Ceric35

Outils pour utilisateurs

Outils du site

Piste :
public:tutorial:vpnpppoverssh

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
public:tutorial:vpnpppoverssh [2011/07/08 15:17] ceric35public:tutorial:vpnpppoverssh [2023/02/13 13:39] (Version actuelle) – modification externe 127.0.0.1
Ligne 38: Ligne 38:
 $IPTABLES -A FORWARD -i ppp0 -o eth0 -m state ! --state INVALID -j ACCEPT $IPTABLES -A FORWARD -i ppp0 -o eth0 -m state ! --state INVALID -j ACCEPT
 $IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT</code> $IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT</code>
 +
 +Il faut egalement autorisé l'utilsateur 'vpn' a pourvoir lancer
 +pppd avec les droit root et sans mot de passe via sudo.
 +
 +Editer les droit sudo via 'visudo' et ajoutez :
 +<code>vpn     ALL=(root)NOPASSWD:/usr/sbin/pppd</code>
  
 ===== Clients ===== ===== Clients =====
Ligne 44: Ligne 50:
  
 <code>#!/sbin/runscript <code>#!/sbin/runscript
-# +Copyright 1999-2011 Gentoo Foundation 
-# This script initiates a ppp-ssh vpn connection. +Distributed under the terms of the GNU General Public License v2 
-see the VPN PPP-SSH HOWTO on http://www.linuxdoc.org for more information. +$Header: $
-+
-# revision history: +
-# 1.6 11-Nov-1996 miquels@cistron.nl +
-# 1.7 20-Dec-1999 bart@jukie.net +
-# 2.0 16-May-2001 bronson@trestle.com +
-# 2.1 23-jan-2006 anthony@nonsenz.org +
- +
-+
-# The rest of this file should not need to be changed. +
-# +
- +
-PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/: +
- +
-+
-# required commands... +
-+
- +
-PPPD=/usr/sbin/pppd +
-SSH=/usr/bin/ssh +
- +
-if ! test -f $PPPD  ; then echo "can't find $PPPD";  exit 3; fi +
-if ! test -f $SSH   ; then echo "can't find $SSH";   exit 4; fi+
  
-case "$1" in +#PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/
-  start) +PPPD=${PPPD:-/usr/sbin/pppd} 
-    echo -n "Starting vpn to $SERVER_HOSTNAME" +SSH=${SSH:-/usr/bin/ssh}
-    ${PPPD} updetach noauth passive pty "sudo -u ${SERVER_USERNAME${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} +
-    route add -net ${LAN_NETWORKnetmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0 +
-    echo " vpn connected." +
-    ;;+
  
-  stop) +depend() { 
-        echo -n "Stopping vpn to $SERVER_HOSTNAME:+ need net 
-        PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' | awk '{print $1}'` + after sshd 
-        if [ "${PID}" != "" ]; then + use logger dns 
-          kill $PID +}
-          echo "disconnected." +
-        else +
-          echo "Failed to find PID for the connection" +
-        fi +
-    ;;+
  
-  config+start({ 
-    echo "SERVER_HOSTNAME=$SERVER_HOSTNAME" + echo -n "Starting vpn to $SERVER_HOSTNAME
-    echo "SERVER_USERNAME=$SERVER_USERNAME+ #echo ${PPPD} updetach noauth passive pty \"${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth\${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} 
-    echo "SERVER_IFIPADDR=$SERVER_IFIPADDR+ ${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} 
-    echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR+ route add -net ${LAN_NETWORK} netmask ${LAN_NETMASK} gw ${SERVER_IFIPADDR} dev ppp0 
-  ;;+ echo " vpn connected.
 +}
  
-  *+stop({ 
-    echo "Usage: vpn {start|stop|config}" + echo -n "Stopping vpn to $SERVER_HOSTNAME:
-    exit 1 + PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -p ${SERVER_PORT} -l ${SERVER_USERNAME} -o" grep -v ' passive ' grep -v 'grep ' | awk '{print $1}'` 
-    ;; + if [ "${PID}" != "" ]; then 
-esac+ kill $PID 
 +         echo "disconnected." 
 + else 
 +         echo "Failed to find PID for the connection" 
 + fi 
 +}
  
-exit 0</code>+restart() { 
 + stop 
 + start 
 +}</code>
  
 et ''/etc/conf.d/vpnpppssh'' et ''/etc/conf.d/vpnpppssh''
Ligne 108: Ligne 92:
 <code># The host name or IP address of the SSH server that we are <code># The host name or IP address of the SSH server that we are
 # sending the connection request to: # sending the connection request to:
-SERVER_HOSTNAME=ceric35.homelinux.org+SERVER_HOSTNAME=ceric35.net
  
 # The TCP port used by sshd (usually 22) # The TCP port used by sshd (usually 22)
public/tutorial/vpnpppoverssh.1310138275.txt.gz · Dernière modification : 2023/02/13 13:39 (modification externe)

Outils de la page

Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki