禁用SELinux配置
[root@lsws ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config; [root@lsws ~]# setenforce 0 [root@lsws ~]#
配置仓库
[root@lsws ~]# dnf install http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm
查看仓库配置文件
[root@lsws ~]# cat /etc/yum.repos.d/litespeed.repo [litespeed] name=LiteSpeed Tech Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/centos/$releasever/$basearch/ failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-update] name=LiteSpeed Tech Update Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/centos/$releasever/update/$basearch/ failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-edge] name=LiteSpeed Tech Edge Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/$basearch/ failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [litespeed-edge-update] name=LiteSpeed Tech Edge Update Repository for CentOS $releasever - $basearch baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/update/$basearch/ failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed [root@lsws ~]#
更新dnf工具缓存
[root@lsws ~]# dnf makecache CentOS-8 - AppStream 12 kB/s | 4.3 kB 00:00 CentOS-8 - Base 7.8 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 2.9 kB/s | 1.5 kB 00:00 LiteSpeed Tech Repository for CentOS 8 - x86_64 2.1 MB/s | 490 kB 00:00 LiteSpeed Tech Update Repository for CentOS 8 - 1.0 MB/s | 227 kB 00:00 Metadata cache created. [root@lsws ~]#
查看openlitespeed包信息
[root@lsws ~]# dnf info openlitespeed Last metadata expiration check: 0:00:36 ago on Mon 24 Aug 2020 02:48:52 AM UTC. Available Packages Name : openlitespeed Version : 1.6.15 Release : 2.el8 Architecture : x86_64 Size : 37 M Source : openlitespeed-1.6.15-2.el8.src.rpm Repository : litespeed-update Summary : OpenLiteSpeed URL : http://www.litespeedtech.com License : GPLv3 Description : OpenLiteSpeed is a high-performance, lightweight, open source : HTTP server developed and copyrighted by LiteSpeed Technologies. : Users are free to download, use, distribute, and modify : OpenLiteSpeed and its source code in accordance with the precepts : of the GPLv3 license. [root@lsws ~]#
安装litespeed及php环境包
问题
[root@lsws ~]# dnf install openlitespeed Last metadata expiration check: 0:00:13 ago on Mon 24 Aug 2020 02:43:32 AM UTC. Error: Problem: package openlitespeed-1.6.15-2.el8.x86_64 requires lsphp73-mcrypt, but none of the providers can be installed - cannot install the best candidate for the job - nothing provides libmcrypt.so.4()(64bit) needed by lsphp73-pecl-mcrypt-1.0.3-1.el8.7.3.x86_64 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) [root@lsws ~]#
解决
[root@lsws ~]# dnf install epel-release
再次安装
[root@lsws ~]# dnf install openlitespeed ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openlitespeed x86_64 1.6.15-2.el8 litespeed-update 37 M Installing dependencies: libXpm x86_64 3.5.12-8.el8 AppStream 58 k libargon2 x86_64 20171227-3.el8 epel 29 k libc-client x86_64 2007f-24.el8 epel 564 k libjpeg-turbo x86_64 1.5.3-10.el8 AppStream 156 k libmcrypt x86_64 2.5.8-26.el8 epel 109 k libnsl x86_64 2.28-101.el8 BaseOS 97 k libwebp x86_64 1.0.0-1.el8 AppStream 273 k libxslt x86_64 1.1.32-4.el8 BaseOS 249 k lsphp73 x86_64 7.3.21-1.el8 litespeed 4.7 M lsphp73-common x86_64 7.3.21-1.el8 litespeed 677 k lsphp73-gd x86_64 7.3.21-1.el8 litespeed 122 k lsphp73-imap x86_64 7.3.21-1.el8 litespeed 39 k lsphp73-mbstring x86_64 7.3.21-1.el8 litespeed 571 k lsphp73-mysqlnd x86_64 7.3.21-1.el8 litespeed 142 k lsphp73-opcache x86_64 7.3.21-1.el8 litespeed 203 k lsphp73-pdo x86_64 7.3.21-1.el8 litespeed 75 k lsphp73-pecl-mcrypt x86_64 1.0.3-1.el8.7.3 litespeed 27 k lsphp73-process x86_64 7.3.21-1.el8 litespeed 37 k lsphp73-xml x86_64 7.3.21-1.el8 litespeed 140 k Transaction Summary ================================================================================ Install 20 Packages
查看openlitespeed安装路径
