSE 10,
treba mi VPN da namestim wireless konekciju sa mojim provajderom !!!Pozdrav !!!
21. januar 2006. u 5:05 pm #39602milosh76UčesnikJa bih dodao, kako se preko ADSL-a (ruter povezan preko mreznog kabla) pravi VPN konekcija. Verovatno nema neke specijalne razlike, al eto da dodam pitanje 🙂
25. januar 2006. u 11:42 pm #39603BastardUčesnikImas u network forumu resenje koje sam ja naso sa skriptom u init.d koju namestim da se startuje u yast2 runlevel editoru a takodje su ti potrebne ip-up.local i ip-down.local skripte u /etc/ppp
Takodje sam pisao o ovome na elitesecurityGnjavio sam ljude na suse irc-u i oni tvrde da sada radi sa wvdial sto nije slucaj sa suse 10 rc1 koji ja imam i koji moze da uspostavi samp pppoe a ne i pptp (kazu nekoristi se za obicne korisnike)
26. januar 2006. u 3:23 am #39604BastardUčesnikEvo ovde ako te mrzi da trazis imas nesto
http://www.linuxo.org/modules.php?name=Forums&file=viewtopic&t=4691&highlight=vpn
[code]
#!/bin/sh(
/sbin/ip route add ip_dns_servera via ip_rutera dev eth0 src ip_lan_kartice/sbin/ip route replace default dev ‘ppp0’
)
[/code]
[code]
#!/bin/sh(
/sbin/ip route del ip_dns_servera via ip_rutera dev eth0 src ip_lan_kartice/sbin/ip route replace default dev ‘eth0′
)
[/code][code]
#!/bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany. All rights reserved.
#
# Author: Bastard
#
# /etc/rc.d/init.d/pptp_tunel
#### BEGIN INIT INFO
# Provides: pptp_tunel
# Required-Start: $network
# Required-Stop:
# Default-Start: 3 5
# Default-Stop:
# Description: start pptp donet
### END INIT INFONAME=”Donet”
ADDRESS=vpn.server.com
USER=’korisnik’
ECN=0
DEBUG=start_pptp() {
echo $ECN > /proc/sys/net/ipv4/tcp_ecn
if /usr/sbin/pptp $ADDRESS user $USER noauth $DEBUG; then
touch /var/lock/subsys/pptp
echo “PPTP Connection to $NAME Started”
fi
}stop_pptp() {
if killall /usr/sbin/pptp 2> /dev/null; then
echo “Stopped pptp”
else
rm -f /var/run/pptp/*
fi# if killall pppd; then
# echo “Stopped pppd”
# firm -f /var/lock/subsys/pptp
echo 1 > /proc/sys/net/ipv4/tcp_ecn
}case “$1” in
start)
echo “Starting PPTP Connection to ${NAME}…”
start_pptp
;;
stop)
echo “Stopping $NAME PPTP Connection…”
stop_pptp
;;
restart)
echo “Restarting $NAME PPTP Connection…”
stop_pptp
start_pptp
;;
status)
ifconfig
;;
*)
echo “Usage: $0 {start|stop|restart|status}”
;;
esac[/code]
Prvi skript je ip-up.local a drugi ip-down.local (oba idu u /etc/ppp folder
Treci skript ide u /etc/init.d i mozes podesiti u yast 2 runlevel editoru da se pali sam pri boot-u.Ako nece da izadje komanda u runlevel editoru upisi killall pptp u konzoli kao root
Mozes ga pokrenuti iz konzole kao root komandom /etc/init.d/pptp start (moze i stop ,restart…)
U prva dva umesto ip_dns_servera , ip_lan_kartice i td upisi tvoje ip
U treci umesto vpn.server.com upisi adresu tvog servera a umesto korisnik upisi tvoje korisnicko imeMnogo vazno je da ti u options fajlu bude iskljuceno nodetach jer ti pri boot-u moze da zakuca konzolu.Evoti moj options fajl
[code]
# /etc/ppp/options
#
# Not every option is listed here, see man pppd for more details. This file
# is read by the pppd, it is an error when it is not present.
#
# Use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
## The name of this server. Often, the FQDN is used here.
#name# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If “noipdefault” is given, this
# is disabled and the peer will have to supply an IP address.
noipdefault# With this option, pppd will accept the peer’s idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local# With this option, pppd will accept the peer’s idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote# Run the executable or shell command specified after pppd has terminated
# the link. This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect “chat — d+++dc OK ath0 OK”# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
noauth# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
#crtscts# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock# Use the modem control lines.(is default)
#modem
# The opposite: local
#
# Description:
# Don’t use the modem control lines. With this option, pppd will ignore the
# state of the CD (Carrier Detect) signal from the modem and will not change
# the state of the DTR (Data Terminal Ready) signal.
#
# You need to disable modem and enable local if you want to connect to anoter
# system without using a modem:
local# async character map — 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents ‘x01’, and 0x80000000 represents ‘x1f’.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use “escape ff”.)
#asyncmap 200a0000
asyncmap 0# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap# Set the MRU [Maximum Receive Unit] value to for negotiation. pppd
# will ask the peer to send packets of no more than bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default –
# PPPoE Header: 1500 – 8 = 1492)
# mru 1492# Set the MTU [Maximum Transmit Unit] value to . Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default – PPPoE Header: 1500 – 8 = 1492)
# mtu 1492# Set the interface netmask to , a 32 bit netmask in “decimal dot”
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0# Don’t fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#nodetach# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 30# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3# Disable the IPXCP and IPX protocols.
noipx# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more
informations.
file /etc/ppp/filters#————————————————————————-
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#————————————————————————-# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute#————————————————————————-
# All options below only make sense if you configure pppd to be a dial-in
# server, so don’t touch these if you want dial into your provider with
# PPP!
#————————————————————————-# Set the assumed name of the remote system for authentication purposes
# to .
#remotename# Add an entry to this system’s ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
#proxyarp# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51[/code]
i options.pptp
[code]
#
# Lock the port
#
lock#
# We don’t need the tunnel server to authenticate itself
#
noauth#
# Turn off transmission protocols we know won’t be used
#
nobsdcomp
nodeflate#
# We want MPPE
#
#require-mppe#
# We want a sane mtu/mru
#
mtu 1000
mru 1000#
# Time this thing out of it goes poof
#
lcp-echo-failure 10
lcp-echo-interval 10
[/code]Kod mene je require-mppe iuskljuceno sa # jer je takav vpn server na koji se kacim
Moras editovati i secrets fajl (pap ili chap)
Naprimer pap
[code]
# Secrets for authentication using PAP
# client server secret IP addresses# OUTBOUND CONNECTIONS
# Here you should add your PPP Login and PPP password to connect to your
# provider via pap. The * means that the entry(login and passoword may be
# used for ANY host you connect to.
# Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
#hostname * password
korisnik vpn.server.com korisnicki_password
…………………………………………………………..
[/code]
Znaci ovo je pocetak /etc/ppp/pap-secrets fajla gde sam upisao liniju sa korisnickim imenom serverom i pasvordom.Umesto ovih skripti mozes probati pptp-config program ili pptp-command
Ovo sve ako jos uvek nije moguce podesiti pptp kao dsl u yast-uJos da dodam da je ovo resenje u slucaju da imas ap a ne karticu i protokol je pptp
Ako imas neku drugu opremu i protokol onda je resenje u yast-u -
AutorČlanci
Moraš biti prijavljen da bi postavio komentar u ovoj temi.