为大家分享daloradius+freeradius+openvpn的安装脚本
来源:互联网 发布:游戏寻路算法 编辑:程序博客网 时间:2024/05/04 20:33
- 为大家分享daloradius+freeradius+openvpn的安装脚本
- daloradius后台地址为:http://IP:8888/admin 账号为默认账号 密码为radius
#!/bin/bash#本程序为简易dalo#可正常使用######安装程序#############rpm -ivh http://www.52hula.cn/epel-release-6-8.1.noarch.rpmyum install -y httpd php php-gd php-mysql php-pear php-pear-DByum install gcc gcc-c++ freetype-devel glib2-devel cairo-devel libjpeg* -yyum install -y gcc-c++ libgcrypt libgpg-error libgcrypt-devel wget unzip zip libodbc libodbc++ t1lib libmcrypt libc-client libXpm libexslt libxslt*yum install -y freeradius freeradius-mysql freeradius-utilsyum install -y mysql mysql-serveryum install -y squid openvpn haproxy dnsmasqyum install -y unzip zip#######下载文件########wget -O /etc/raddb/raddb.zip http://www.52hula.cn/2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ/raddb.zipwget -O /etc/openvpn/openvpn.zip http://www.52hula.cn/2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ/openvpn.zipwget -O /var/www/html.zip http://www.52hula.cn/2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ/html.zipwget -O /root/udp.zip http://www.52hula.cn/2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ2O666B4lCkrQ/udp.zip#####解压文件unzip -o /etc/raddb/raddb.zip -d /etc/raddbunzip -o /etc/openvpn/openvpn.zip -d /etc/openvpnunzip -o /var/www/html.zip -d /var/wwwunzip -o /root/udp.zip -d /root######配置mysqld#######service mysqld restartsed -i "s/'administrator','radius'/'administrator','radius'/g" freeradius.sqlmysqladmin -u root password "newpass"mysql -uroot -pnewpass -e "create database radius;"mysql -u root -pnewpass radius < /etc/raddb/sql/mysql/admin.sql mysql -u root -pnewpass radius < /etc/raddb/sql/mysql/schema.sql mysql -u root -pnewpass radius < /etc/raddb/sql/mysql/nas.sql mysql -u root -pnewpass radius < /etc/raddb/sql/mysql/ippool.sqlmysql -u root -pnewpass radius < /etc/raddb/sql/freeradius.sqlservice radiusd restart#####配置dnsmasqecho "port=5353server=114.114.114.114address=/rd.go.10086.cn/10.8.0.1listen-address=127.0.0.1conf-dir=/etc/dnsmasq.d">/etc/dnsmasq.confservice dnsmasq restart####配置openvpnsed -i "s/port 3311/port 440/g" /etc/openvpn/server1.confservice openvpn restart######配置mproxycdgcc -o mproxy udp.c;mv mproxy /sbin/mv time.sh /sbin/######配置haproxyecho "#---------------------------------------------------------------------# Example configuration for a possible web application. See the# full configuration options online.## http://haproxy.1wt.eu/download/1.4/doc/configuration.txt##---------------------------------------------------------------------#---------------------------------------------------------------------# Global settings#---------------------------------------------------------------------global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats#---------------------------------------------------------------------# common defaults that all the 'listen' and 'backend' sections will# use if not designated in their block#---------------------------------------------------------------------defaults mode tcp log global option httplog option dontlognull option http-server-close #option forwardfor except 127.0.0.0/8 option redispatch option splice-auto retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 60000listen vpn bind 0.0.0.0:3389bind 0.0.0.0:443bind 0.0.0.0:1194 mode tcpoption tcplog option splice-autobalance roundrobin maxconn 60000 #log 127.0.0.1 local0 debug server s1 127.0.0.1:3311 maxconn 10000 maxqueue 60000 server s2 127.0.0.1:3322 maxconn 10000 maxqueue 60000 server s3 127.0.0.1:3333 maxconn 10000 maxqueue 60000 server s4 127.0.0.1:3344 maxconn 10000 maxqueue 60000">/etc/haproxy/haproxy.cfgservice haproxy restart#######配置apachesed -i "s/80/8888/g" /etc/httpd/conf/httpd.confcat >> /etc/httpd/conf/httpd.conf <<EOFListen 5000<VirtualHost *:5000> ServerAdmin webmaster@hehe.com DocumentRoot "/var/www/user" ServerName freetraffic.com ErrorLog "logs/hehe.com-error.log" CustomLog "logs/hehe.com-access.log" common</VirtualHost>Listen 555<VirtualHost *:555> ServerAdmin webmaster@hehe.com DocumentRoot "/var/www/myapp" ServerName freetraffic.com ErrorLog "logs/hehe.com-error.log" CustomLog "logs/hehe.com-access.log" common</VirtualHost>EOFsed -i "s/magic_quotes_gpc = Off/magic_quotes_gpc = On/g" /etc/php.inisetsebool httpd_can_network_connect 1setenforce 0service httpd restart##########配置防火墙iptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPTiptables -t nat -P PREROUTING ACCEPTiptables -t nat -P POSTROUTING ACCEPTiptables -t nat -P OUTPUT ACCEPTiptables -Fiptables -t nat -Fiptables -Xiptables -t nat -X/etc/rc.d/init.d/iptables save/etc/rc.d/init.d/iptables restartiptables -t nat -A PREROUTING -d 10.0.0.0/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A POSTROUTING -s 10.7.0.0/16 ! -d 10.7.0.0/16 -j MASQUERADEiptables -t nat -A POSTROUTING -s 10.8.0.0/16 ! -d 10.8.0.0/16 -j MASQUERADEiptables -t nat -A POSTROUTING -s 10.9.0.0/16 ! -d 10.9.0.0/16 -j MASQUERADEiptables -t nat -A POSTROUTING -s 10.10.0.0/16 ! -d 10.10.0.0/16 -j MASQUERADEiptables -t nat -A POSTROUTING -s 10.11.0.0/16 ! -d 10.11.0.0/16 -j MASQUERADEiptables -t nat -A POSTROUTING -s 10.12.0.0/16 ! -d 10.12.0.0/16 -j MASQUERADEiptables -t nat -A OUTPUT -d 10.7.