`
haoningabc
  • 浏览: 1478064 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

纯技术的weibo及linode

阅读更多
http://weibo.com/xianggebujimo
http://weibo.com/u/2085754030
http://weibo.com/killinux
http://weibo.com/giantchen
http://pushchen.com/
http://guoyong.me

重启vpn
/etc/init.d/ipsec restart
/etc/init.d/xl2tpd restart 

 rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm



linode上网
ssh隧道
http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
配置vpn
http://blog.tech4k.com/?tag=ubuntu
http://www.jacco2.dds.nl/networking/openswan-macosx.html

http://apple4.us/2010/05/setting-up-l2tp-vpn-on-debian-ubuntu.html
这个配置能成功vpn但是不知道怎么用,难道是长城宽带得问题?
ubuntu11.10
apt-get install openswan
/etc/ipsec.conf
root@haoning:~# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Do not set debug options to debug configuration issues!
	# plutodebug / klipsdebug = "all", "none" or a combation from below:
	# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
	# eg:
	# plutodebug="control parsing"
	#
	# enable to get logs per-peer
	# plutoopts="--perpeerlog"
	#
	# Again: only enable plutodebug or klipsdebug when asked by a developer
	#
	# NAT-TRAVERSAL support, see README.NAT-Traversal
	nat_traversal=yes
	# exclude networks used on server side by adding %v4:!a.b.c.0/24
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
	# OE is now off by default. Uncomment and change to on, to enable.
	oe=off
	# which IPsec stack to use. auto will try netkey, then klips then mast
	#protostack=auto
	protostack=netkey
	


# Add connections here

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
conn L2TP-PSK-NAT
	rightsubnet=vhost:%priv
	also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	ikelifetime=8h
	keylife=1h
	type=transport
	left=YOUR.SERVER.IP.ADDRESS
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/%any
#		# Left security gateway, subnet behind it, nexthop toward right.
#		left=10.0.0.1
#		leftsubnet=172.16.0.0/24
#		leftnexthop=10.22.33.44
#		# Right security gateway, subnet behind it, nexthop toward left.
#		right=10.12.12.1
#		rightsubnet=192.168.0.0/24
#		rightnexthop=10.101.102.103
#		# To authorize this connection, but not actually start it, 
#		# at startup, uncomment this.
#		#auto=add

root@haoning:~# 



root@haoning:~# cat /etc/ipsec.secrets
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

# this file is managed with debconf and will contain the automatically created RSA keys
include /var/lib/openswan/ipsec.secrets.inc
YOUR.SERVER.IP.ADDRESS   %any:  PSK "YourSharedSecret"
root@haoning:~# 

for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done

sudo ipsec verify
/etc/init.d/ipsec restart

aptitude install xl2tpd
root@haoning:~# cat /etc/xl2tpd/xl2tpd.conf
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work.  The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global]								; Global parameters:
ipsec saref = yes
;port = 1701						 	; * Bind to port 1701
;auth file = /etc/ppp/chap-secrets
; auth file = /etc/l2tpd/l2tp-secrets 	; * Where our challenge secrets are
; access control = yes					; * Refuse connections without IP match
; rand source = dev                     ; Source for entropy for random
;                                       ; numbers, options are:
;                                       ; dev - reads of /dev/urandom
;                                       ; sys - uses rand()
;                                       ; egd - reads from egd socket
;                                       ; egd is not yet implemented
;
[lns default]							; Our fallthrough LNS definition
; exclusive = no						; * Only permit one tunnel per host
;ip range = 192.168.10.2-192.168.10.250	; * Allocate from this IP range
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5				; * But this one is okay
; ip range = lac1-lac2					; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8		; * These can connect as LAC's
; no lac = untrusted.marko.net			; * This guy can't connect
; hidden bit = no						; * Use hidden AVP's?
;local ip = 192.168.10.1				; * Our local IP to use
; length bit = yes						; * Use length bit in payload?
require chap = yes					; * Require CHAP auth. by peer
refuse pap = yes						; * Refuse PAP authentication
; refuse chap = no						; * Refuse CHAP authentication
; refuse authentication = no			; * Refuse authentication altogether
require authentication = yes			; * Require peer to authenticate
; unix authentication = no				; * Use /etc/passwd for auth.
name = localhost						; * Report this as our hostname
ppp debug = yes						; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns	; * ppp options file
pppoptfile = /etc/ppp/options.xl2tpd	; * ppp options file
length bit = yes
; call rws = 10							; * RWS for call (-1 is valid)
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
; flow bit = yes						; * Include sequence numbers
; challenge = yes						; * Challenge authenticate peer ; 
; rx bps = 10000000				; Receive tunnel speed
; tx bps = 10000000				; Transmit tunnel speed
; bps = 100000					; Define both receive and transmit speed in one option

; [lac marko]							; Example VPN LAC definition
; lns = lns.marko.net					; * Who is our LNS?
; lns = lns2.marko.net					; * A backup LNS (not yet used)
; redial = yes							; * Redial if disconnected?
; redial timeout = 15					; * Wait n seconds between redials
; max redials = 5						; * Give up after n consecutive failures
; hidden bit = yes						; * User hidden AVP's?
; local ip = 192.168.1.1				; * Force peer to use this IP for us
; remote ip = 192.168.1.2				; * Force peer to use this as their IP
; length bit = no						; * Use length bit in payload?
; require pap = no						; * Require PAP auth. by peer
; require chap = yes					; * Require CHAP auth. by peer
; refuse pap = yes						; * Refuse PAP authentication
; refuse chap = no						; * Refuse CHAP authentication
; refuse authentication = no			; * Refuse authentication altogether
; require authentication = yes			; * Require peer to authenticate
; name = marko							; * Report this as our hostname
; ppp debug = no						; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko	; * ppp options file for this lac
; call rws = 10							; * RWS for call (-1 is valid)
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
; flow bit = yes						; * Include sequence numbers
; challenge = yes						; * Challenge authenticate peer 
;
; [lac cisco]							; Another quick LAC
; lns = cisco.marko.net					; * Required, but can take from default
; require authentication = yes			
root@haoning:~# 

aptitude install ppp
root@haoning:~# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 106.187.34.20
ms-dns 106.187.35.20
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
root@haoning:~# 

root@haoning:~# cat  /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
haohao l2tpd testpassword *
#haohao	*	testpassword	*

root@haoning:~# 

/etc/init.d/xl2tpd restart
转发包
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

因为某种原因,openswan 在服务器重启后无法正常自动,所以我们可以在 /etc/rc.local 文件里写入如下语句:
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart


http://hi.baidu.com/%CE%DE%D2%B5%C3%CD%C4%D0/blog/item/31c12e4754defc32cffca3f0.html


mac去掉证书
http://lxneng.com/posts/177
需要连接一个L2TP协议的vpn, 填好信息竟然报错“IPSec 共享密钥”丢失。请验证您的设置并尝试重新连接。 但是这个vpn不需要IPSec 共享密钥啊, google了一把发现需要打补丁来绕过它。

在/etc/ppp目录下新建一个文件options, 写入下面的内容

plugin L2TP.ppp
l2tpnoipsec
就可以无需密钥连接了,最后别忘了把高级设置里面"通过VPN连接发送所有流量"钩上。

-----------
ssh代理上网
ssh -N -f -D 1080 远程服务器ip
lsof -i:1080
ps -ef|grep 4393
netstat -abn |grep 1080

mac的客户端配置socket代理
127.0.0.1
端口 1080
参考ssh隧道;

http://blog.jianingy.com/2009/09/ssh%E9%9A%A7%E9%81%93%E6%8A%80%E6%9C%AF%E7%AE%80%E4%BB%8B/#viewSource
分享到:
评论

相关推荐

    安装设定04 在Linode VPS上架设Ubuntu

    [Ubuntu][Linux][教學]_安裝設定#04_在Linode_VPS上架設Ubuntu

    linode:Linode API的绑定

    Linode linode是(大部分)完整的Go绑定到集合。 它不是特别惯用的。 目标是按照书面形式匹配API,而不是对其进行Go-ify。安装假设您有一个可以运行的Go环境: $ go get github.com/alexsacr/linode用法关于您的期望...

    Api-linode_api4-python.zip

    Api-linode_api4-python.zip,linode apilinode_api4的正式python绑定,一个api可以被认为是多个软件设备之间通信的指导手册。例如,api可用于web应用程序之间的数据库通信。通过提取实现并将数据放弃到对象中,api...

    linode4j:Linode API的Java实现

    linode4j Linode API的Java实现 ##特征 干净,简单的数据访问层和数据对象。 轻松区分必需参数和可选参数。 线程安全的类似Spring的基于模板的数据访问对象。 通过Jackson的超快速序列化。 简化了对所有...

    Linode Xen 下 grsecurity = 4.3 崩溃问题

    自从 Linux 4.3 开始,在 Linode 上使用 PaX/grsecurity 时,内核会在被 pv-grub 执行后不久立即崩溃。由于崩溃是在启动后极早期立刻发生的,没有任何可以用来调试的日志,同时公司也不是盖子开的,也没有办法得到母...

    go-linode:Go中的Linode API客户端

    消极Go库,用于与Linode API进行交互。 。用法导入方式: import github.com/LunaNode/go-linode并用作linode: apiKey := "myKey"client := linode.NewClient(apiKey)linodeID, err := client.CreateLinode(6, 1) /...

    kube-linode:在Linode上配置KubernetesCoreOS集群

    在本教程中,我们将深入探讨如何使用kube-linode项目在Linode云平台上部署一个基于CoreOS的Kubernetes集群。Kubernetes(简称K8s)是一个开源的容器编排系统,用于自动化容器化应用的部署、扩展和管理。CoreOS是专为...

