Linux - ñòàòüè

Óñòàíîâêà ïðîãðàìì vpn-server è vpn-client


Äëÿ óñòàíîâëåíèÿ VPN-ñîåäèíåíèÿ íóæíû äâå ïðîãðàììû: vpn-client óñòàíàâëèâàåò ñîåäèíåíèå ñ ñåðâåðîì ïî ïðîòîêîëó SSH, à vpn-server ïðèíèìàåò ñîåäèíåíèå. Ñêà÷àòü ýòè ôàéëû ìîæíî ñ íàøåãî web-ñàéòà www.buildinglinuxvpns.net. Óñòàíîâèì èõ â äîìàøíèå êàòàëîãè ïîëüçîâàòåëåé sshvpn êëèåíòà è ñåðâåðà ñëåäóþùèì îáðàçîì: falcons-client# mkdir /opt/ssh-vpn/bin; chmod 755 /opt/ssh-vpn/bin

falcons-client# cp vpn-client /opt/ssh-vpn/bin; chmod 755 /opt/ssh-vpn/bin/*

bears-server# mkdir /opt/ssh-vpn/bin; chmod 755 /opt/ssh-vpn/bin

bears-server# cp vpn-server /opt/ssh-vpn/bin; chmod 755 /opt/ssh-vpn/bin/*

Ôàéëû óñòàíàâëèâàåì îò èìåíè ïîëüçîâàòåëÿ root, ÷òîáû âçëîì ïîëüçîâàòåëÿ sshvpn íå ïîçâîëèë èçìåíèòü ôàéëû.

Ïðîãðàììû vpn-client è vpn-server ïðåäñòàâëåíû íà Ðàñïå÷àòêàõ 3.1 è 3.2 ñîîòâåòñòâåííî. Âìåñòî òîãî, ÷òîáû ïåðåïå÷àòûâàòü, âîçüìèòå èõ ñ íàøåé web-ñòðàíèöû, ìû îñóùåñòâëÿåì ïîääåðæêó ïîñëåäíèõ âåðñèé ïðîãðàìì â ðåæèìå online.

Ðàñïå÷àòêà 3.1 Ïðîãðàììà vpn-client

#!/bin/sh

# Çäåñü óêàæèòå ïîëîæåíèå # âàøåé äèðåêòîðèè äëÿ óñòàíîâêè SSH VPN SSH_VPN_DIR=/opt/ssh-vpn

# Îòñþäà è íèæå íèêàêèõ èçìåíåíèé äåëàòü íå íóæíî

vpn_config () { vpn_network=$1 # Áåðåì ãëîáàëüíûå ïåðåìåííûå . $SSH_VPN_DIR/etc/ssh-vpn.conf exit 0 # Áåðåì vpn-ñïåöèôè÷åñêèå ïåðåìåííûå VPN_CONFIG=$SSH_VPN_DIR/etc/$vpn_network . $VPN_CONFIG exit 0 if [ “$client_debug” = “yes” ] ; then set -x client_pppd_args=”$client_pppd_args debug” fi }

run_as_sshvpn () { whoami=`$WHOAMI` pwd=`pwd` case “$whoami” in root) exec $SU - $SSH_VPN_USER “-ccd $pwd;$0 $*”; exit 0; ;; $SSH_VPN_USER) ;; *) echo “$0 Must be run as $SSH_VPN_USER” >&2; exit 1; ;; esac }

# Îïðåäåëÿåì, ÷òî íóæíî äåëàòü:

if [ ! -z “$LINKNAME” ] ; then # Áûë âûçîâ ñêðèïòà ip-up èç pppd

vpn_config $LINKNAME



# Êîíôèãóðèðóåì íîâûé ìàðøðóò # sudo íå íóæíî, âûçîâ áûë èç pppd îò èìåíè root # ïåðåìåííóþ $IPREMOTE óñòàíîâèë äëÿ íàñ äåìîí pppd [ “$server_network” ] && $ROUTE add -net $server_network gw $IPREMOTE

exit 0;

elif [ “$1” = “stop” ] ; then # Âûçîâ áûë â ñòèëå init.d îäíèì èç # ñëåäóþùèõ ñïîñîáîâ: # /etc/init.d/vpn-client stop vpn1 # /etc/init.d/vpn1 stop # /etc/rcX.d/S##vpnname stop


[ “$2” ] && vpn_config “$2” \ vpn_config `basename $0 | sed -e ‘s/^[SK][0-9][0-9]//’`

# Îñòàíàâëèâàåì ïðîöåññû pppd è stunnel kill `head -1 $PIDDIR/ppp-$vpn_network.pid` 2>/dev/null exit 0;

elif [ “$1” = “start” ] ; then # âûçîâ â ñòèëå init.d, ñõîäíûé ñ âûøåîïèñàííûì.

[ “$2” ] && vpn_config “$2” \ vpn_config `basename $0 | sed -e ‘s/^[SK][0-9][0-9]//’` run_as_sshvpn “$@” # Óáåäèìñÿ, ÷òî ìû íå ÿâëÿåìñÿ root èëè äð..

# Ïåðåõîäèì ê íà÷àëó .

elif [ $# -eq 1 ] ; then vpn_config $1 run_as_sshvpn “$@” # Óáåäèìñÿ, ÷òî ìû íå ÿâëÿåìñÿ root èëè äð.

# Ïåðåõîäèì ê èçíà÷àëüíîìó ñîñòîÿíèþ.

else echo “Usage: $0 destination start|stop” >&2 echo “Usage: $0 start|stop” >&2 echo “Usage: (if $0 is a vpn name)” >&2 exit 1 fi

# Óíèâåðñàëüíûå àðãóìåíòû ssh # (äà, çäåñü åñòü äâà ïàðàìåòðà ‘-t’ ) SSH_ARGS=”-oBatchMode=yes -enone -t -t”

# Óíèâåðñàëüíûå àðãóìåíòû pppd PPPD_ARGS=”updetach lock connect-delay 10000 name $vpn_network-client \ user $vpn_network-client linkname $vpn_network \ remotename $vpn_network-server $client_pppd_args pty”

# Âíîñèì èçìåíåíèÿ â PPPD_ARGS # äëÿ íóæíîãî óðîâíÿ àóòåíòèôèêàöèè

if [ “$client_require_pap” = “yes” ] ; then PPPD_ARGS=”require-pap $PPPD_ARGS” elif [ “$client_require_chap” = “yes” ] ; then PPPD_ARGS=”require-chap $PPPD_ARGS” else PPPD_ARGS=”noauth $PPPD_ARGS” fi

# Çàïóñê ïðîöåññîâ pppd/ssh $SUDO $PPPD $PPPD_ARGS \ “$SUDO -u $SSH_VPN_USER $SSH $SSH_ARGS $client_ssh_args $vpn_network”

Ðàñïå÷àòêà 3.2 Ïðîãðàììà vpn-server

#!/bin/sh

# Çäåñü óêàæèòå ïîëîæåíèå # âàøåé äèðåêòîðèè äëÿ óñòàíîâêè SSH VPN SSH_VPN_DIR=/opt/ssh-vpn

# Îòñþäà è íèæå íèêàêèõ èçìåíåíèé äåëàòü íå íóæíî

vpn_config () { # Êîíôèãóðèðóåì ïåðåìåííûå VPN vpn_network=$1 # Áåðåì ãëîáàëüíûå ïåðåìåííûå . $SSH_VPN_DIR/etc/ssh-vpn.conf # Áåðåì vpn-ñïåöèôè÷íûå ïåðåìåííûå VPN_CONFIG=$SSH_VPN_DIR/etc/$vpn_network . $VPN_CONFIG exit 0 # Ïðîâåðêà íà íàëè÷èå êîíôèãóðàöèè. Âîçìîæíî, # ÷òî âûçîâ áûë èç ñêðèïòà ip-up # ïðè ñîçäàíèè äðóãîé VPN. Åñëè ýòî òàê, # ïðîñòî âûõîäèì. if [ “$server_debug” = “yes” ] ; then set -x server_pppd_args=”$server_pppd_args debug” fi } run_as_sshvpn () { whoami=`$WHOAMI` pwd=`pwd` case “$whoami” in root) exec $SU - $SSH_VPN_USER “-ccd $pwd;$0 $*”; exit 0; ;; $SSH_VPN_USER) ;; *) echo “$0 Must be run as $SSH_VPN_USER” >&2; exit 1; ;; esac } if [ “$LINKNAME” ] ; then # Áûë âûçîâ ñêðèïòà ip-up èç pppd



vpn_config $LINKNAME

# Êîíôèãóðèðóåì íîâûé ìàðøðóò # sudo íå òðåáóåòñÿ, # çàïóñê áûë èç pppd îò èìåíè root # ïåðåìåííóþ PREMOTE óñòàíîâèë çà íàñ äåìîí pppd [ “$client_network” ] && $ROUTE add -net $client_network gw $IPREMOTE

exit 0

elif [ “$1” = “pppd” ] ; then # Âûçîâ áûë èç ôàéëà authorized_keys{2} # ‘vpn-server pppd vpn1’ êàê SSH_VPN_USER

vpn_config $2

# Óíèâåðñàëüíûå àðãóìåíòû pppd PPPD_ARGS=”updetach linkname $vpn_network \ remotename $vpn_network-client user $vpn_network-server \ name $vpn_network-server $server_pppd_args”

if [ “$server_require_pap” = “yes” ] ; then PPPD_ARGS=”require-pap $PPPD_ARGS” elif [ “$server_require_chap” = “yes” ] ; then PPPD_ARGS=”require-chap $PPPD_ARGS” else PPPD_ARGS=”noauth $PPPD_ARGS” fi

# Çàãðóçêà pppd $SUDO $PPPD $PPPD_ARGS $server_ppp_ip:$client_ppp_ip

elif [ “$1” = “stop” ] ; then # Âûçîâ áûë â ñòèëå init.d [ “$2” ] && vpn_config “$2” \ vpn_config `basename $0 | sed -e ‘s/^[SK][0-9][0-9]//’`

# Îñòàíàâëèâàåì ïðîöåññ pppd kill `head -1 $PIDDIR/ppp-$vpn_network.pid` 2>/dev/null exit 0;

elif [ “$1” = “start” ] ; then # Âûçîâ áûë â ñòèëå init.d

echo “You can’t start an SSH-VPN connection from the server.” >&2 exit 1;

else echo “Usage: $0 stop” >&2 echo “” >&2 echo “This program is meant to be called by sshd or to stop “ >&2 echo “an existing VPN. It cannot be called manually.” >&2 exit 1 fi


Ñîäåðæàíèå ðàçäåëà