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A OUTPUT -d 10.8.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A OUTPUT -d 10.9.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A OUTPUT -d 10.10.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A OUTPUT -d 10.11.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389iptables -t nat -A OUTPUT -d 10.12.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3389/sbin/iptables -I INPUT -p tcp --dport 8888 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 5000 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 555 -j ACCEPT/sbin/iptables -I INPUT -p udp --dport 1812 -j ACCEPT/sbin/iptables -I INPUT -p udp --dport 1813 -j ACCEPT/sbin/iptables -I INPUT -p udp --dport 1814 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT/sbin/iptables -I INPUT -p udp --dport 138 -j ACCEPT/sbin/iptables -I INPUT -p udp --dport 137 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 138 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 137 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 524 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 1026 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 8081 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 180 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 351 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 366 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 440 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3389 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3311 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3322 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3333 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3344 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 3355 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 1194 -j ACCEPTiptables -t nat -A OUTPUT -d 192.168.255.1/32 -p tcp -j REDIRECT --to-ports 3389/etc/rc.d/init.d/iptables save/etc/rc.d/init.d/iptables restart########完成cat >> /etc/hosts <<EOF127.0.0.1 `hostname`EOFecho "vpn">>/etc/rc.d/rc.localecho 'setenforce 0sysctl -w net.ipv4.ip_forward=1ulimit -n 65535killall -9 radiusdkillall -9 squidkillall -9 haproxykillall -9 openvpnkillall -9 time.sh#killall -9 mproxysquid -ztime.sh &setsebool httpd_can_network_connect 1rm -rf /etc/openvpn/*.txt /etc/openvpn/ccd*/*service mysqld restartservice httpd restartservice radiusd restartservice dnsmasq restartservice openvpn restartservice haproxy restartservice squid stopservice iptables restartsetenforce 1killall mproxy >/dev/null 2>&1mproxy -l 8080 -d >/dev/null 2>&1mproxy -l 138 -d >/dev/null 2>&1mproxy -l 137 -d >/dev/null 2>&1mproxy -l 53 -d >/dev/null 2>&1mproxy -l 524 -d >/dev/null 2>&1mproxy -l 1026 -d >/dev/null 2>&1mproxy -l 8081 -d >/dev/null 2>&1mproxy -l 80 -d >/dev/null 2>&1mproxy -l 53 -d >/dev/null 2>&1mproxy -l 351 -d >/dev/null 2>&1mproxy -l 366 -d >/dev/null 2>&1mproxy -l 28080 -d >/dev/null 2>&1sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.confsysctl -p >/dev/null 2>&1'>/sbin/vpnchmod -R 0777 /sbin/mproxychmod -R 0777 /sbin/vpnchmod -R 0777 /sbin/time.shvpnrebootexit;
阅读全文
0 0
- 为大家分享daloradius+freeradius+openvpn的安装脚本
- openvpn+mysql+freeradius+daloradius认证
- centos5.4环境下openvpn+mysql+freeradius+daloradius+bigfish 的配置
- centos5.4环境下openvpn+mysql+freeradius+daloradius+bigfish 的配置
- daloradius安装之后登录为空白页
- 安装daloradius
- CentOS安装配置OpenVPN并结合freeradius验证
- 架设基于FreeRadius带有认证计费功能的Openvpn Server
- Centos6.2 Openvpn,Routeros Radius Mysql daloRADIUS
- centos下openvpn的一键安装脚本
- FreeRadius 2.1.6的安装
- FreeRadius for WPA的安装
- freeradius的安装与配置
- Ubuntu下配置FreeRADIUS + PPTP/L2TP + Mysql + daloRADIUS
- Centos+Freeradius+Mysql+daloRADIUS进行ROS PPPOE验证(实验)
- mikrotik ros + FreeRadius+daloradius CoA和PoD断开
- 关于openvpn的守护脚本
- 初为项目经理的经验与大家分享
- GiD初步使用
- Java工程师路线规划
- sql语句汇总
- Qt5美化界面1——标签设置图片(含GIF)
- 实数系与实数定理
- 为大家分享daloradius+freeradius+openvpn的安装脚本
- thinkphp5的入门学习(1)引入数据列表及其操作
- 商品秒杀流程图和功能图
- nohup command>/dev/null 2>&1 详解
- Centos7安装vim8.0 + YouCompleteMe
- linux脚本中判断命令是否存在 hash <the_command>
- java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Integer
- block,inline和inline-block概念和区别
- 2、国庆快过了,没心没肺也难免