8月 272020
8月 242020
禁用SELinux配置
[root@lsws ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config; [root@lsws ~]# setenforce 0 [root@lsws ~]#
配置仓库
[root@lsws ~]# dnf install http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm
查看仓库配置文件
[root@lsws ~]# cat /etc/yum.repos.d/litespeed.repo [litespeed] name=LiteSpeed Tech Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/centos/$releasever/$basearch/ failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-update] name=LiteSpeed Tech Update Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/centos/$releasever/update/$basearch/ failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-edge] name=LiteSpeed Tech Edge Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/$basearch/ failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-edge-update] name=LiteSpeed Tech Edge Update Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/update/$basearch/ failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [root@lsws ~]#
更新dnf工具缓存
[root@lsws ~]# dnf makecache CentOS-8 - AppStream 12 kB/s | 4.3 kB 00:00 CentOS-8 - Base 7.8 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 2.9 kB/s | 1.5 kB 00:00 LiteSpeed Tech Repository for CentOS 8 - x86_64 2.1 MB/s | 490 kB 00:00 LiteSpeed Tech Update Repository for CentOS 8 - 1.0 MB/s | 227 kB 00:00 Metadata cache created. [root@lsws ~]#
查看openlitespeed包信息
[root@lsws ~]# dnf info openlitespeed Last metadata expiration check: 0:00:36 ago on Mon 24 Aug 2020 02:48:52 AM UTC. Available Packages Name : openlitespeed Version : 1.6.15 Release : 2.el8 Architecture : x86_64 Size : 37 M Source : openlitespeed-1.6.15-2.el8.src.rpm Repository : litespeed-update Summary : OpenLiteSpeed URL : http://www.litespeedtech.com License : GPLv3 Description : OpenLiteSpeed is a high-performance, lightweight, open source : HTTP server developed and copyrighted by LiteSpeed Technologies. : Users are free to download, use, distribute, and modify : OpenLiteSpeed and its source code in accordance with the precepts : of the GPLv3 license. [root@lsws ~]#
安装litespeed及php环境包
问题
[root@lsws ~]# dnf install openlitespeed Last metadata expiration check: 0:00:13 ago on Mon 24 Aug 2020 02:43:32 AM UTC. Error: Problem: package openlitespeed-1.6.15-2.el8.x86_64 requires lsphp73-mcrypt, but none of the providers can be installed - cannot install the best candidate for the job - nothing provides libmcrypt.so.4()(64bit) needed by lsphp73-pecl-mcrypt-1.0.3-1.el8.7.3.x86_64 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) [root@lsws ~]#
解决
[root@lsws ~]# dnf install epel-release
再次安装
[root@lsws ~]# dnf install openlitespeed ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openlitespeed x86_64 1.6.15-2.el8 litespeed-update 37 M Installing dependencies: libXpm x86_64 3.5.12-8.el8 AppStream 58 k libargon2 x86_64 20171227-3.el8 epel 29 k libc-client x86_64 2007f-24.el8 epel 564 k libjpeg-turbo x86_64 1.5.3-10.el8 AppStream 156 k libmcrypt x86_64 2.5.8-26.el8 epel 109 k libnsl x86_64 2.28-101.el8 BaseOS 97 k libwebp x86_64 1.0.0-1.el8 AppStream 273 k libxslt x86_64 1.1.32-4.el8 BaseOS 249 k lsphp73 x86_64 7.3.21-1.el8 litespeed 4.7 M lsphp73-common x86_64 7.3.21-1.el8 litespeed 677 k lsphp73-gd x86_64 7.3.21-1.el8 litespeed 122 k lsphp73-imap x86_64 7.3.21-1.el8 litespeed 39 k lsphp73-mbstring x86_64 7.3.21-1.el8 litespeed 571 k lsphp73-mysqlnd x86_64 7.3.21-1.el8 litespeed 142 k lsphp73-opcache x86_64 7.3.21-1.el8 litespeed 203 k lsphp73-pdo x86_64 7.3.21-1.el8 litespeed 75 k lsphp73-pecl-mcrypt x86_64 1.0.3-1.el8.7.3 litespeed 27 k lsphp73-process x86_64 7.3.21-1.el8 litespeed 37 k lsphp73-xml x86_64 7.3.21-1.el8 litespeed 140 k Transaction Summary ================================================================================ Install 20 Packages
查看openlitespeed安装路径
[root@lsws ~]# ls /usr/local/lsws/ add-ons backup conf gdata lsphp73 phpbuild VERSION admin bin docs GPL.txt lsrecaptcha PLAT adminpasswd cachedata Example lib modules share autoupdate cgid fcgi-bin logs php tmp [root@lsws ~]# [root@lsws ~]# rpm -lq openlitespeed /etc/init.d/lsws /usr/lib/.build-id /usr/lib/.build-id/01 /usr/lib/.build-id/01/1fe5f65c8015eff89a7061cf3cd705df56b14d /usr/lib/.build-id/0e /usr/lib/.build-id/0e/0ad48b16e05134408b5ba7fda33a78ff494487 /usr/lib/.build-id/2c /usr/lib/.build-id/2c/01b36791441d4ea4d211f1568e03a4ad6717eb /usr/lib/.build-id/7d /usr/lib/.build-id/7d/19ffa9101ece0920acec1aa7a41befdf870147 /usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11 /usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11.1 /usr/lib/.build-id/92 /usr/lib/.build-id/92/57016074c47d5ea7e6939c5bf92678f8bf07fd /usr/lib/.build-id/9a /usr/lib/.build-id/9a/54a5da0375a7bee6dfa1cec7ec3c95b51da417 /usr/lib/.build-id/c2 /usr/lib/.build-id/c2/16322f9066a8510f3f5a666bb8af7694727b4b /usr/lib/.build-id/c5 /usr/lib/.build-id/c5/4953e950479bd6c50a614e5d37e8fcc170b91a /usr/lib/.build-id/cd /usr/lib/.build-id/cd/71ea0ab4fcdd0c7976dfe74c8e7333f547fa83 /usr/lib/.build-id/e8 /usr/lib/.build-id/e8/0ec2ee684e24336fb76439c1a1afc48787cdf7 /usr/lib/.build-id/f6 /usr/lib/.build-id/f6/4cc59833a8b1b9b1320b431830b6cf377e8684 /usr/local/lsws /usr/local/lsws/Example /usr/local/lsws/Example/cgi-bin /usr/local/lsws/Example/cgi-bin/helloworld /usr/local/lsws/Example/fcgi-bin /usr/local/lsws/Example/html /usr/local/lsws/Example/html/.htaccess /usr/local/lsws/Example/html/blocked /usr/local/lsws/Example/html/blocked/index.html /usr/local/lsws/Example/html/css /usr/local/lsws/Example/html/css/bootstrap.min.css /usr/local/lsws/Example/html/css/custom.css /usr/local/lsws/Example/html/error404.html /usr/local/lsws/Example/html/img /usr/local/lsws/Example/html/img/404-icon.png /usr/local/lsws/Example/html/img/blocked_content-icon.png /usr/local/lsws/Example/html/img/cgi-icon.png /usr/local/lsws/Example/html/img/file_upload-icon.png /usr/local/lsws/Example/html/img/olsws_logo.png /usr/local/lsws/Example/html/img/php-icon.png /usr/local/lsws/Example/html/img/powered_by_ols-new.png /usr/local/lsws/Example/html/img/pwd_protect-icon.png /usr/local/lsws/Example/html/index.html /usr/local/lsws/Example/html/phpinfo.php /usr/local/lsws/Example/html/protected /usr/local/lsws/Example/html/protected/index.html /usr/local/lsws/Example/html/upload.html /usr/local/lsws/Example/html/upload.php /usr/local/lsws/Example/logs /usr/local/lsws/GPL.txt /usr/local/lsws/PLAT /usr/local/lsws/VERSION /usr/local/lsws/add-ons /usr/local/lsws/add-ons/snmp_monitoring /usr/local/lsws/add-ons/snmp_monitoring/README /usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_snmp_bridge.php /usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_stats.php /usr/local/lsws/add-ons/snmp_monitoring/litespeed_cacti_template.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_extapp.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_general.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_vhost.xml /usr/local/lsws/add-ons/snmp_monitoring/sample.php /usr/local/lsws/add-ons/webcachemgr /usr/local/lsws/add-ons/webcachemgr/VERSION /usr/local/lsws/add-ons/webcachemgr/autoloader.php /usr/local/lsws/add-ons/webcachemgr/bootstrap.php /usr/local/lsws/add-ons/webcachemgr/bootstrap_cli.php /usr/local/lsws/add-ons/webcachemgr/src /usr/local/lsws/add-ons/webcachemgr/src/AjaxResponse.php /usr/local/lsws/add-ons/webcachemgr/src/CliController.php /usr/local/lsws/add-ons/webcachemgr/src/Context /usr/local/lsws/add-ons/webcachemgr/src/Context/Context.php /usr/local/lsws/add-ons/webcachemgr/src/Context/ContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/RootCLIContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/RootPanelContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/UserCLIContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/DashNotifier.php /usr/local/lsws/add-ons/webcachemgr/src/LSCMException.php /usr/local/lsws/add-ons/webcachemgr/src/LogEntry.php /usr/local/lsws/add-ons/webcachemgr/src/Logger.php /usr/local/lsws/add-ons/webcachemgr/src/Panel /usr/local/lsws/add-ons/webcachemgr/src/Panel/CPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/ControlPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanelBase.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/DirectAdmin.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/Plesk.php /usr/local/lsws/add-ons/webcachemgr/src/PanelController.php /usr/local/lsws/add-ons/webcachemgr/src/PluginVersion.php /usr/local/lsws/add-ons/webcachemgr/src/UserCommand.php /usr/local/lsws/add-ons/webcachemgr/src/Util.php /usr/local/lsws/add-ons/webcachemgr/src/View /usr/local/lsws/add-ons/webcachemgr/src/View/AjaxView.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model /usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax /usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax/CacheMgrRowViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/CacheRootNotSetViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/DashNotifierViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/DataFileMsgViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/ManageViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashDisableProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashNotifyProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MissingTplViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/RefreshStatusProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/ScanProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/UnflagAllProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionChangeViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionManageViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrActionsCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrFlagCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrStatusCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks/InputSubmitBtn.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/CacheRootNotSet.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DashNotifier.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DataFileMsg.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Manage.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashDisableProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashNotifyProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisable.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisableProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MissingTpl.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/RefreshStatusProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/ScanProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/UnflagAllProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionChange.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionManage.tpl /usr/local/lsws/add-ons/webcachemgr/src/WPCaller.php /usr/local/lsws/add-ons/webcachemgr/src/WPDashMsgs.php /usr/local/lsws/add-ons/webcachemgr/src/WPInstall.php /usr/local/lsws/add-ons/webcachemgr/src/WPInstallStorage.php /usr/local/lsws/admin /usr/local/lsws/admin/cgid /usr/local/lsws/admin/cgid/secret /usr/local/lsws/admin/conf /usr/local/lsws/admin/conf/admin_config.conf /usr/local/lsws/admin/conf/htpasswd /usr/local/lsws/admin/conf/jcryption_keypair /usr/local/lsws/admin/conf/php.ini /usr/local/lsws/admin/fcgi-bin /usr/local/lsws/admin/fcgi-bin/admin_php /usr/local/lsws/admin/html /usr/local/lsws/admin/html.open /usr/local/lsws/admin/html.open/favicon.ico /usr/local/lsws/admin/html.open/index.php /usr/local/lsws/admin/html.open/lib /usr/local/lsws/admin/html.open/lib/CAuthorizer.php /usr/local/lsws/admin/html.open/lib/CData.php /usr/local/lsws/admin/html.open/lib/CNode.php /usr/local/lsws/admin/html.open/lib/CValidation.php /usr/local/lsws/admin/html.open/lib/ControllerBase.php /usr/local/lsws/admin/html.open/lib/DAttrBase.php /usr/local/lsws/admin/html.open/lib/DAttrHelp.php /usr/local/lsws/admin/html.open/lib/DInfo.php /usr/local/lsws/admin/html.open/lib/DKeywordAlias.php /usr/local/lsws/admin/html.open/lib/DMsg.php /usr/local/lsws/admin/html.open/lib/DPage.php /usr/local/lsws/admin/html.open/lib/DTbl.php /usr/local/lsws/admin/html.open/lib/DTblDefBase.php /usr/local/lsws/admin/html.open/lib/DTblMap.php /usr/local/lsws/admin/html.open/lib/LogViewer.php /usr/local/lsws/admin/html.open/lib/PathTool.php /usr/local/lsws/admin/html.open/lib/PlainConfParser.php /usr/local/lsws/admin/html.open/lib/SInfo.php /usr/local/lsws/admin/html.open/lib/XmlParser.php /usr/local/lsws/admin/html.open/lib/blowfish.php /usr/local/lsws/admin/html.open/lib/jCryption.php /usr/local/lsws/admin/html.open/lib/ows /usr/local/lsws/admin/html.open/lib/ows/ConfValidation.php /usr/local/lsws/admin/html.open/lib/ows/DAttr.php /usr/local/lsws/admin/html.open/lib/ows/DPageDef.php /usr/local/lsws/admin/html.open/lib/ows/DTblDef.php /usr/local/lsws/admin/html.open/lib/ows/Product.php /usr/local/lsws/admin/html.open/lib/ows/RealTimeStats.php /usr/local/lsws/admin/html.open/lib/ows/Service.php /usr/local/lsws/admin/html.open/lib/ows/UI.php /usr/local/lsws/admin/html.open/lib/util /usr/local/lsws/admin/html.open/lib/util/build_php /usr/local/lsws/admin/html.open/lib/util/build_php/BuildConfig.php /usr/local/lsws/admin/html.open/lib/util/build_php/build_common.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_install.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_install_ext.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_manual_run.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare_ext.template /usr/local/lsws/admin/html.open/lib/util/build_php/buildfunc.inc.php /usr/local/lsws/admin/html.open/login.php /usr/local/lsws/admin/html.open/res /usr/local/lsws/admin/html.open/res/css /usr/local/lsws/admin/html.open/res/css/bootstrap.min.css /usr/local/lsws/admin/html.open/res/css/font-awesome.min.css /usr/local/lsws/admin/html.open/res/css/googlefonts.css /usr/local/lsws/admin/html.open/res/css/lockscreen.min.css /usr/local/lsws/admin/html.open/res/css/lst-webadmin.min.css /usr/local/lsws/admin/html.open/res/css/smartadmin-production.min.css /usr/local/lsws/admin/html.open/res/fonts /usr/local/lsws/admin/html.open/res/fonts/FontAwesome.otf /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.eot /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.svg /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.ttf /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.woff /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.eot /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.svg /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.ttf /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff2 /usr/local/lsws/admin/html.open/res/img /usr/local/lsws/admin/html.open/res/img/ajax-loader.gif /usr/local/lsws/admin/html.open/res/img/alpha.png /usr/local/lsws/admin/html.open/res/img/blank.gif /usr/local/lsws/admin/html.open/res/img/clear.png /usr/local/lsws/admin/html.open/res/img/favicon /usr/local/lsws/admin/html.open/res/img/favicon/favicon.ico /usr/local/lsws/admin/html.open/res/img/hue.png /usr/local/lsws/admin/html.open/res/img/icons /usr/local/lsws/admin/html.open/res/img/icons/adminconfig.gif /usr/local/lsws/admin/html.open/res/img/icons/administrator.gif /usr/local/lsws/admin/html.open/res/img/icons/application.gif /usr/local/lsws/admin/html.open/res/img/icons/cgi.gif /usr/local/lsws/admin/html.open/res/img/icons/controlpanel.gif /usr/local/lsws/admin/html.open/res/img/icons/database.gif /usr/local/lsws/admin/html.open/res/img/icons/debug.gif /usr/local/lsws/admin/html.open/res/img/icons/down.gif /usr/local/lsws/admin/html.open/res/img/icons/edit.gif /usr/local/lsws/admin/html.open/res/img/icons/fast_cgi.gif /usr/local/lsws/admin/html.open/res/img/icons/favicon.ico /usr/local/lsws/admin/html.open/res/img/icons/file.gif /usr/local/lsws/admin/html.open/res/img/icons/filter.gif /usr/local/lsws/admin/html.open/res/img/icons/form.gif /usr/local/lsws/admin/html.open/res/img/icons/graph.gif /usr/local/lsws/admin/html.open/res/img/icons/help.png /usr/local/lsws/admin/html.open/res/img/icons/info.gif /usr/local/lsws/admin/html.open/res/img/icons/link.gif /usr/local/lsws/admin/html.open/res/img/icons/load_balancer.gif /usr/local/lsws/admin/html.open/res/img/icons/lock.gif /usr/local/lsws/admin/html.open/res/img/icons/ls_sapi.gif /usr/local/lsws/admin/html.open/res/img/icons/module.gif /usr/local/lsws/admin/html.open/res/img/icons/module_handler.gif /usr/local/lsws/admin/html.open/res/img/icons/network.gif /usr/local/lsws/admin/html.open/res/img/icons/play.gif /usr/local/lsws/admin/html.open/res/img/icons/record.gif /usr/local/lsws/admin/html.open/res/img/icons/redirect.gif /usr/local/lsws/admin/html.open/res/img/icons/refresh.gif /usr/local/lsws/admin/html.open/res/img/icons/report.gif /usr/local/lsws/admin/html.open/res/img/icons/script.gif /usr/local/lsws/admin/html.open/res/img/icons/search.gif /usr/local/lsws/admin/html.open/res/img/icons/serverconfig.gif /usr/local/lsws/admin/html.open/res/img/icons/servlet_engine.gif /usr/local/lsws/admin/html.open/res/img/icons/shield.gif /usr/local/lsws/admin/html.open/res/img/icons/stop.gif /usr/local/lsws/admin/html.open/res/img/icons/trash.gif /usr/local/lsws/admin/html.open/res/img/icons/up.gif /usr/local/lsws/admin/html.open/res/img/icons/web.gif /usr/local/lsws/admin/html.open/res/img/icons/web_link.gif /usr/local/lsws/admin/html.open/res/img/icons/web_server.gif /usr/local/lsws/admin/html.open/res/img/loading.gif /usr/local/lsws/admin/html.open/res/img/lsws_bolt.png /usr/local/lsws/admin/html.open/res/img/lsws_bolt.svg /usr/local/lsws/admin/html.open/res/img/mappin-default.png /usr/local/lsws/admin/html.open/res/img/minus.png /usr/local/lsws/admin/html.open/res/img/mybg.png /usr/local/lsws/admin/html.open/res/img/plus.png /usr/local/lsws/admin/html.open/res/img/product_logo.gif /usr/local/lsws/admin/html.open/res/img/product_logo.svg /usr/local/lsws/admin/html.open/res/img/ribbon.png /usr/local/lsws/admin/html.open/res/img/sa-dark.png /usr/local/lsws/admin/html.open/res/img/sa-default.png /usr/local/lsws/admin/html.open/res/img/sort_asc.png /usr/local/lsws/admin/html.open/res/img/sort_asc_disabled.png /usr/local/lsws/admin/html.open/res/img/sort_both.png /usr/local/lsws/admin/html.open/res/img/sort_desc.png /usr/local/lsws/admin/html.open/res/img/sort_desc_disabled.png /usr/local/lsws/admin/html.open/res/img/vt-menu.png /usr/local/lsws/admin/html.open/res/js /usr/local/lsws/admin/html.open/res/js/app.config.min.js /usr/local/lsws/admin/html.open/res/js/bootstrap /usr/local/lsws/admin/html.open/res/js/bootstrap/bootstrap.min.js /usr/local/lsws/admin/html.open/res/js/jcryption /usr/local/lsws/admin/html.open/res/js/jcryption/jquery.jcryption.min.js /usr/local/lsws/admin/html.open/res/js/libs /usr/local/lsws/admin/html.open/res/js/libs/jquery-2.2.4.min.js /usr/local/lsws/admin/html.open/res/js/libs/jquery-ui-1.12.1.min.js /usr/local/lsws/admin/html.open/res/js/lst-app.min.js /usr/local/lsws/admin/html.open/res/js/notification /usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.js /usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.min.js /usr/local/lsws/admin/html.open/res/js/plugin /usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive /usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive/datatables.responsive.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.bootstrap.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colReorder.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colVis.