    Python库 | linode_cli-3.1.1-py2.py3-none-any.whl

    《Python库:linode_cli-3.1.1-py2.py3-none-any.whl的详解与应用》 在Python的开发过程中,我们经常会利用各种库来提高开发效率和代码质量。今天我们要深入探讨的是一款名为`linode-cli`的Python库,其对应的安装...

    linodeapi:在 Linode 上部署 CoreOS

    在 Linode 上部署 CoreOS 通过这项工作,您可以轻松地在上部署 。 至于今天(2015 年 1 月)CoreOS 在 Linode 上不可用。 通过这项工作,您可以使用自己的云配置轻松快速地部署 CoreOS。 安装(使用 Docker) 这是...

    linode-dns-tools:linode DNS API 的强大工具。 导入区域文件,全局替换 IP 地址等

    linode-dns-工具 用于的工具集合。 要求 您必须提供您的 linode API 密钥,您可以通过您的 linode 配置文件生成该密钥。 如果当前目录中有.linode-key文件,则使用它,否则使用主目录中的.linode-key文件。 安装 ...

    Python库 | linode_api4-5.1.0-py3-none-any.whl

    《Python库:linode_api4-5.1.0-py3-none-any.whl的深度解析》 在Python的世界里,库是开发者的重要工具,它们提供了丰富的功能,简化了编程工作。今天我们要深入探讨的是一个名为`linode_api4`的Python库,版本号...

    ansible-linode-nodebalancer:Ansible模块,用于创建更新删除Linode Nodebalancers

    ansible-linode-nodebalancer Ansible模块来创建/更新/删除Linode Nodebalancers 要使Ansible能够读取此模块,您必须将其放在“库”文件夹中,并通过编辑ansible.cfg-( )来让ansible知道它在哪里。 安装示例 ...

    linode-provisioner:创建新的Linode并进行一些基本配置的Bash脚本

    Linode预配器这是一个bash脚本,它创建一个新的并进行一些基本配置。 每次我想要一台新服务器时,我基本上都厌倦了使用Web界面创建Linodes并执行相同的基本设置步骤(创建用户,上载ssh密钥,禁用root登录等)。 ...

    docker-machine-driver-linode:使用Linode APIv4的Docker机器的Linode驱动程序插件

    docker-machine-driver-linode 适用于docker-machine的Linode驱动程序插件。安装docker-machine是必需的,。 然后,从为您的环境安装最新版本。从源安装如果你宁愿从源代码编译,你需要有一个工作go 1.11+环境, ...

    Python库 | certbot_dns_linode-0.37.2-py2.py3-none-any.whl

    `certbot_dns_linode-0.37.2-py2.py3-none-any.whl` 是一个Python库的轮子文件,它专为自动化证书管理工具Certbot设计,用于与Linode DNS API集成,以便在Linode的DNS服务上自动配置和验证域名以获取Let's Encrypt的...

    docker-machine-linode:用于Docker机器的Linode驱动程序插件

    docker-machine-linode 适用于docker-machine的Linode驱动程序插件。 需要docker-machine版本> v.0.5.0-rc1 安装 首先,需要搬运工机v0.5.0 RC2,对于如何安装文件docker-machine。 或者您可以通过运行以下命令从...

    linode-dyn-dns:使用 Linode API 的轻量级动态 DNS 服务

    指示在 Linode 的 DNS 管理器中创建 A 记录。 下载脚本: $ git clone https://github.com/andrewchilds/linode-dyn-dns $ cd linode-dyn-dns设置您的 API 密钥,可在找到: $ echo MY_API_KEY > .key获取您的域 ID ...

    php-linode-api:适用于PHP的v4 Linode API [测试]

    _ _ _ ___ ______ _____ | | (_) | | / _ \ | ___ \_ ...适用于PHP的v4.01 Linode API [测试版]。 绝对是一项正在进行的工作。 不使用。 该软件包由澳大利亚机器人开发商H&H | Digital开发。 请访问访问我们。 该软

    terraform-provider-linode:Terraform Linode提供程序

    Linode的Terraform Provider 网站: : 说明文件: : 邮件列表:维护者此提供程序插件由Linode维护。要求 0.12.0+ 1.11.0或更高版本(以构建提供程序插件)使用提供者请参阅以开始使用Linode Provider。 该存储库中...

    kubernetes-linode-setup:在linode上设置kubernetes集群

    概述一路设置主控然后设置小兵CLUSTER_NAME=testSERVICE_IP_RANGE=10.0.0.0/16CLUSTER_POD_IP_RANGE=10.10.0.0/16POD_IP_RANGES=10.10.x.0/24条款Provisioning Master和2个奴才作为Ubuntu 15.04 设置主机名,私有IP...

Global site tag (gtag.js) - Google Analytics