[root@lsws ~]# ls /usr/local/lsws/ add-ons backup conf gdata lsphp73 phpbuild VERSION admin bin docs GPL.txt lsrecaptcha PLAT adminpasswd cachedata Example lib modules share autoupdate cgid fcgi-bin logs php tmp [root@lsws ~]# [root@lsws ~]# rpm -lq openlitespeed /etc/init.d/lsws /usr/lib/.build-id /usr/lib/.build-id/01 /usr/lib/.build-id/01/1fe5f65c8015eff89a7061cf3cd705df56b14d /usr/lib/.build-id/0e /usr/lib/.build-id/0e/0ad48b16e05134408b5ba7fda33a78ff494487 /usr/lib/.build-id/2c /usr/lib/.build-id/2c/01b36791441d4ea4d211f1568e03a4ad6717eb /usr/lib/.build-id/7d /usr/lib/.build-id/7d/19ffa9101ece0920acec1aa7a41befdf870147 /usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11 /usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11.1 /usr/lib/.build-id/92 /usr/lib/.build-id/92/57016074c47d5ea7e6939c5bf92678f8bf07fd /usr/lib/.build-id/9a /usr/lib/.build-id/9a/54a5da0375a7bee6dfa1cec7ec3c95b51da417 /usr/lib/.build-id/c2 /usr/lib/.build-id/c2/16322f9066a8510f3f5a666bb8af7694727b4b /usr/lib/.build-id/c5 /usr/lib/.build-id/c5/4953e950479bd6c50a614e5d37e8fcc170b91a /usr/lib/.build-id/cd /usr/lib/.build-id/cd/71ea0ab4fcdd0c7976dfe74c8e7333f547fa83 /usr/lib/.build-id/e8 /usr/lib/.build-id/e8/0ec2ee684e24336fb76439c1a1afc48787cdf7 /usr/lib/.build-id/f6 /usr/lib/.build-id/f6/4cc59833a8b1b9b1320b431830b6cf377e8684 /usr/local/lsws /usr/local/lsws/Example /usr/local/lsws/Example/cgi-bin /usr/local/lsws/Example/cgi-bin/helloworld /usr/local/lsws/Example/fcgi-bin /usr/local/lsws/Example/html /usr/local/lsws/Example/html/.htaccess /usr/local/lsws/Example/html/blocked /usr/local/lsws/Example/html/blocked/index.html /usr/local/lsws/Example/html/css /usr/local/lsws/Example/html/css/bootstrap.min.css /usr/local/lsws/Example/html/css/custom.css /usr/local/lsws/Example/html/error404.html /usr/local/lsws/Example/html/img /usr/local/lsws/Example/html/img/404-icon.png /usr/local/lsws/Example/html/img/blocked_content-icon.png /usr/local/lsws/Example/html/img/cgi-icon.png /usr/local/lsws/Example/html/img/file_upload-icon.png /usr/local/lsws/Example/html/img/olsws_logo.png /usr/local/lsws/Example/html/img/php-icon.png /usr/local/lsws/Example/html/img/powered_by_ols-new.png /usr/local/lsws/Example/html/img/pwd_protect-icon.png /usr/local/lsws/Example/html/index.html /usr/local/lsws/Example/html/phpinfo.php /usr/local/lsws/Example/html/protected /usr/local/lsws/Example/html/protected/index.html /usr/local/lsws/Example/html/upload.html /usr/local/lsws/Example/html/upload.php /usr/local/lsws/Example/logs /usr/local/lsws/GPL.txt /usr/local/lsws/PLAT /usr/local/lsws/VERSION /usr/local/lsws/add-ons /usr/local/lsws/add-ons/snmp_monitoring /usr/local/lsws/add-ons/snmp_monitoring/README /usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_snmp_bridge.php /usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_stats.php /usr/local/lsws/add-ons/snmp_monitoring/litespeed_cacti_template.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_extapp.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_general.xml /usr/local/lsws/add-ons/snmp_monitoring/litespeed_vhost.xml /usr/local/lsws/add-ons/snmp_monitoring/sample.php /usr/local/lsws/add-ons/webcachemgr /usr/local/lsws/add-ons/webcachemgr/VERSION /usr/local/lsws/add-ons/webcachemgr/autoloader.php /usr/local/lsws/add-ons/webcachemgr/bootstrap.php /usr/local/lsws/add-ons/webcachemgr/bootstrap_cli.php /usr/local/lsws/add-ons/webcachemgr/src /usr/local/lsws/add-ons/webcachemgr/src/AjaxResponse.php /usr/local/lsws/add-ons/webcachemgr/src/CliController.php /usr/local/lsws/add-ons/webcachemgr/src/Context /usr/local/lsws/add-ons/webcachemgr/src/Context/Context.php /usr/local/lsws/add-ons/webcachemgr/src/Context/ContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/RootCLIContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/RootPanelContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/Context/UserCLIContextOption.php /usr/local/lsws/add-ons/webcachemgr/src/DashNotifier.php /usr/local/lsws/add-ons/webcachemgr/src/LSCMException.php /usr/local/lsws/add-ons/webcachemgr/src/LogEntry.php /usr/local/lsws/add-ons/webcachemgr/src/Logger.php /usr/local/lsws/add-ons/webcachemgr/src/Panel /usr/local/lsws/add-ons/webcachemgr/src/Panel/CPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/ControlPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanel.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanelBase.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/DirectAdmin.php /usr/local/lsws/add-ons/webcachemgr/src/Panel/Plesk.php /usr/local/lsws/add-ons/webcachemgr/src/PanelController.php /usr/local/lsws/add-ons/webcachemgr/src/PluginVersion.php /usr/local/lsws/add-ons/webcachemgr/src/UserCommand.php /usr/local/lsws/add-ons/webcachemgr/src/Util.php /usr/local/lsws/add-ons/webcachemgr/src/View /usr/local/lsws/add-ons/webcachemgr/src/View/AjaxView.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model /usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax /usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax/CacheMgrRowViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/CacheRootNotSetViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/DashNotifierViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/DataFileMsgViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/ManageViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashDisableProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashNotifyProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/MissingTplViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/RefreshStatusProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/ScanProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/UnflagAllProgressViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionChangeViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionManageViewModel.php /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrActionsCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrFlagCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrStatusCol.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks/InputSubmitBtn.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/CacheRootNotSet.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DashNotifier.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DataFileMsg.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Manage.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashDisableProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashNotifyProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisable.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisableProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MissingTpl.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/RefreshStatusProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/ScanProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/UnflagAllProgress.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionChange.tpl /usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionManage.tpl /usr/local/lsws/add-ons/webcachemgr/src/WPCaller.php /usr/local/lsws/add-ons/webcachemgr/src/WPDashMsgs.php /usr/local/lsws/add-ons/webcachemgr/src/WPInstall.php /usr/local/lsws/add-ons/webcachemgr/src/WPInstallStorage.php /usr/local/lsws/admin /usr/local/lsws/admin/cgid /usr/local/lsws/admin/cgid/secret /usr/local/lsws/admin/conf /usr/local/lsws/admin/conf/admin_config.conf /usr/local/lsws/admin/conf/htpasswd /usr/local/lsws/admin/conf/jcryption_keypair /usr/local/lsws/admin/conf/php.ini /usr/local/lsws/admin/fcgi-bin /usr/local/lsws/admin/fcgi-bin/admin_php /usr/local/lsws/admin/html /usr/local/lsws/admin/html.open /usr/local/lsws/admin/html.open/favicon.ico /usr/local/lsws/admin/html.open/index.php /usr/local/lsws/admin/html.open/lib /usr/local/lsws/admin/html.open/lib/CAuthorizer.php /usr/local/lsws/admin/html.open/lib/CData.php /usr/local/lsws/admin/html.open/lib/CNode.php /usr/local/lsws/admin/html.open/lib/CValidation.php /usr/local/lsws/admin/html.open/lib/ControllerBase.php /usr/local/lsws/admin/html.open/lib/DAttrBase.php /usr/local/lsws/admin/html.open/lib/DAttrHelp.php /usr/local/lsws/admin/html.open/lib/DInfo.php /usr/local/lsws/admin/html.open/lib/DKeywordAlias.php /usr/local/lsws/admin/html.open/lib/DMsg.php /usr/local/lsws/admin/html.open/lib/DPage.php /usr/local/lsws/admin/html.open/lib/DTbl.php /usr/local/lsws/admin/html.open/lib/DTblDefBase.php /usr/local/lsws/admin/html.open/lib/DTblMap.php /usr/local/lsws/admin/html.open/lib/LogViewer.php /usr/local/lsws/admin/html.open/lib/PathTool.php /usr/local/lsws/admin/html.open/lib/PlainConfParser.php /usr/local/lsws/admin/html.open/lib/SInfo.php /usr/local/lsws/admin/html.open/lib/XmlParser.php /usr/local/lsws/admin/html.open/lib/blowfish.php /usr/local/lsws/admin/html.open/lib/jCryption.php /usr/local/lsws/admin/html.open/lib/ows /usr/local/lsws/admin/html.open/lib/ows/ConfValidation.php /usr/local/lsws/admin/html.open/lib/ows/DAttr.php /usr/local/lsws/admin/html.open/lib/ows/DPageDef.php /usr/local/lsws/admin/html.open/lib/ows/DTblDef.php /usr/local/lsws/admin/html.open/lib/ows/Product.php /usr/local/lsws/admin/html.open/lib/ows/RealTimeStats.php /usr/local/lsws/admin/html.open/lib/ows/Service.php /usr/local/lsws/admin/html.open/lib/ows/UI.php /usr/local/lsws/admin/html.open/lib/util /usr/local/lsws/admin/html.open/lib/util/build_php /usr/local/lsws/admin/html.open/lib/util/build_php/BuildConfig.php /usr/local/lsws/admin/html.open/lib/util/build_php/build_common.