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.tableTools.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/jquery.dataTables.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls.swf /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls_pdf.swf /usr/local/lsws/admin/html.open/res/js/plugin/flot /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.cust.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.fillbetween.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.orderBar.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.pie.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.resize.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.tooltip.min.js /usr/local/lsws/admin/html.open/res/js/plugin/msie-fix /usr/local/lsws/admin/html.open/res/js/plugin/msie-fix/jquery.mb.browser.min.js /usr/local/lsws/admin/html.open/res/lang /usr/local/lsws/admin/html.open/res/lang/en-US_msg.php /usr/local/lsws/admin/html.open/res/lang/en-US_tips.php /usr/local/lsws/admin/html.open/res/lang/ja-JP_msg.php /usr/local/lsws/admin/html.open/res/lang/ja-JP_tips.php /usr/local/lsws/admin/html.open/res/lang/util_sortlang.php /usr/local/lsws/admin/html.open/res/lang/zh-CN_msg.php /usr/local/lsws/admin/html.open/res/lang/zh-CN_tips.php /usr/local/lsws/admin/html.open/view /usr/local/lsws/admin/html.open/view/UIBase.php /usr/local/lsws/admin/html.open/view/UIProperty.php /usr/local/lsws/admin/html.open/view/ajax_data.php /usr/local/lsws/admin/html.open/view/compilePHP.php /usr/local/lsws/admin/html.open/view/confMgr.php /usr/local/lsws/admin/html.open/view/dashboard.php /usr/local/lsws/admin/html.open/view/inc /usr/local/lsws/admin/html.open/view/inc/auth.php /usr/local/lsws/admin/html.open/view/inc/configui.php /usr/local/lsws/admin/html.open/view/inc/global.php /usr/local/lsws/admin/html.open/view/inc/header.php /usr/local/lsws/admin/html.open/view/inc/nav.php /usr/local/lsws/admin/html.open/view/inc/scripts.php /usr/local/lsws/admin/html.open/view/logviewer.php /usr/local/lsws/admin/html.open/view/realtimestats.php /usr/local/lsws/admin/html.open/view/serviceMgr.php /usr/local/lsws/admin/logs /usr/local/lsws/admin/misc /usr/local/lsws/admin/misc/admpass.sh /usr/local/lsws/admin/misc/build_admin_php.sh /usr/local/lsws/admin/misc/convertxml.php /usr/local/lsws/admin/misc/convertxml.sh /usr/local/lsws/admin/misc/create_admin_keypair.sh /usr/local/lsws/admin/misc/enable_phpa.sh /usr/local/lsws/admin/misc/gdb-bt /usr/local/lsws/admin/misc/genjCryptionKeyPair.php /usr/local/lsws/admin/misc/gzipStatic.sh /usr/local/lsws/admin/misc/htpasswd.php /usr/local/lsws/admin/misc/lscmctl /usr/local/lsws/admin/misc/lshttpd.service /usr/local/lsws/admin/misc/lsup.sh /usr/local/lsws/admin/misc/lsws.rc /usr/local/lsws/admin/misc/lsws.rc.gentoo /usr/local/lsws/admin/misc/php.ini /usr/local/lsws/admin/misc/rc-inst.sh /usr/local/lsws/admin/misc/rc-uninst.sh /usr/local/lsws/admin/misc/testbeta.sh /usr/local/lsws/admin/misc/uninstall.sh /usr/local/lsws/admin/tmp /usr/local/lsws/adminpasswd /usr/local/lsws/autoupdate /usr/local/lsws/backup /usr/local/lsws/bin /usr/local/lsws/bin/litespeed /usr/local/lsws/bin/lshttpd /usr/local/lsws/bin/lsws_env /usr/local/lsws/bin/lswsctrl /usr/local/lsws/bin/lswsctrl.open /usr/local/lsws/bin/openlitespeed /usr/local/lsws/bin/openlitespeed.asan /usr/local/lsws/bin/openlitespeed.dbg /usr/local/lsws/bin/openlitespeed.prof /usr/local/lsws/cachedata /usr/local/lsws/cgid /usr/local/lsws/conf /usr/local/lsws/conf/cert /usr/local/lsws/conf/httpd_config.conf /usr/local/lsws/conf/mime.properties /usr/local/lsws/conf/templates /usr/local/lsws/conf/templates/ccl.conf /usr/local/lsws/conf/templates/rails.conf /usr/local/lsws/conf/vhosts /usr/local/lsws/conf/vhosts/Example /usr/local/lsws/conf/vhosts/Example/htgroup /usr/local/lsws/conf/vhosts/Example/htpasswd /usr/local/lsws/conf/vhosts/Example/vhconf.conf /usr/local/lsws/docs /usr/local/lsws/docs/AdminGeneral_Help.html /usr/local/lsws/docs/AdminListeners_General_Help.html /usr/local/lsws/docs/AdminListeners_SSL_Help.html /usr/local/lsws/docs/AdminSecurity_Help.html /usr/local/lsws/docs/App_Server_Context.html /usr/local/lsws/docs/App_Server_Help.html /usr/local/lsws/docs/CGI_Context.html /usr/local/lsws/docs/CompilePHP_Help.html /usr/local/lsws/docs/Context_Help.html /usr/local/lsws/docs/ExtApp_Help.html /usr/local/lsws/docs/External_FCGI.html /usr/local/lsws/docs/External_FCGI_Auth.html /usr/local/lsws/docs/External_LB.html /usr/local/lsws/docs/External_LSAPI.html /usr/local/lsws/docs/External_PL.html /usr/local/lsws/docs/External_Servlet.html /usr/local/lsws/docs/External_WS.html /usr/local/lsws/docs/FCGI_Context.html /usr/local/lsws/docs/Java_Web_App_Context.html /usr/local/lsws/docs/LB_Context.html /usr/local/lsws/docs/LSAPI_Context.html /usr/local/lsws/docs/Listeners_General_Help.html /usr/local/lsws/docs/Listeners_SSL_Help.html /usr/local/lsws/docs/Module_Context.html /usr/local/lsws/docs/Module_Help.html /usr/local/lsws/docs/Proxy_Context.html /usr/local/lsws/docs/Redirect_Context.html /usr/local/lsws/docs/Rewrite_Help.html /usr/local/lsws/docs/ScriptHandler_Help.html /usr/local/lsws/docs/ServGeneral_Help.html /usr/local/lsws/docs/ServLog_Help.html /usr/local/lsws/docs/ServSecurity_Help.html /usr/local/lsws/docs/ServTuning_Help.html /usr/local/lsws/docs/ServerStat_Help.html /usr/local/lsws/docs/Servlet_Context.html /usr/local/lsws/docs/Static_Context.html /usr/local/lsws/docs/Templates_Help.html /usr/local/lsws/docs/VHGeneral_Help.html /usr/local/lsws/docs/VHSSL_Help.html /usr/local/lsws/docs/VHSecurity_Help.html /usr/local/lsws/docs/VHWebSocket_Help.html /usr/local/lsws/docs/VirtualHosts_Help.html /usr/local/lsws/docs/admin.html /usr/local/lsws/docs/config.html /usr/local/lsws/docs/css /usr/local/lsws/docs/css/hdoc.css /usr/local/lsws/docs/img /usr/local/lsws/docs/img/attention.svg /usr/local/lsws/docs/img/info.svg /usr/local/lsws/docs/img/lightning-bolt.svg /usr/local/lsws/docs/img/lsws_logo.svg /usr/local/lsws/docs/img/ols_logo.svg /usr/local/lsws/docs/img/shield.svg /usr/local/lsws/docs/img/web-adc_logo.svg /usr/local/lsws/docs/index.html /usr/local/lsws/docs/install.html /usr/local/lsws/docs/intro.html /usr/local/lsws/docs/ja-JP /usr/local/lsws/docs/ja-JP/AdminGeneral_Help.html /usr/local/lsws/docs/ja-JP/AdminListeners_General_Help.html /usr/local/lsws/docs/ja-JP/AdminListeners_SSL_Help.html /usr/local/lsws/docs/ja-JP/AdminSecurity_Help.html /usr/local/lsws/docs/ja-JP/App_Server_Context.html /usr/local/lsws/docs/ja-JP/App_Server_Help.html /usr/local/lsws/docs/ja-JP/CGI_Context.html /usr/local/lsws/docs/ja-JP/CompilePHP_Help.html /usr/local/lsws/docs/ja-JP/Context_Help.html /usr/local/lsws/docs/ja-JP/ExtApp_Help.html /usr/local/lsws/docs/ja-JP/External_FCGI.html /usr/local/lsws/docs/ja-JP/External_FCGI_Auth.html /usr/local/lsws/docs/ja-JP/External_LB.html /usr/local/lsws/docs/ja-JP/External_LSAPI.html /usr/local/lsws/docs/ja-JP/External_PL.html /usr/local/lsws/docs/ja-JP/External_Servlet.html /usr/local/lsws/docs/ja-JP/External_WS.html /usr/local/lsws/docs/ja-JP/FCGI_Context.html /usr/local/lsws/docs/ja-JP/Java_Web_App_Context.html /usr/local/lsws/docs/ja-JP/LB_Context.html /usr/local/lsws/docs/ja-JP/LSAPI_Context.html /usr/local/lsws/docs/ja-JP/Listeners_General_Help.html /usr/local/lsws/docs/ja-JP/Listeners_SSL_Help.html /usr/local/lsws/docs/ja-JP/Module_Context.html /usr/local/lsws/docs/ja-JP/Module_Help.html /usr/local/lsws/docs/ja-JP/Proxy_Context.html /usr/local/lsws/docs/ja-JP/Redirect_Context.html /usr/local/lsws/docs/ja-JP/Rewrite_Help.html /usr/local/lsws/docs/ja-JP/ScriptHandler_Help.html /usr/local/lsws/docs/ja-JP/ServGeneral_Help.html /usr/local/lsws/docs/ja-JP/ServLog_Help.html /usr/local/lsws/docs/ja-JP/ServSecurity_Help.html /usr/local/lsws/docs/ja-JP/ServTuning_Help.html /usr/local/lsws/docs/ja-JP/ServerStat_Help.html /usr/local/lsws/docs/ja-JP/Servlet_Context.html /usr/local/lsws/docs/ja-JP/Static_Context.html /usr/local/lsws/docs/ja-JP/Templates_Help.html /usr/local/lsws/docs/ja-JP/VHGeneral_Help.html /usr/local/lsws/docs/ja-JP/VHSSL_Help.html /usr/local/lsws/docs/ja-JP/VHSecurity_Help.html /usr/local/lsws/docs/ja-JP/VHWebSocket_Help.html /usr/local/lsws/docs/ja-JP/VirtualHosts_Help.html /usr/local/lsws/docs/ja-JP/admin.html /usr/local/lsws/docs/ja-JP/config.html /usr/local/lsws/docs/ja-JP/index.html /usr/local/lsws/docs/ja-JP/install.html /usr/local/lsws/docs/ja-JP/intro.html /usr/local/lsws/docs/ja-JP/license.html /usr/local/lsws/docs/ja-JP/security.html /usr/local/lsws/docs/ja-JP/webconsole.html /usr/local/lsws/docs/license.html /usr/local/lsws/docs/security.html /usr/local/lsws/docs/webconsole.html /usr/local/lsws/docs/zh-CN /usr/local/lsws/docs/zh-CN/AdminGeneral_Help.html /usr/local/lsws/docs/zh-CN/AdminListeners_General_Help.html /usr/local/lsws/docs/zh-CN/AdminListeners_SSL_Help.html /usr/local/lsws/docs/zh-CN/AdminSecurity_Help.html /usr/local/lsws/docs/zh-CN/App_Server_Context.html /usr/local/lsws/docs/zh-CN/App_Server_Help.html /usr/local/lsws/docs/zh-CN/CGI_Context.html /usr/local/lsws/docs/zh-CN/CompilePHP_Help.html /usr/local/lsws/docs/zh-CN/Context_Help.html /usr/local/lsws/docs/zh-CN/ExtApp_Help.html /usr/local/lsws/docs/zh-CN/External_FCGI.html /usr/local/lsws/docs/zh-CN/External_FCGI_Auth.html /usr/local/lsws/docs/zh-CN/External_LB.html /usr/local/lsws/docs/zh-CN/External_LSAPI.html /usr/local/lsws/docs/zh-CN/External_PL.html /usr/local/lsws/docs/zh-CN/External_Servlet.html /usr/local/lsws/docs/zh-CN/External_WS.html /usr/local/lsws/docs/zh-CN/FCGI_Context.html /usr/local/lsws/docs/zh-CN/Java_Web_App_Context.html /usr/local/lsws/docs/zh-CN/LB_Context.html /usr/local/lsws/docs/zh-CN/LSAPI_Context.html /usr/local/lsws/docs/zh-CN/Listeners_General_Help.html /usr/local/lsws/docs/zh-CN/Listeners_SSL_Help.html /usr/local/lsws/docs/zh-CN/Module_Context.html /usr/local/lsws/docs/zh-CN/Module_Help.html /usr/local/lsws/docs/zh-CN/Proxy_Context.html /usr/local/lsws/docs/zh-CN/Redirect_Context.html /usr/local/lsws/docs/zh-CN/Rewrite_Help.html /usr/local/lsws/docs/zh-CN/ScriptHandler_Help.html /usr/local/lsws/docs/zh-CN/ServGeneral_Help.html /usr/local/lsws/docs/zh-CN/ServLog_Help.html /usr/local/lsws/docs/zh-CN/ServSecurity_Help.html /usr/local/lsws/docs/zh-CN/ServTuning_Help.html /usr/local/lsws/docs/zh-CN/ServerStat_Help.html /usr/local/lsws/docs/zh-CN/Servlet_Context.html /usr/local/lsws/docs/zh-CN/Static_Context.html /usr/local/lsws/docs/zh-CN/Templates_Help.html /usr/local/lsws/docs/zh-CN/VHGeneral_Help.html /usr/local/lsws/docs/zh-CN/VHSSL_Help.html /usr/local/lsws/docs/zh-CN/VHSecurity_Help.html /usr/local/lsws/docs/zh-CN/VHWebSocket_Help.html /usr/local/lsws/docs/zh-CN/VirtualHosts_Help.html /usr/local/lsws/docs/zh-CN/admin.html /usr/local/lsws/docs/zh-CN/config.html /usr/local/lsws/docs/zh-CN/index.html /usr/local/lsws/docs/zh-CN/install.html /usr/local/lsws/docs/zh-CN/intro.html /usr/local/lsws/docs/zh-CN/license.html /usr/local/lsws/docs/zh-CN/security.html /usr/local/lsws/docs/zh-CN/webconsole.html /usr/local/lsws/fcgi-bin /usr/local/lsws/fcgi-bin/RackRunner.rb /usr/local/lsws/fcgi-bin/lsnode.js /usr/local/lsws/fcgi-bin/lsperld.fpl /usr/local/lsws/fcgi-bin/lsphp /usr/local/lsws/fcgi-bin/lsphp5 /usr/local/lsws/gdata /usr/local/lsws/lib /usr/local/lsws/logs /usr/local/lsws/lsrecaptcha /usr/local/lsws/lsrecaptcha/_recaptcha /usr/local/lsws/lsrecaptcha/_recaptcha.shtml /usr/local/lsws/modules /usr/local/lsws/modules/mod_js.so /usr/local/lsws/modules/mod_security.so /usr/local/lsws/modules/modinspector.so /usr/local/lsws/modules/modpagespeed.so /usr/local/lsws/modules/modreqparser.so /usr/local/lsws/modules/uploadprogress.so /usr/local/lsws/php /usr/local/lsws/phpbuild /usr/local/lsws/share /usr/local/lsws/share/autoindex /usr/local/lsws/share/autoindex/bwlimit.html /usr/local/lsws/share/autoindex/default.php /usr/local/lsws/share/autoindex/icons /usr/local/lsws/share/autoindex/icons/binary.png /usr/local/lsws/share/autoindex/icons/blank.png /usr/local/lsws/share/autoindex/icons/compress.png /usr/local/lsws/share/autoindex/icons/folder.png /usr/local/lsws/share/autoindex/icons/html.png /usr/local/lsws/share/autoindex/icons/image.png /usr/local/lsws/share/autoindex/icons/movie.png /usr/local/lsws/share/autoindex/icons/sound.png /usr/local/lsws/share/autoindex/icons/text.png /usr/local/lsws/share/autoindex/icons/unknown.png /usr/local/lsws/share/autoindex/icons/up.png /usr/local/lsws/tmp /usr/local/lsws/tmp/ocspcache [root@lsws ~]#
服务控制命令
[root@lsws ~]# /usr/local/lsws/bin/lswsctrl Usage: /usr/local/lsws/bin/lswsctrl {start|stop|restart|reload|condrestrt|try-restart|status|help} start - start web server stop - stop web server restart - gracefully restart web server with zero down time reload - same as restart condrestart - gracefully restart web server if server is running try-restart - same as condrestart status - show service status help - this screen [root@lsws ~]#
查看端口监听
[root@lsws ~]# netstat -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN [root@lsws ~]#
使用Web控制台
默认首页
默认Web管理控制台
7月 242020
……
3月 052020
Generic Routing Encapsulation 通用路由封装协议
主机列表
18.163.50.194/172.31.44.248 18.162.60.60/172.31.37.49
查找系统可用的内核模块
[centos@ip-172-31-44-248 ~]$ ls -alRUv /lib/modules/$(uname -r)/kernel |grep ip_gre -rw-r--r--. 1 root root 9396 Nov 29 2018 ip_gre.ko.xz [centos@ip-172-31-44-248 ~]$
加载ip_gre模块
[root@ip-172-31-44-248 ~]# modprobe ip_gre [root@ip-172-31-44-248 ~]# [root@ip-172-31-37-49 ~]# modprobe ip_gre [root@ip-172-31-37-49 ~]#
新增tun0网卡配置
本端隧道地址192.168.192.1 对端隧道地址192.168.192.2 [root@ip-172-31-44-248 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0 DEVICE=tun0 BOOTPROTO=none ONBOOT=yes DEVICETYPE=tunnel TYPE=GRE PEER_INNER_IPADDR=192.168.192.2 PEER_OUTER_IPADDR=18.162.60.60 MY_INNER_IPADDR=192.168.192.1
启用tun0网卡
[root@ip-172-31-44-248 ~]# ifup tun0
查看接口信息
[root@ip-172-31-44-248 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 0e:84:f5:b0:db:f6 brd ff:ff:ff:ff:ff:ff inet 172.31.44.248/20 brd 172.31.47.255 scope global dynamic ens5 valid_lft 2667sec preferred_lft 2667sec inet6 fe80::c84:f5ff:feb0:dbf6/64 scope link valid_lft forever preferred_lft forever 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 0.0.0.0 peer 18.162.60.60 inet 192.168.192.1 peer 192.168.192.2/32 scope global tun0 valid_lft forever preferred_lft forever [root@ip-172-31-44-248 ~]#
新增tun0网卡配置
本端隧道地址192.168.192.2 对端隧道地址192.168.192.1 [root@ip-172-31-37-49 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0 DEVICE=tun0 BOOTPROTO=none ONBOOT=yes DEVICETYPE=tunnel TYPE=GRE PEER_INNER_IPADDR=192.168.192.1 PEER_OUTER_IPADDR=18.163.50.194 MY_INNER_IPADDR=192.168.192.2
启用tun0网卡
[root@ip-172-31-37-49 ~]# ifup tun0
查看接口信息
[root@ip-172-31-37-49 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 0e:4a:2b:48:b8:aa brd ff:ff:ff:ff:ff:ff inet 172.31.37.49/20 brd 172.31.47.255 scope global dynamic ens5 valid_lft 2692sec preferred_lft 2692sec inet6 fe80::c4a:2bff:fe48:b8aa/64 scope link valid_lft forever preferred_lft forever 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 0.0.0.0 peer 18.163.50.194 inet 192.168.192.2 peer 192.168.192.1/32 scope global tun0 valid_lft forever preferred_lft forever [root@ip-172-31-37-49 ~]#
分别使用对端IP地址进行ping测试
[root@ip-172-31-37-49 ~]# ping -c 4 192.168.192.1 PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data. 64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=0.283 ms 64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=0.237 ms 64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=0.268 ms --- 192.168.192.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.237/0.271/0.297/0.025 ms [root@ip-172-31-37-49 ~]# [root@ip-172-31-44-248 ~]# ping -c 4 192.168.192.2 PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data. 64 bytes from 192.168.192.2: icmp_seq=1 ttl=64 time=0.249 ms 64 bytes from 192.168.192.2: icmp_seq=2 ttl=64 time=0.279 ms 64 bytes from 192.168.192.2: icmp_seq=3 ttl=64 time=0.196 ms 64 bytes from 192.168.192.2: icmp_seq=4 ttl=64 time=0.214 ms --- 192.168.192.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.196/0.234/0.279/0.035 ms [root@ip-172-31-44-248 ~]#
3月 022020
安装向导欢迎页面
选择要安装的组件
同意最终用户许可协议
重要声明
选择安装目录
准备安装
安装进行中
完成安装并启动服务器管理器
选择要连接的服务器并点击连接
首次连接设置管理员密码
提示管理员密码设置成功
关闭弹出的简单设置窗口
选择是否设置开启IPsec功能
在管理器主界面进入VPN Gate设置
选择启用VPN Gate中继服务并加入研究志愿者队伍
VPN Gate服务设置选项界面
请勿在禁止使用VPN通信技术的国家使用VPN Gate服务
在管理器主界面进入动态域名设置
查看或修改该服务器的动态域名
在管理器主界面查看当前的动态域名解析主机名
查看当前已连接客户端会话信息
2月 272020
主机列表
ansible 167.179.84.153 }Z5c,jM-?bQec#z- server1 149.28.24.11 A7f{v#PAB8$!-K8q server2 45.76.216.130 7]Mf%YKRFP[9H!*K server3 108.160.137.54 _Rr3%[2rg,JJQpwQ
在ansible主机上配置hosts文件
[root@ansible ~]# vi /etc/hosts 149.28.24.11 server1 45.76.216.130 server2 108.160.137.54 server3
确认主机名及IP对应关系
[root@ansible ~]# ping -c 1 server1 PING server1 (149.28.24.11) 56(84) bytes of data. 64 bytes from server1 (149.28.24.11): icmp_seq=1 ttl=61 time=0.360 ms --- server1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms [root@ansible ~]# ping -c 1 server2 PING server2 (45.76.216.130) 56(84) bytes of data. 64 bytes from server2 (45.76.216.130): icmp_seq=1 ttl=57 time=0.933 ms --- server2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.933/0.933/0.933/0.000 ms [root@ansible ~]# ping -c 1 server3 PING server3 (108.160.137.54) 56(84) bytes of data. 64 bytes from server3 (108.160.137.54): icmp_seq=1 ttl=57 time=0.982 ms --- server3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.982/0.982/0.982/0.000 ms [root@ansible ~]#
解决首次登录远程系统的严格主机密钥检查交互(保存远程主机公钥)
[root@ansible ~]# ssh root@server1 The authenticity of host 'server1 (149.28.24.11)' can't be established. ECDSA key fingerprint is SHA256:NUM9LGuAESXFeEyluk7GqoY3vC7rmLvzyf4Fr5p0tWs. ECDSA key fingerprint is MD5:36:02:b3:0c:d0:33:db:a5:a5:68:21:4f:ce:87:01:aa. Are you sure you want to continue connecting (yes/no)? ^C [root@ansible ~]# [root@ansible ~]# ls .ssh/ [root@ansible ~]#
修改本机ssh客户端配置文件
[root@ansible ~]# vi /etc/ssh/ssh_config # StrictHostKeyChecking ask StrictHostKeyChecking no
查看ansible版本信息
[root@ansible ~]# ansible --version ansible 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] [root@ansible ~]#
编辑ansible主机配置文件(注意server1密码的转义字符)
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root ansible_password=A7f{v\#PAB8$!-K8q server2 ansible_user=root ansible_password=7]Mf%YKRFP[9H!*K server3 ansible_user=root ansible_password=_Rr3%[2rg,JJQpwQ
连接测试
[root@ansible ~]# ansible servers -m ping server2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@ansible ~]#
本地已保存的远程主机公钥信息
[root@ansible ~]# ls .ssh/ known_hosts [root@ansible ~]# cat .ssh/known_hosts server1,149.28.24.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCv/uWIj+5gWiri6BdEYw+QQYuE3wIfdW0FhgdCIY92UXf1P9rhRI9q5FQMQ1sJuKfzSihEsU2uwnQ8P45zE3Yc= server2,45.76.216.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+LjHvPrUcao6A5zNJwPgjRUOQAtxPCzMoEUOl21jMKiTPpDe87feCz2S/k6bo0Paf3G9lKdJg5B+r9dCZMBOU= server3,108.160.137.54 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+8jA1/3alAX2YtrLVUfJGvyCeCcpsJFG7WGwTgB5y4i0pBxPum0AYSw/G5ehaM8KPLCjEbCwUYS+XW83XYY10= [root@ansible ~]#
创建密钥对
[root@ansible ~]# ssh-keygen -b 4096 -t rsa -C "harvey.mei@linuxcache.com" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):/root/.ssh/id_rsa_ansible Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa_ansible. Your public key has been saved in id_rsa_ansible.pub. The key fingerprint is: SHA256:Cv6UZ+/72ZTeeeuYP5ePrKmr7YhcZG6DVwwzXqXmLuU harvey.mei@linuxcache.com The key's randomart image is: +---[RSA 4096]----+ | . | | o | | + + | | . O | | . S = | | . . B = . | | . = X E o .| | + B * Bo=+| | + o+O==+B=O| +----[SHA256]-----+ [root@ansible ~]#
