Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
public:tutorial:vpnpppoverssh [2011/07/07 21:34] – ceric35 | public:tutorial:vpnpppoverssh [2023/02/13 13:39] (Version actuelle) – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 9: | Ligne 9: | ||
* le réseau ppp est en 192.168.35.0/ | * le réseau ppp est en 192.168.35.0/ | ||
* l' | * l' | ||
+ | |||
+ | ===== Installation ===== | ||
+ | |||
+ | Les kernel doivent être compilé avec le support de PPP: | ||
+ | * | ||
+ | * | ||
+ | * | ||
+ | * | ||
+ | * | ||
+ | * | ||
+ | * | ||
+ | |||
+ | '' | ||
===== Serveur ===== | ===== Serveur ===== | ||
Ligne 25: | Ligne 38: | ||
$IPTABLES -A FORWARD -i ppp0 -o eth0 -m state ! --state INVALID -j ACCEPT | $IPTABLES -A FORWARD -i ppp0 -o eth0 -m state ! --state INVALID -j ACCEPT | ||
$IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED, | $IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED, | ||
+ | |||
+ | Il faut egalement autorisé l' | ||
+ | pppd avec les droit root et sans mot de passe via sudo. | ||
+ | |||
+ | Editer les droit sudo via ' | ||
+ | < | ||
===== Clients ===== | ===== Clients ===== | ||
Ligne 31: | Ligne 50: | ||
< | < | ||
- | # | + | # Copyright 1999-2011 Gentoo Foundation |
- | # This script initiates a ppp-ssh vpn connection. | + | # Distributed under the terms of the GNU General Public License v2 |
- | # see the VPN PPP-SSH HOWTO on http:// | + | # $Header: $ |
- | # | + | |
- | # revision history: | + | |
- | # 1.6 11-Nov-1996 miquels@cistron.nl | + | |
- | # 1.7 20-Dec-1999 bart@jukie.net | + | |
- | # 2.0 16-May-2001 bronson@trestle.com | + | |
- | # 2.1 23-jan-2006 anthony@nonsenz.org | + | |
- | + | ||
- | # | + | |
- | # The rest of this file should not need to be changed. | + | |
- | # | + | |
- | + | ||
- | PATH=/ | + | |
- | + | ||
- | # | + | |
- | # required commands... | + | |
- | # | + | |
- | + | ||
- | PPPD=/ | + | |
- | SSH=/ | + | |
- | + | ||
- | if ! test -f $PPPD ; then echo " | + | |
- | if ! test -f $SSH ; then echo " | + | |
- | case " | + | # |
- | start) | + | PPPD=${PPPD:-/ |
- | echo -n " | + | SSH=${SSH:-/ |
- | ${PPPD} updetach noauth passive pty " | + | |
- | route add -net ${LAN_NETWORK} netmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0 | + | |
- | echo " vpn connected." | + | |
- | ;; | + | |
- | stop) | + | depend() { |
- | echo -n " | + | need net |
- | PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' | awk ' | + | after sshd |
- | if [ " | + | use logger dns |
- | kill $PID | + | } |
- | echo " | + | |
- | | + | |
- | echo " | + | |
- | fi | + | |
- | ;; | + | |
- | config) | + | start() { |
- | echo "SERVER_HOSTNAME=$SERVER_HOSTNAME" | + | echo -n "Starting vpn to $SERVER_HOSTNAME: " |
- | echo " | + | #echo ${PPPD} updetach noauth passive pty \"${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth\" |
- | | + | ${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" |
- | echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR" | + | route add -net ${LAN_NETWORK} netmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0 |
- | ;; | + | echo " |
+ | } | ||
- | *) | + | stop() { |
- | echo "Usage: | + | echo -n "Stopping |
- | exit 1 | + | PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" |
- | ;; | + | if [ "${PID}" |
- | esac | + | kill $PID |
+ | echo " | ||
+ | else | ||
+ | echo " | ||
+ | fi | ||
+ | } | ||
- | exit 0</ | + | restart() { |
+ | stop | ||
+ | start | ||
+ | }</ | ||
et ''/ | et ''/ | ||
Ligne 95: | Ligne 92: | ||
< | < | ||
# sending the connection request to: | # sending the connection request to: | ||
- | SERVER_HOSTNAME=ceric35.homelinux.org | + | SERVER_HOSTNAME=ceric35.net |
# The TCP port used by sshd (usually 22) | # The TCP port used by sshd (usually 22) | ||
Ligne 103: | Ligne 100: | ||
# For security reasons, this should NOT be root. (Any user | # For security reasons, this should NOT be root. (Any user | ||
# that can use PPP can intitiate the connection on the client) | # that can use PPP can intitiate the connection on the client) | ||
- | SERVER_USERNAME=vpnuser | + | SERVER_USERNAME=vpn |
# The VPN network interface on the server should use this address: | # The VPN network interface on the server should use this address: |