Différences

Ci-dessous, les différences entre deux révisions de la page.

--- public:tutorial:vpnpppoverssh [2011/07/07 21:34] – ceric35
+++ public:tutorial:vpnpppoverssh [2023/02/13 13:39] (Version actuelle) – modification externe 127.0.0.1
@@ Ligne 9: / Ligne 9: @@
   * le réseau ppp est en 192.168.35.0/24
   * l'adresse 192.168.35.254 ne doit pas être utiliser par les clients (pas compris à quoi elle servait)
+===== Installation =====
+Les kernel doivent être compilé avec le support de PPP:
+  *   CONFIG_PPP:	 missing PPP support (REQUIRED)
+  *   CONFIG_PPP_ASYNC:	 missing asynchronous serial line discipline (optional, but highly recommended)
+  *   CONFIG_PPP_SYNC_TTY:	 missing synchronous serial line discipline (optional; used by 'sync' pppd option)
+  *   CONFIG_PPP_DEFLATE:	 missing Deflate compression (optional, but highly recommended)
+  *   CONFIG_PPP_BSDCOMP:	 missing BSD-Compress compression (optional, but highly recommended)
+  *   CONFIG_PPP_MPPE:	 missing MPPE encryption (optional, mostly used by PPTP links)
+  *   CONFIG_PPPOE:	 missing PPPoE support (optional, needed by rp-pppoe plugin)
+''net-dialup/ppp'' doit être installé sur les 2 machines.
 ===== Serveur =====
@@ Ligne 25: / Ligne 38: @@
 $IPTABLES -A FORWARD -i ppp0 -o eth0 -m state ! --state INVALID -j ACCEPT
 $IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT</code>
+Il faut egalement autorisé l'utilsateur 'vpn' a pourvoir lancer
+pppd avec les droit root et sans mot de passe via sudo.
+Editer les droit sudo via 'visudo' et ajoutez :
+<code>vpn     ALL=(root)NOPASSWD:/usr/sbin/pppd</code>
 ===== Clients =====
@@ Ligne 31: / Ligne 50: @@
 <code>#!/sbin/runscript
-#
+# Copyright 1999-2011 Gentoo Foundation
-# This script initiates a ppp-ssh vpn connection.
+# Distributed under the terms of the GNU General Public License v2
-# see the VPN PPP-SSH HOWTO on http://www.linuxdoc.org for more information.
+# $Header: $
-#
-# revision history:
-# 1.6 11-Nov-1996 miquels@cistron.nl
-# 1.7 20-Dec-1999 bart@jukie.net
-# 2.0 16-May-2001 bronson@trestle.com
-# 2.1 23-jan-2006 anthony@nonsenz.org
-#
-# The rest of this file should not need to be changed.
-#
-PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
-#
-# required commands...
-#
-PPPD=/usr/sbin/pppd
-SSH=/usr/bin/ssh
-if ! test -f $PPPD  ; then echo "can't find $PPPD";  exit 3; fi
-if ! test -f $SSH   ; then echo "can't find $SSH";   exit 4; fi
-case "$1" in
+#PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
-  start)
+PPPD=${PPPD:-/usr/sbin/pppd}
-    echo -n "Starting vpn to $SERVER_HOSTNAME: "
+SSH=${SSH:-/usr/bin/ssh}
-    ${PPPD} updetach noauth passive pty "sudo -u ${SERVER_USERNAME} ${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
-    route add -net ${LAN_NETWORK} netmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0
-    echo " vpn connected."
-    ;;
-  stop)
+depend() {
-        echo -n "Stopping vpn to $SERVER_HOSTNAME: "
+	need net
-        PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' | awk '{print $1}'`
+	after sshd
-        if [ "${PID}" != "" ]; then
+	use logger dns
-          kill $PID
+}
-          echo "disconnected."
-        else
-          echo "Failed to find PID for the connection"
-        fi
-    ;;
-  config)
+start() {
-    echo "SERVER_HOSTNAME=$SERVER_HOSTNAME"
+	echo -n "Starting vpn to $SERVER_HOSTNAME: "
-    echo "SERVER_USERNAME=$SERVER_USERNAME"
+	#echo ${PPPD} updetach noauth passive pty \"${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth\" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
-    echo "SERVER_IFIPADDR=$SERVER_IFIPADDR"
+	${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
-    echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR"
+	route add -net ${LAN_NETWORK} netmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0
-  ;;
+	echo " vpn connected."
+}
-  *)
+stop() {
-    echo "Usage: vpn {start|stop|config}"
+	echo -n "Stopping vpn to $SERVER_HOSTNAME: "
-    exit 1
+	PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' | awk '{print $1}'`
-    ;;
+	if [ "${PID}" != "" ]; then
-esac
+		kill $PID
+	        echo "disconnected."
+	else
+	        echo "Failed to find PID for the connection"
+	fi
+}
-exit 0</code>
+restart() {
+	stop
+	start
+}</code>
 et ''/etc/conf.d/vpnpppssh''
@@ Ligne 95: / Ligne 92: @@
 <code># The host name or IP address of the SSH server that we are
 # sending the connection request to:
-SERVER_HOSTNAME=ceric35.homelinux.org
+SERVER_HOSTNAME=ceric35.net
 # The TCP port used by sshd (usually 22)
@@ Ligne 103: / Ligne 100: @@
 # For security reasons, this should NOT be root.  (Any user
 # that can use PPP can intitiate the connection on the client)
-SERVER_USERNAME=vpnuser
+SERVER_USERNAME=vpn
 # The VPN network interface on the server should use this address:

Ceric35

Outils pour utilisateurs

Outils du site

Différences

Outils de la page