查看公钥信息
[root@ansible ~]# cat .ssh/id_rsa_ansible.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
将公钥信息复制给一个变量
[root@ansible ~]# pubkey=`cat .ssh/id_rsa_ansible.pub` [root@ansible ~]# echo $pubkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
使用Ansible的shell模块,对目的主机组执行公钥的导入操作
[root@ansible ~]# ansible servers -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh; echo -e ${pubkey} >> .ssh/authorized_keys" server1 | CHANGED | rc=0 >> server3 | CHANGED | rc=0 >> server2 | CHANGED | rc=0 >> [root@ansible ~]#
通过Ansible远程执行查看目的主机已导入的公钥信息
[root@ansible ~]# ansible servers -m shell -a "cat .ssh/authorized_keys" server3 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com server1 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com server2 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
修改Ansible主机配置文件以启用私钥登录验证
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible server2 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible server3 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
测试成功
[root@ansible ~]# ansible servers -m ping server3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@ansible ~]#
在执行ansible命令时指定私钥参数
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root server2 ansible_user=root server3 ansible_user=root
测试成功
[root@ansible ~]# ansible servers --private-key=.ssh/id_rsa_ansible -m command -a hostname server1 | CHANGED | rc=0 >> server1 server2 | CHANGED | rc=0 >> server2 server3 | CHANGED | rc=0 >> server3 [root@ansible ~]#
2月 202020
禁用防火墙
[root@radius ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. [root@radius ~]# systemctl stop firewalld [root@radius ~]#
安装AMP环境
[root@radius ~]# yum install php php-pdo php-mysql php-gd php-pear httpd mariadb-server mariadb
创建数据库
MariaDB [(none)]> create database radius; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on radius.* to radius@localhost; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> set password for radius@localhost=password('radiuspassword'); Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)
设置系统及PHP时区
[root@radius ~]# cp /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime cp: overwrite ‘/etc/localtime’? y [root@radius ~]# [root@radius ~]# vi /etc/php.ini ;date.timezone = date.timezone = Asia/Hong_Kong
安装Free RADIUS及相关组件软件包
[root@radius html]# yum install freeradius freeradius-utils freeradius-mysql
查看FreeRADIUS安装包路径
[root@radius html]# rpm -lq freeradius /etc/logrotate.d/radiusd /etc/pam.d/radiusd /etc/raddb /etc/raddb/README.rst /etc/raddb/certs /etc/raddb/certs/Makefile /etc/raddb/certs/README /etc/raddb/certs/bootstrap /etc/raddb/certs/ca.cnf /etc/raddb/certs/client.cnf /etc/raddb/certs/passwords.mk /etc/raddb/certs/server.cnf /etc/raddb/certs/xpextensions /etc/raddb/clients.conf /etc/raddb/dictionary /etc/raddb/hints /etc/raddb/huntgroups /etc/raddb/mods-available /etc/raddb/mods-available/README.rst /etc/raddb/mods-available/always /etc/raddb/mods-available/attr_filter /etc/raddb/mods-available/cache /etc/raddb/mods-available/cache_eap /etc/raddb/mods-available/chap /etc/raddb/mods-available/counter /etc/raddb/mods-available/cui /etc/raddb/mods-available/date /etc/raddb/mods-available/detail /etc/raddb/mods-available/detail.example.com /etc/raddb/mods-available/detail.log /etc/raddb/mods-available/dhcp /etc/raddb/mods-available/dhcp_sqlippool /etc/raddb/mods-available/digest /etc/raddb/mods-available/dynamic_clients /etc/raddb/mods-available/eap /etc/raddb/mods-available/echo /etc/raddb/mods-available/etc_group /etc/raddb/mods-available/exec /etc/raddb/mods-available/expiration /etc/raddb/mods-available/expr /etc/raddb/mods-available/files /etc/raddb/mods-available/idn /etc/raddb/mods-available/inner-eap /etc/raddb/mods-available/ippool /etc/raddb/mods-available/linelog /etc/raddb/mods-available/logintime /etc/raddb/mods-available/mac2ip /etc/raddb/mods-available/mac2vlan /etc/raddb/mods-available/mschap /etc/raddb/mods-available/ntlm_auth /etc/raddb/mods-available/opendirectory /etc/raddb/mods-available/otp /etc/raddb/mods-available/pam /etc/raddb/mods-available/pap /etc/raddb/mods-available/passwd /etc/raddb/mods-available/preprocess /etc/raddb/mods-available/python /etc/raddb/mods-available/radutmp /etc/raddb/mods-available/realm /etc/raddb/mods-available/redis /etc/raddb/mods-available/rediswho /etc/raddb/mods-available/replicate /etc/raddb/mods-available/rest /etc/raddb/mods-available/smbpasswd /etc/raddb/mods-available/smsotp /etc/raddb/mods-available/soh /etc/raddb/mods-available/sometimes /etc/raddb/mods-available/sql /etc/raddb/mods-available/sqlcounter /etc/raddb/mods-available/sqlippool /etc/raddb/mods-available/sradutmp /etc/raddb/mods-available/unix /etc/raddb/mods-available/unpack /etc/raddb/mods-available/utf8 /etc/raddb/mods-available/wimax /etc/raddb/mods-available/yubikey /etc/raddb/mods-config /etc/raddb/mods-config/README.rst /etc/raddb/mods-config/attr_filter /etc/raddb/mods-config/attr_filter/access_challenge /etc/raddb/mods-config/attr_filter/access_reject /etc/raddb/mods-config/attr_filter/accounting_response /etc/raddb/mods-config/attr_filter/post-proxy /etc/raddb/mods-config/attr_filter/pre-proxy /etc/raddb/mods-config/files /etc/raddb/mods-config/files/accounting /etc/raddb/mods-config/files/authorize /etc/raddb/mods-config/files/pre-proxy /etc/raddb/mods-config/preprocess /etc/raddb/mods-config/preprocess/hints /etc/raddb/mods-config/preprocess/huntgroups /etc/raddb/mods-config/sql /etc/raddb/mods-config/sql/counter /etc/raddb/mods-config/sql/cui /etc/raddb/mods-config/sql/ippool /etc/raddb/mods-config/sql/ippool-dhcp /etc/raddb/mods-config/sql/main /etc/raddb/mods-enabled /etc/raddb/mods-enabled/always /etc/raddb/mods-enabled/attr_filter /etc/raddb/mods-enabled/cache_eap /etc/raddb/mods-enabled/chap /etc/raddb/mods-enabled/date /etc/raddb/mods-enabled/detail /etc/raddb/mods-enabled/detail.log /etc/raddb/mods-enabled/dhcp /etc/raddb/mods-enabled/digest /etc/raddb/mods-enabled/dynamic_clients /etc/raddb/mods-enabled/eap /etc/raddb/mods-enabled/echo /etc/raddb/mods-enabled/exec /etc/raddb/mods-enabled/expiration /etc/raddb/mods-enabled/expr /etc/raddb/mods-enabled/files /etc/raddb/mods-enabled/linelog /etc/raddb/mods-enabled/logintime /etc/raddb/mods-enabled/mschap /etc/raddb/mods-enabled/ntlm_auth /etc/raddb/mods-enabled/pap /etc/raddb/mods-enabled/passwd /etc/raddb/mods-enabled/preprocess /etc/raddb/mods-enabled/radutmp /etc/raddb/mods-enabled/realm /etc/raddb/mods-enabled/replicate /etc/raddb/mods-enabled/soh /etc/raddb/mods-enabled/sradutmp /etc/raddb/mods-enabled/unix /etc/raddb/mods-enabled/unpack /etc/raddb/mods-enabled/utf8 /etc/raddb/panic.gdb /etc/raddb/policy.d /etc/raddb/policy.d/accounting /etc/raddb/policy.d/canonicalization /etc/raddb/policy.d/control /etc/raddb/policy.d/cui /etc/raddb/policy.d/debug /etc/raddb/policy.d/dhcp /etc/raddb/policy.d/eap /etc/raddb/policy.d/filter /etc/raddb/policy.d/operator-name /etc/raddb/proxy.conf /etc/raddb/radiusd.conf /etc/raddb/sites-available /etc/raddb/sites-available/README /etc/raddb/sites-available/buffered-sql /etc/raddb/sites-available/challenge /etc/raddb/sites-available/channel_bindings /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-available/coa /etc/raddb/sites-available/control-socket /etc/raddb/sites-available/copy-acct-to-home-server /etc/raddb/sites-available/decoupled-accounting /etc/raddb/sites-available/default /etc/raddb/sites-available/dhcp /etc/raddb/sites-available/dhcp.relay /etc/raddb/sites-available/dynamic-clients /etc/raddb/sites-available/example /etc/raddb/sites-available/inner-tunnel /etc/raddb/sites-available/originate-coa /etc/raddb/sites-available/proxy-inner-tunnel /etc/raddb/sites-available/robust-proxy-accounting /etc/raddb/sites-available/soh /etc/raddb/sites-available/status /etc/raddb/sites-available/tls /etc/raddb/sites-available/virtual.example.com /etc/raddb/sites-available/vmps /etc/raddb/sites-enabled /etc/raddb/sites-enabled/default /etc/raddb/sites-enabled/inner-tunnel /etc/raddb/templates.conf /etc/raddb/trigger.conf /etc/raddb/users /usr/lib/systemd/system/radiusd.service /usr/lib/tmpfiles.d/radiusd.conf /usr/lib64/freeradius /usr/lib64/freeradius/libfreeradius-dhcp.so /usr/lib64/freeradius/libfreeradius-eap.so /usr/lib64/freeradius/libfreeradius-radius.so /usr/lib64/freeradius/libfreeradius-server.so /usr/lib64/freeradius/proto_dhcp.so /usr/lib64/freeradius/proto_vmps.so /usr/lib64/freeradius/rlm_always.so /usr/lib64/freeradius/rlm_attr_filter.so /usr/lib64/freeradius/rlm_cache.so /usr/lib64/freeradius/rlm_cache_rbtree.so /usr/lib64/freeradius/rlm_chap.so /usr/lib64/freeradius/rlm_counter.so /usr/lib64/freeradius/rlm_cram.so /usr/lib64/freeradius/rlm_date.so /usr/lib64/freeradius/rlm_detail.so /usr/lib64/freeradius/rlm_dhcp.so /usr/lib64/freeradius/rlm_digest.so /usr/lib64/freeradius/rlm_dynamic_clients.so /usr/lib64/freeradius/rlm_eap.so /usr/lib64/freeradius/rlm_eap_fast.so /usr/lib64/freeradius/rlm_eap_gtc.so /usr/lib64/freeradius/rlm_eap_leap.so /usr/lib64/freeradius/rlm_eap_md5.so /usr/lib64/freeradius/rlm_eap_mschapv2.so /usr/lib64/freeradius/rlm_eap_peap.so /usr/lib64/freeradius/rlm_eap_pwd.so /usr/lib64/freeradius/rlm_eap_sim.so /usr/lib64/freeradius/rlm_eap_tls.so /usr/lib64/freeradius/rlm_eap_tnc.so /usr/lib64/freeradius/rlm_eap_ttls.so /usr/lib64/freeradius/rlm_exec.so /usr/lib64/freeradius/rlm_expiration.so /usr/lib64/freeradius/rlm_expr.so /usr/lib64/freeradius/rlm_files.so /usr/lib64/freeradius/rlm_ippool.so /usr/lib64/freeradius/rlm_linelog.so /usr/lib64/freeradius/rlm_logintime.so /usr/lib64/freeradius/rlm_mschap.so /usr/lib64/freeradius/rlm_otp.so /usr/lib64/freeradius/rlm_pam.so /usr/lib64/freeradius/rlm_pap.so /usr/lib64/freeradius/rlm_passwd.so /usr/lib64/freeradius/rlm_preprocess.so /usr/lib64/freeradius/rlm_radutmp.so /usr/lib64/freeradius/rlm_realm.so /usr/lib64/freeradius/rlm_replicate.so /usr/lib64/freeradius/rlm_soh.so /usr/lib64/freeradius/rlm_sometimes.so /usr/lib64/freeradius/rlm_sql.so /usr/lib64/freeradius/rlm_sql_null.so /usr/lib64/freeradius/rlm_sqlcounter.so /usr/lib64/freeradius/rlm_sqlippool.so /usr/lib64/freeradius/rlm_unix.so /usr/lib64/freeradius/rlm_unpack.so /usr/lib64/freeradius/rlm_utf8.so /usr/lib64/freeradius/rlm_wimax.so /usr/lib64/freeradius/rlm_yubikey.so /usr/sbin/checkrad /usr/sbin/raddebug /usr/sbin/radiusd /usr/sbin/radmin /usr/share/doc/freeradius-3.0.13/LICENSE.gpl /usr/share/doc/freeradius-3.0.13/LICENSE.lgpl /usr/share/doc/freeradius-3.0.13/LICENSE.openssl /usr/share/doc/freeradius-3.0.13/REDHAT /usr/share/freeradius /usr/share/freeradius/dictionary /usr/share/freeradius/dictionary.3com /usr/share/freeradius/dictionary.3gpp /usr/share/freeradius/dictionary.3gpp2 /usr/share/freeradius/dictionary.acc /usr/share/freeradius/dictionary.acme /usr/share/freeradius/dictionary.actelis /usr/share/freeradius/dictionary.adtran /usr/share/freeradius/dictionary.aerohive /usr/share/freeradius/dictionary.airespace /usr/share/freeradius/dictionary.alcatel /usr/share/freeradius/dictionary.alcatel-lucent.aaa /usr/share/freeradius/dictionary.alcatel.esam /usr/share/freeradius/dictionary.alcatel.sr /usr/share/freeradius/dictionary.alteon /usr/share/freeradius/dictionary.altiga /usr/share/freeradius/dictionary.alvarion /usr/share/freeradius/dictionary.alvarion.wimax.v2_2 /usr/share/freeradius/dictionary.apc /usr/share/freeradius/dictionary.aptilo /usr/share/freeradius/dictionary.aptis /usr/share/freeradius/dictionary.arbor /usr/share/freeradius/dictionary.arista /usr/share/freeradius/dictionary.aruba /usr/share/freeradius/dictionary.ascend /usr/share/freeradius/dictionary.ascend.illegal /usr/share/freeradius/dictionary.asn /usr/share/freeradius/dictionary.audiocodes /usr/share/freeradius/dictionary.avaya /usr/share/freeradius/dictionary.azaire /usr/share/freeradius/dictionary.bay /usr/share/freeradius/dictionary.bintec /usr/share/freeradius/dictionary.bluecoat /usr/share/freeradius/dictionary.boingo /usr/share/freeradius/dictionary.bristol /usr/share/freeradius/dictionary.broadsoft /usr/share/freeradius/dictionary.brocade /usr/share/freeradius/dictionary.bskyb /usr/share/freeradius/dictionary.bt /usr/share/freeradius/dictionary.cablelabs /usr/share/freeradius/dictionary.cabletron /usr/share/freeradius/dictionary.camiant /usr/share/freeradius/dictionary.checkpoint /usr/share/freeradius/dictionary.chillispot /usr/share/freeradius/dictionary.cisco /usr/share/freeradius/dictionary.cisco.asa /usr/share/freeradius/dictionary.cisco.bbsm /usr/share/freeradius/dictionary.cisco.vpn3000 /usr/share/freeradius/dictionary.cisco.vpn5000 /usr/share/freeradius/dictionary.citrix /usr/share/freeradius/dictionary.clavister /usr/share/freeradius/dictionary.cnergee /usr/share/freeradius/dictionary.colubris /usr/share/freeradius/dictionary.columbia_university /usr/share/freeradius/dictionary.compat /usr/share/freeradius/dictionary.compatible /usr/share/freeradius/dictionary.cosine /usr/share/freeradius/dictionary.dante /usr/share/freeradius/dictionary.dhcp /usr/share/freeradius/dictionary.digium /usr/share/freeradius/dictionary.dlink /usr/share/freeradius/dictionary.dragonwave /usr/share/freeradius/dictionary.efficientip /usr/share/freeradius/dictionary.eltex /usr/share/freeradius/dictionary.epygi /usr/share/freeradius/dictionary.equallogic /usr/share/freeradius/dictionary.ericsson /usr/share/freeradius/dictionary.ericsson.ab /usr/share/freeradius/dictionary.ericsson.packet.core.networks /usr/share/freeradius/dictionary.erx /usr/share/freeradius/dictionary.extreme /usr/share/freeradius/dictionary.f5 /usr/share/freeradius/dictionary.fdxtended /usr/share/freeradius/dictionary.fortinet /usr/share/freeradius/dictionary.foundry /usr/share/freeradius/dictionary.freedhcp /usr/share/freeradius/dictionary.freeradius /usr/share/freeradius/dictionary.freeradius.internal /usr/share/freeradius/dictionary.freeswitch /usr/share/freeradius/dictionary.gandalf /usr/share/freeradius/dictionary.garderos /usr/share/freeradius/dictionary.gemtek /usr/share/freeradius/dictionary.h3c /usr/share/freeradius/dictionary.hillstone /usr/share/freeradius/dictionary.hp /usr/share/freeradius/dictionary.huawei /usr/share/freeradius/dictionary.iana /usr/share/freeradius/dictionary.iea /usr/share/freeradius/dictionary.infoblox /usr/share/freeradius/dictionary.infonet /usr/share/freeradius/dictionary.ipunplugged /usr/share/freeradius/dictionary.issanni /usr/share/freeradius/dictionary.itk /usr/share/freeradius/dictionary.juniper /usr/share/freeradius/dictionary.karlnet /usr/share/freeradius/dictionary.kineto /usr/share/freeradius/dictionary.lancom /usr/share/freeradius/dictionary.lantronix /usr/share/freeradius/dictionary.livingston /usr/share/freeradius/dictionary.localweb /usr/share/freeradius/dictionary.lucent /usr/share/freeradius/dictionary.manzara /usr/share/freeradius/dictionary.meinberg /usr/share/freeradius/dictionary.meraki /usr/share/freeradius/dictionary.merit /usr/share/freeradius/dictionary.meru /usr/share/freeradius/dictionary.microsemi /usr/share/freeradius/dictionary.microsoft /usr/share/freeradius/dictionary.mikrotik /usr/share/freeradius/dictionary.motorola /usr/share/freeradius/dictionary.motorola.illegal /usr/share/freeradius/dictionary.motorola.wimax /usr/share/freeradius/dictionary.navini /usr/share/freeradius/dictionary.netscreen /usr/share/freeradius/dictionary.networkphysics /usr/share/freeradius/dictionary.nexans /usr/share/freeradius/dictionary.nokia /usr/share/freeradius/dictionary.nokia.conflict /usr/share/freeradius/dictionary.nomadix /usr/share/freeradius/dictionary.nortel /usr/share/freeradius/dictionary.ntua /usr/share/freeradius/dictionary.openser /usr/share/freeradius/dictionary.packeteer /usr/share/freeradius/dictionary.paloalto /usr/share/freeradius/dictionary.patton /usr/share/freeradius/dictionary.perle /usr/share/freeradius/dictionary.propel /usr/share/freeradius/dictionary.prosoft /usr/share/freeradius/dictionary.proxim /usr/share/freeradius/dictionary.purewave /usr/share/freeradius/dictionary.quiconnect /usr/share/freeradius/dictionary.quintum /usr/share/freeradius/dictionary.redcreek /usr/share/freeradius/dictionary.rfc2865 /usr/share/freeradius/dictionary.rfc2866 /usr/share/freeradius/dictionary.rfc2867 /usr/share/freeradius/dictionary.rfc2868 /usr/share/freeradius/dictionary.rfc2869 /usr/share/freeradius/dictionary.rfc3162 /usr/share/freeradius/dictionary.rfc3576 /usr/share/freeradius/dictionary.rfc3580 /usr/share/freeradius/dictionary.rfc4072 /usr/share/freeradius/dictionary.rfc4372 /usr/share/freeradius/dictionary.rfc4603 /usr/share/freeradius/dictionary.rfc4675 /usr/share/freeradius/dictionary.rfc4679 /usr/share/freeradius/dictionary.rfc4818 /usr/share/freeradius/dictionary.rfc4849 /usr/share/freeradius/dictionary.rfc5090 /usr/share/freeradius/dictionary.rfc5176 /usr/share/freeradius/dictionary.rfc5447 /usr/share/freeradius/dictionary.rfc5580 /usr/share/freeradius/dictionary.rfc5607 /usr/share/freeradius/dictionary.rfc5904 /usr/share/freeradius/dictionary.rfc6519 /usr/share/freeradius/dictionary.rfc6572 /usr/share/freeradius/dictionary.rfc6677 /usr/share/freeradius/dictionary.rfc6911 /usr/share/freeradius/dictionary.rfc6929 /usr/share/freeradius/dictionary.rfc6930 /usr/share/freeradius/dictionary.rfc7055 /usr/share/freeradius/dictionary.rfc7155 /usr/share/freeradius/dictionary.rfc7268 /usr/share/freeradius/dictionary.rfc7499 /usr/share/freeradius/dictionary.rfc7930 /usr/share/freeradius/dictionary.riverbed /usr/share/freeradius/dictionary.riverstone /usr/share/freeradius/dictionary.roaringpenguin /usr/share/freeradius/dictionary.ruckus /usr/share/freeradius/dictionary.ruggedcom /usr/share/freeradius/dictionary.sangoma /usr/share/freeradius/dictionary.sg /usr/share/freeradius/dictionary.shasta /usr/share/freeradius/dictionary.shiva /usr/share/freeradius/dictionary.siemens /usr/share/freeradius/dictionary.slipstream /usr/share/freeradius/dictionary.sofaware /usr/share/freeradius/dictionary.sonicwall /usr/share/freeradius/dictionary.springtide /usr/share/freeradius/dictionary.starent /usr/share/freeradius/dictionary.starent.vsa1 /usr/share/freeradius/dictionary.surfnet /usr/share/freeradius/dictionary.symbol /usr/share/freeradius/dictionary.t_systems_nova /usr/share/freeradius/dictionary.telebit /usr/share/freeradius/dictionary.telkom /usr/share/freeradius/dictionary.terena /usr/share/freeradius/dictionary.trapeze /usr/share/freeradius/dictionary.travelping /usr/share/freeradius/dictionary.tropos /usr/share/freeradius/dictionary.ukerna /usr/share/freeradius/dictionary.unix /usr/share/freeradius/dictionary.usr /usr/share/freeradius/dictionary.usr.illegal /usr/share/freeradius/dictionary.utstarcom /usr/share/freeradius/dictionary.valemount /usr/share/freeradius/dictionary.versanet /usr/share/freeradius/dictionary.vqp /usr/share/freeradius/dictionary.walabi /usr/share/freeradius/dictionary.waverider /usr/share/freeradius/dictionary.wichorus /usr/share/freeradius/dictionary.wifialliance /usr/share/freeradius/dictionary.wimax /usr/share/freeradius/dictionary.wimax.alvarion /usr/share/freeradius/dictionary.wimax.wichorus /usr/share/freeradius/dictionary.wispr /usr/share/freeradius/dictionary.xedia /usr/share/freeradius/dictionary.xylan /usr/share/freeradius/dictionary.yubico /usr/share/freeradius/dictionary.zeus /usr/share/freeradius/dictionary.zte /usr/share/freeradius/dictionary.zyxel /usr/share/man/man5/clients.conf.5.gz /usr/share/man/man5/dictionary.5.gz /usr/share/man/man5/radiusd.conf.5.gz /usr/share/man/man5/radrelay.conf.5.gz /usr/share/man/man5/rlm_always.5.gz /usr/share/man/man5/rlm_attr_filter.5.gz /usr/share/man/man5/rlm_chap.5.gz /usr/share/man/man5/rlm_counter.5.gz /usr/share/man/man5/rlm_detail.5.gz /usr/share/man/man5/rlm_digest.5.gz /usr/share/man/man5/rlm_expr.5.gz /usr/share/man/man5/rlm_files.5.gz /usr/share/man/man5/rlm_idn.5.gz /usr/share/man/man5/rlm_mschap.5.gz /usr/share/man/man5/rlm_pap.5.gz /usr/share/man/man5/rlm_passwd.5.gz /usr/share/man/man5/rlm_realm.5.gz /usr/share/man/man5/rlm_sql.5.gz /usr/share/man/man5/rlm_unix.5.gz /usr/share/man/man5/unlang.5.gz /usr/share/man/man5/users.5.gz /usr/share/man/man8/raddebug.8.gz /usr/share/man/man8/radiusd.8.gz /usr/share/man/man8/radmin.8.gz /usr/share/man/man8/radrelay.8.gz /usr/share/snmp/mibs/FREERADIUS-MGMT-MIB.mib /usr/share/snmp/mibs/FREERADIUS-NOTIFICATION-MIB.mib /usr/share/snmp/mibs/FREERADIUS-PRODUCT-RADIUSD-MIB.mib /usr/share/snmp/mibs/FREERADIUS-SMI.mib /usr/share/snmp/mibs/RADIUS-ACC-CLIENT-MIB.mib /usr/share/snmp/mibs/RADIUS-ACC-SERVER-MIB.mib /usr/share/snmp/mibs/RADIUS-AUTH-CLIENT-MIB.mib /usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.mib /usr/share/snmp/mibs/RADIUS-STAT-MIB.mib /var/lib/radiusd /var/log/radius /var/log/radius/radacct /var/log/radius/radius.log /var/log/radius/radutmp /var/run/radiusd /var/run/radiusd/tmp [root@radius html]#
查看FreeRADIUS工具包安装路径
[root@radius html]# rpm -lq freeradius-utils /usr/bin/dhcpclient /usr/bin/map_unit /usr/bin/rad_counter /usr/bin/radattr /usr/bin/radclient /usr/bin/radcrypt /usr/bin/radeapclient /usr/bin/radlast /usr/bin/radsniff /usr/bin/radsqlrelay /usr/bin/radtest /usr/bin/radwho /usr/bin/radzap /usr/bin/rlm_ippool_tool /usr/bin/smbencrypt /usr/share/man/man1/dhcpclient.1.gz /usr/share/man/man1/rad_counter.1.gz /usr/share/man/man1/radclient.1.gz /usr/share/man/man1/radeapclient.1.gz /usr/share/man/man1/radlast.1.gz /usr/share/man/man1/radtest.1.gz /usr/share/man/man1/radwho.1.gz /usr/share/man/man1/radzap.1.gz /usr/share/man/man1/smbencrypt.1.gz /usr/share/man/man5/checkrad.5.gz /usr/share/man/man8/radcrypt.8.gz /usr/share/man/man8/radsniff.8.gz /usr/share/man/man8/radsqlrelay.8.gz /usr/share/man/man8/rlm_ippool_tool.8.gz [root@radius html]#
查看FreeRADIUS MySQL数据库扩展包安装路
[root@radius html]# rpm -lq freeradius-mysql /etc/raddb/mods-config/sql/counter/mysql /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf /etc/raddb/mods-config/sql/cui/mysql /etc/raddb/mods-config/sql/cui/mysql/queries.conf /etc/raddb/mods-config/sql/cui/mysql/schema.sql /etc/raddb/mods-config/sql/ippool-dhcp/mysql /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql /etc/raddb/mods-config/sql/ippool/mysql /etc/raddb/mods-config/sql/ippool/mysql/queries.conf /etc/raddb/mods-config/sql/ippool/mysql/schema.sql /etc/raddb/mods-config/sql/main/mysql /etc/raddb/mods-config/sql/main/mysql/extras /etc/raddb/mods-config/sql/main/mysql/extras/wimax /etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf /etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/schema.sql /etc/raddb/mods-config/sql/main/mysql/setup.sql /etc/raddb/mods-config/sql/main/ndb /etc/raddb/mods-config/sql/main/ndb/README /etc/raddb/mods-config/sql/main/ndb/schema.sql /etc/raddb/mods-config/sql/main/ndb/setup.sql /usr/lib64/freeradius/rlm_sql_mysql.so [root@radius html]#
注册并启动服务
[root@radius ~]# systemctl enable radiusd Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service. [root@radius ~]# systemctl start radiusd [root@radius ~]#
查看端口监听(UDP1812/UDP1813)
[root@radius ~]# netstat -ltun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 127.0.0.1:18120 0.0.0.0:* udp 0 0 0.0.0.0:56569 0.0.0.0:* udp 0 0 0.0.0.0:1812 0.0.0.0:* udp 0 0 0.0.0.0:1813 0.0.0.0:* udp6 0 0 ::1:323 :::* udp6 0 0 :::54657 :::* udp6 0 0 :::1812 :::* udp6 0 0 :::1813 :::* [root@radius ~]#
导入数据库
[root@radius ~]# mysql -uroot -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql Enter password: [root@radius ~]#
启用数据库模块
[root@radius ~]# cd /etc/raddb/mods-enabled/ [root@radius mods-enabled]# ln -s ../mods-available/sql sql [root@radius mods-enabled]#
修改数据库连接配置文件
[root@radius mods-enabled]# vi sql driver = "rlm_sql_null" driver = "rlm_sql_mysql" dialect = "sqlite" dialect = "mysql" # server = "localhost" # port = 3306 # login = "radius" # password = "radpass" server = "localhost" port = 3306 login = "radius" password = "radiuspassword" # read_clients = yes read_clients = yes
修改数据库连接配置文件属组
[root@radius mods-enabled]# ll sql lrwxrwxrwx 1 root root 21 Feb 20 05:58 sql -> ../mods-available/sql [root@radius mods-enabled]# chgrp -h radiusd sql [root@radius mods-enabled]# ll sql lrwxrwxrwx 1 root radiusd 21 Feb 20 05:58 sql -> ../mods-available/sql [root@radius mods-enabled]#
下载daloRADIUS安装包并解压缩
[root@radius ~]# wget https://github.com/lirantal/daloradius/archive/master.zip [root@radius ~]# cp -R daloradius-master/ /var/www/html/daloradius
导入数据库
[root@radius ~]# cd /var/www/html/ [root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql Enter password: [root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/mysql-daloradius.sql Enter password: [root@radius html]#
修改目录及配置文件属性
[root@radius html]# chown -R apache.apache daloradius/ [root@radius html]# chmod 664 daloradius/library/daloradius.conf.php [root@radius html]#
修改daloRADIUS配置文件
[root@radius html]# vi daloradius/library/daloradius.conf.php $configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'radiuspassword'; $configValues['CONFIG_DB_NAME'] = 'radius';
安装PEAR扩展
更新频道
[root@radius ~]# pear channel-update pear.php.net Updating channel "pear.php.net" Update of Channel "pear.php.net" succeeded [root@radius ~]#
升级pear/PEAR版本
错误提示
[root@radius ~]# pear install DB WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" pear/DB requires package "pear/PEAR" (version >= 1.10.0), installed version is 1.9.4 No valid packages found install failed [root@radius ~]#
升级操作
[root@radius ~]# pear install PEAR WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus" downloading PEAR-1.10.10.tgz ... Starting to download PEAR-1.10.10.tgz (293,388 bytes) .............................................................done: 293,388 bytes downloading Archive_Tar-1.4.9.tgz ... Starting to download Archive_Tar-1.4.9.tgz (21,343 bytes) ...done: 21,343 bytes downloading Structures_Graph-1.1.1.tgz ... Starting to download Structures_Graph-1.1.1.tgz (12,579 bytes) ...done: 12,579 bytes downloading Console_Getopt-1.4.3.tgz ... Starting to download Console_Getopt-1.4.3.tgz (5,789 bytes) ...done: 5,789 bytes downloading XML_Util-1.4.3.tgz ... Starting to download XML_Util-1.4.3.tgz (18,842 bytes) ...done: 18,842 bytes install ok: channel://pear.php.net/Archive_Tar-1.4.9 install ok: channel://pear.php.net/Structures_Graph-1.1.1 install ok: channel://pear.php.net/Console_Getopt-1.4.3 install ok: channel://pear.php.net/XML_Util-1.4.3 install ok: channel://pear.php.net/PEAR-1.10.10 PEAR: Optional feature webinstaller available (PEAR's web-based installer) PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer) PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer) PEAR: To install optional features use "pear install pear/PEAR#featurename" [root@radius ~]#
安装pear/DB扩展
[root@radius ~]# pear install DB WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" downloading DB-1.9.3.tgz ... Starting to download DB-1.9.3.tgz (132,290 bytes) .............................done: 132,290 bytes install ok: channel://pear.php.net/DB-1.9.3 [root@radius ~]#
安装pear/MDB2扩展
[root@radius ~]# pear install MDB2 downloading MDB2-2.4.1.tgz ... Starting to download MDB2-2.4.1.tgz (121,557 bytes) ..........................done: 121,557 bytes install ok: channel://pear.php.net/MDB2-2.4.1 MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2) MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2) MDB2: Optional feature mysql available (MySQL driver for MDB2) MDB2: Optional feature mysqli available (MySQLi driver for MDB2) MDB2: Optional feature mssql available (MS SQL Server driver for MDB2) MDB2: Optional feature oci8 available (Oracle driver for MDB2) MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2) MDB2: Optional feature querysim available (Querysim driver for MDB2) MDB2: Optional feature sqlite available (SQLite2 driver for MDB2) MDB2: To install optional features use "pear install pear/MDB2#featurename" [root@radius ~]#
重启服务
[root@radius ~]# systemctl restart radiusd
使用浏览器访问daloRADIUS控制台
2月 012020
自签根证书导入客户端计算机
正确的自签CA证书导入路径(证书-本地计算机-受信任的根证书颁发机构)
查看已导入的CA证书详情
错误的自签CA证书导入路径(证书-当前用户-受信任的根证书颁发机构)
证书导入位置错误时的连接错误提示:IKE身份验证凭证不可接受
拨号连接属性设置详情
常规选项卡
安全选项卡
网络选项卡
建立连接后的状态信息
2月 012020
安装EPEL仓库源
[root@host1 ~]# yum -y install epel-release
更新缓存并安装StrongSwan及net-tools工具
[root@host1 ~]# yum makecache [root@host1 ~]# yum -y install strongswan net-tools
查看StrongSwan版本信息
[root@host1 ~]# yum info strongswan Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-lax.psychz.net * epel: mirror.lax.genesisadaptive.com * extras: mirror.hostduplex.com * updates: repos-lax.psychz.net Installed Packages Name : strongswan Arch : x86_64 Version : 5.7.2 Release : 1.el7 Size : 4.0 M Repo : installed From repo : epel Summary : An OpenSource IPsec-based VPN and TNC solution URL : http://www.strongswan.org/ License : GPLv2+ Description : The strongSwan IPsec implementation supports both the IKEv1 and : IKEv2 key exchange protocols in conjunction with the native NETKEY : IPsec stack of the Linux kernel. [root@host1 ~]#
准备证书生成脚本
服务器证书脚本
[root@host1 ipsec.d]# cat server_key.sh #!/bin/bash if [ $1 ]; then CN=$1 echo "generating keys for $CN ..." else echo -e "usage:\n sh server_key.sh YOUR EXACT HOST NAME or SERVER IP\n Run this script in directory to store your keys" exit 1 fi mkdir -p private && mkdir -p cacerts && mkdir -p certs strongswan pki --gen --type rsa --size 4096 --outform pem > private/strongswanKey.pem strongswan pki --self --ca --lifetime 3650 --in private/strongswanKey.pem --type rsa --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" --outform pem > cacerts/strongswanCert.pem echo 'CA certs at cacerts/strongswanCert.pem' strongswan pki --print --in cacerts/strongswanCert.pem sleep 1 echo "generating server keys ..." strongswan pki --gen --type rsa --size 2048 --outform pem > private/vpnHostKey.pem strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" \ --san $CN \ --flag serverAuth --flag ikeIntermediate \ --outform pem > certs/vpnHostCert.pem echo "vpn server cert at certs/vpnHostCert.pem" strongswan pki --print --in certs/vpnHostCert.pem [root@host1 ipsec.d]#
客户端证书脚本
[root@host1 ipsec.d]# cat client_key.sh #!/bin/bash info="usage:\n sh client_key.sh USER_NAME EMAIL \n Run this script in directory to store your keys" if [ $1 ]; then if [ $2 ]; then NAME=$1 MAIL=$2 echo "generating keys for $NAME $MAIL ..." else echo -e $info exit 1 fi else echo -e $info exit 1 fi mkdir -p private && mkdir -p cacerts && mkdir -p certs keyfile="private/"$NAME"Key.pem" certfile="certs/"$NAME"Cert.pem" p12file=$NAME".p12" strongswan pki --gen --type rsa --size 2048 \ --outform pem \ > $keyfile strongswan pki --pub --in $keyfile --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ --dn "C=HK, O=LINUXCACHE.COM, CN=$MAIL" \ --san $MAIL \ --outform pem > $certfile strongswan pki --print --in $certfile echo "Enter password to protect p12 cert for $NAME" openssl pkcs12 -export -inkey $keyfile \ -in $certfile -name "$NAME's VPN Certificate" \ -certfile cacerts/strongswanCert.pem \ -caname "strongSwan Root CA" \ -out $p12file if [ $? -eq 0 ]; then echo "cert for $NAME at $p12file" fi [root@host1 ipsec.d]#
生成服务器证书
[root@host1 ipsec.d]# ./server_key.sh 144.202.116.133 generating keys for 144.202.116.133 ... CA certs at cacerts/strongswanCert.pem subject: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:02:11 2020, ok not after Jan 29 02:02:11 2030, ok (expires in 3650 days) serial: 1d:40:6a:e0:af:56:64:33 flags: CA CRLSign self-signed subjkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 pubkey: RSA 4096 bits keyid: 7e:1e:66:62:f0:cc:d9:51:9e:ea:c0:97:37:d5:84:1c:b9:27:97:c2 subjkey: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 generating server keys ... vpn server cert at certs/vpnHostCert.pem subject: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:02:13 2020, ok not after Jan 31 02:02:13 2022, ok (expires in 730 days) serial: 1d:ff:d1:51:97:c9:46:72 altNames: 144.202.116.133 flags: serverAuth ikeIntermediate authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 subjkeyId: c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe pubkey: RSA 2048 bits keyid: 15:7d:c7:47:3e:07:7b:66:92:d0:2e:75:8e:78:0e:6b:72:8e:5e:b2 subjkey: c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe [root@host1 ipsec.d]#
生成客户端证书并为密钥对设置密码
[root@host1 ipsec.d]# ./client_key.sh harveymei harvey.mei@msn.com generating keys for harveymei harvey.mei@msn.com ... subject: "C=HK, O=LINUXCACHE.COM, CN=harvey.mei@msn.com" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:03:46 2020, ok not after Jan 31 02:03:46 2022, ok (expires in 730 days) serial: 60:f7:02:c5:33:21:3a:13 altNames: harvey.mei@msn.com flags: authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 subjkeyId: ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40 pubkey: RSA 2048 bits keyid: 1a:8d:12:09:54:a6:a6:d4:f9:d4:7a:6c:75:0a:85:6d:90:b6:0d:fe subjkey: ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40 Enter password to protect p12 cert for harveymei Enter Export Password: Verifying - Enter Export Password: cert for harveymei at harveymei.p12 [root@host1 ipsec.d]#
复制客户端需要用到的证书
修改配置文件
修改ipsec.conf配置文件
初始配置文件
# ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections #conn sample-self-signed # leftsubnet=10.1.0.0/16 # leftcert=selfCert.der # leftsendcert=never # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightcert=peerCert.der # auto=start #conn sample-with-ca-cert # leftsubnet=10.1.0.0/16 # leftcert=myCert.pem # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightid="C=HK, O=Linux strongSwan CN=peer name" # auto=start
修改为
config setup uniqueids=never charondebug="cfg 2, dmn 2, ike 2, net 0" conn %default left=%defaultroute leftsubnet=0.0.0.0/0 leftcert=vpnHostCert.pem right=%any rightsourceip=172.16.1.100/16 conn CiscoIPSec keyexchange=ikev1 fragmentation=yes rightauth=pubkey rightauth2=xauth leftsendcert=always rekey=no auto=add conn XauthPsk keyexchange=ikev1 leftauth=psk rightauth=psk rightauth2=xauth auto=add conn IpsecIKEv2 keyexchange=ikev2 leftauth=pubkey rightauth=pubkey leftsendcert=always auto=add conn IpsecIKEv2-EAP keyexchange=ikev2 ike=aes256-sha1-modp1024! rekey=no leftauth=pubkey leftsendcert=always rightauth=eap-mschapv2 eap_identity=%any auto=add
修改strongswan.conf配置文件
初始配置文件
# strongswan.conf - strongSwan configuration file # # Refer to the strongswan.conf(5) manpage for details # # Configuration changes should be made in the included files charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf
修改为
charon { load_modular = yes duplicheck.enable = no compress = yes plugins { include strongswan.d/charon/*.conf } dns1 = 8.8.8.8 dns2 = 8.8.4.4 nbns1 = 8.8.8.8 nbns2 = 8.8.4.4 } include strongswan.d/*.conf
语法变化/错误的处理
Feb 01 02:41:00 host1 strongswan[4598]: /etc/strongswan/strongswan.conf:3: syntax error, unexpected ., expecting : or '{' or '=' [.]
charon { load_modular = yes duplicheck{ enable = no } compress = yes plugins { include strongswan.d/charon/*.conf } dns1 = 8.8.8.8 dns2 = 8.8.4.4 nbns1 = 8.8.8.8 nbns2 = 8.8.4.4 } include strongswan.d/*.conf
修改ipsec.secrets配置文件(账号密码)
初始配置文件
# ipsec.secrets - strongSwan IPsec secrets file
修改为
# ipsec.secrets - strongSwan IPsec secrets file : RSA vpnHostKey.pem : PSK "PSK_KEY" harveymei %any : EAP "harvey#pwd2020" harveymei %any : XAUTH "harvey#pwd2020"
开启内核及防火墙包转发设置
内核
[root@host1 strongswan]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf [root@host1 strongswan]# sysctl -p net.ipv6.conf.all.accept_ra = 2 net.ipv6.conf.eth0.accept_ra = 2 net.ipv4.ip_forward = 1 [root@host1 strongswan]#
防火墙
[root@host1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@host1 ~]# firewall-cmd --permanent --add-service=ipsec success [root@host1 ~]# firewall-cmd --permanent --add-port=4500/udp success [root@host1 ~]# firewall-cmd --permanent --add-masquerade success [root@host1 ~]# firewall-cmd --reload success [root@host1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ipsec ssh ports: 4500/udp protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: [root@host1 ~]#
启动服务
[root@host1 ~]# systemctl enable strongswan Created symlink from /etc/systemd/system/multi-user.target.wants/strongswan.service to /usr/lib/systemd/system/strongswan.service. [root@host1 ~]# systemctl start strongswan
查看端口监听
1月 312020
n2n两种节点类型的命令参数参考
[root@host1 ~]# /usr/local/n2n/sbin/supernode --help Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu Built on Jan 31 2020 06:48:19 Copyright 2007-19 - ntop.org and contributors supernode <config file> (see supernode.conf) or supernode -l <lport> -c <path> [-v] -l <lport> Set UDP main listen port to <lport> -c <path> File containing the allowed communities. -v Increase verbosity. Can be used multiple times. -h This help message. [root@host1 ~]#
[root@host1 ~]# /usr/local/n2n/sbin/edge --help Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu Built on Jan 31 2020 06:48:19 Copyright 2007-19 - ntop.org and contributors edge <config file> (see edge.conf) or edge -d <tun device> -a [static:|dhcp:]<tun IP address> -c <community> [-k <encrypt key>] [-s <netmask>] [-u <uid> -g <gid>][-f][-T <tos>][-m <MAC address>] -l <supernode host:port> [-p <local port>] [-M <mtu>] [-D] [-r] [-E] [-v] [-i <reg_interval>] [-L <reg_ttl>] [-t <mgmt port>] [-A] [-h] -d <tun device> | tun device name -a <mode:address> | Set interface address. For DHCP use '-r -a dhcp:0.0.0.0' -c <community> | n2n community name the edge belongs to. -k <encrypt key> | Encryption key (ASCII) - also N2N_KEY=<encrypt key>. -s <netmask> | Edge interface netmask in dotted decimal notation (255.255.255.0). -l <supernode host:port> | Supernode IP:port -i <reg_interval> | Registration interval, for NAT hole punching (default 20 seconds) -L <reg_ttl> | TTL for registration packet when UDP NAT hole punching through supernode (default 0 for not set ) -p <local port> | Fixed local UDP port. -u <UID> | User ID (numeric) to use when privileges are dropped. -g <GID> | Group ID (numeric) to use when privileges are dropped. -f | Do not fork and run as a daemon; rather run in foreground. -m <MAC address> | Fix MAC address for the TAP interface (otherwise it may be random) | eg. -m 01:02:03:04:05:06 -M <mtu> | Specify n2n MTU of edge interface (default 1290). -D | Enable PMTU discovery. PMTU discovery can reduce fragmentation but | causes connections stall when not properly supported. -r | Enable packet forwarding through n2n community. -E | Accept multicast MAC addresses (default=drop). -S | Do not connect P2P. Always use the supernode. -T <tos> | TOS for packets (e.g. 0x48 for SSH like priority) -v | Make more verbose. Repeat as required. -t <port> | Management UDP Port (for multiple edges on a machine). Environment variables: N2N_KEY | Encryption key (ASCII). Not with -k. [root@host1 ~]#