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_install.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_install_ext.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_manual_run.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare.template /usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare_ext.template /usr/local/lsws/admin/html.open/lib/util/build_php/buildfunc.inc.php /usr/local/lsws/admin/html.open/login.php /usr/local/lsws/admin/html.open/res /usr/local/lsws/admin/html.open/res/css /usr/local/lsws/admin/html.open/res/css/bootstrap.min.css /usr/local/lsws/admin/html.open/res/css/font-awesome.min.css /usr/local/lsws/admin/html.open/res/css/googlefonts.css /usr/local/lsws/admin/html.open/res/css/lockscreen.min.css /usr/local/lsws/admin/html.open/res/css/lst-webadmin.min.css /usr/local/lsws/admin/html.open/res/css/smartadmin-production.min.css /usr/local/lsws/admin/html.open/res/fonts /usr/local/lsws/admin/html.open/res/fonts/FontAwesome.otf /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.eot /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.svg /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.ttf /usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.woff /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.eot /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.svg /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.ttf /usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff2 /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff /usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff2 /usr/local/lsws/admin/html.open/res/img /usr/local/lsws/admin/html.open/res/img/ajax-loader.gif /usr/local/lsws/admin/html.open/res/img/alpha.png /usr/local/lsws/admin/html.open/res/img/blank.gif /usr/local/lsws/admin/html.open/res/img/clear.png /usr/local/lsws/admin/html.open/res/img/favicon /usr/local/lsws/admin/html.open/res/img/favicon/favicon.ico /usr/local/lsws/admin/html.open/res/img/hue.png /usr/local/lsws/admin/html.open/res/img/icons /usr/local/lsws/admin/html.open/res/img/icons/adminconfig.gif /usr/local/lsws/admin/html.open/res/img/icons/administrator.gif /usr/local/lsws/admin/html.open/res/img/icons/application.gif /usr/local/lsws/admin/html.open/res/img/icons/cgi.gif /usr/local/lsws/admin/html.open/res/img/icons/controlpanel.gif /usr/local/lsws/admin/html.open/res/img/icons/database.gif /usr/local/lsws/admin/html.open/res/img/icons/debug.gif /usr/local/lsws/admin/html.open/res/img/icons/down.gif /usr/local/lsws/admin/html.open/res/img/icons/edit.gif /usr/local/lsws/admin/html.open/res/img/icons/fast_cgi.gif /usr/local/lsws/admin/html.open/res/img/icons/favicon.ico /usr/local/lsws/admin/html.open/res/img/icons/file.gif /usr/local/lsws/admin/html.open/res/img/icons/filter.gif /usr/local/lsws/admin/html.open/res/img/icons/form.gif /usr/local/lsws/admin/html.open/res/img/icons/graph.gif /usr/local/lsws/admin/html.open/res/img/icons/help.png /usr/local/lsws/admin/html.open/res/img/icons/info.gif /usr/local/lsws/admin/html.open/res/img/icons/link.gif /usr/local/lsws/admin/html.open/res/img/icons/load_balancer.gif /usr/local/lsws/admin/html.open/res/img/icons/lock.gif /usr/local/lsws/admin/html.open/res/img/icons/ls_sapi.gif /usr/local/lsws/admin/html.open/res/img/icons/module.gif /usr/local/lsws/admin/html.open/res/img/icons/module_handler.gif /usr/local/lsws/admin/html.open/res/img/icons/network.gif /usr/local/lsws/admin/html.open/res/img/icons/play.gif /usr/local/lsws/admin/html.open/res/img/icons/record.gif /usr/local/lsws/admin/html.open/res/img/icons/redirect.gif /usr/local/lsws/admin/html.open/res/img/icons/refresh.gif /usr/local/lsws/admin/html.open/res/img/icons/report.gif /usr/local/lsws/admin/html.open/res/img/icons/script.gif /usr/local/lsws/admin/html.open/res/img/icons/search.gif /usr/local/lsws/admin/html.open/res/img/icons/serverconfig.gif /usr/local/lsws/admin/html.open/res/img/icons/servlet_engine.gif /usr/local/lsws/admin/html.open/res/img/icons/shield.gif /usr/local/lsws/admin/html.open/res/img/icons/stop.gif /usr/local/lsws/admin/html.open/res/img/icons/trash.gif /usr/local/lsws/admin/html.open/res/img/icons/up.gif /usr/local/lsws/admin/html.open/res/img/icons/web.gif /usr/local/lsws/admin/html.open/res/img/icons/web_link.gif /usr/local/lsws/admin/html.open/res/img/icons/web_server.gif /usr/local/lsws/admin/html.open/res/img/loading.gif /usr/local/lsws/admin/html.open/res/img/lsws_bolt.png /usr/local/lsws/admin/html.open/res/img/lsws_bolt.svg /usr/local/lsws/admin/html.open/res/img/mappin-default.png /usr/local/lsws/admin/html.open/res/img/minus.png /usr/local/lsws/admin/html.open/res/img/mybg.png /usr/local/lsws/admin/html.open/res/img/plus.png /usr/local/lsws/admin/html.open/res/img/product_logo.gif /usr/local/lsws/admin/html.open/res/img/product_logo.svg /usr/local/lsws/admin/html.open/res/img/ribbon.png /usr/local/lsws/admin/html.open/res/img/sa-dark.png /usr/local/lsws/admin/html.open/res/img/sa-default.png /usr/local/lsws/admin/html.open/res/img/sort_asc.png /usr/local/lsws/admin/html.open/res/img/sort_asc_disabled.png /usr/local/lsws/admin/html.open/res/img/sort_both.png /usr/local/lsws/admin/html.open/res/img/sort_desc.png /usr/local/lsws/admin/html.open/res/img/sort_desc_disabled.png /usr/local/lsws/admin/html.open/res/img/vt-menu.png /usr/local/lsws/admin/html.open/res/js /usr/local/lsws/admin/html.open/res/js/app.config.min.js /usr/local/lsws/admin/html.open/res/js/bootstrap /usr/local/lsws/admin/html.open/res/js/bootstrap/bootstrap.min.js /usr/local/lsws/admin/html.open/res/js/jcryption /usr/local/lsws/admin/html.open/res/js/jcryption/jquery.jcryption.min.js /usr/local/lsws/admin/html.open/res/js/libs /usr/local/lsws/admin/html.open/res/js/libs/jquery-2.2.4.min.js /usr/local/lsws/admin/html.open/res/js/libs/jquery-ui-1.12.1.min.js /usr/local/lsws/admin/html.open/res/js/lst-app.min.js /usr/local/lsws/admin/html.open/res/js/notification /usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.js /usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.min.js /usr/local/lsws/admin/html.open/res/js/plugin /usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive /usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive/datatables.responsive.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.bootstrap.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colReorder.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colVis.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.tableTools.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/jquery.dataTables.min.js /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls.swf /usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls_pdf.swf /usr/local/lsws/admin/html.open/res/js/plugin/flot /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.cust.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.fillbetween.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.orderBar.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.pie.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.resize.min.js /usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.tooltip.min.js /usr/local/lsws/admin/html.open/res/js/plugin/msie-fix /usr/local/lsws/admin/html.open/res/js/plugin/msie-fix/jquery.mb.browser.min.js /usr/local/lsws/admin/html.open/res/lang /usr/local/lsws/admin/html.open/res/lang/en-US_msg.php /usr/local/lsws/admin/html.open/res/lang/en-US_tips.php /usr/local/lsws/admin/html.open/res/lang/ja-JP_msg.php /usr/local/lsws/admin/html.open/res/lang/ja-JP_tips.php /usr/local/lsws/admin/html.open/res/lang/util_sortlang.php /usr/local/lsws/admin/html.open/res/lang/zh-CN_msg.php /usr/local/lsws/admin/html.open/res/lang/zh-CN_tips.php /usr/local/lsws/admin/html.open/view /usr/local/lsws/admin/html.open/view/UIBase.php /usr/local/lsws/admin/html.open/view/UIProperty.php /usr/local/lsws/admin/html.open/view/ajax_data.php /usr/local/lsws/admin/html.open/view/compilePHP.php /usr/local/lsws/admin/html.open/view/confMgr.php /usr/local/lsws/admin/html.open/view/dashboard.php /usr/local/lsws/admin/html.open/view/inc /usr/local/lsws/admin/html.open/view/inc/auth.php /usr/local/lsws/admin/html.open/view/inc/configui.php /usr/local/lsws/admin/html.open/view/inc/global.php /usr/local/lsws/admin/html.open/view/inc/header.php /usr/local/lsws/admin/html.open/view/inc/nav.php /usr/local/lsws/admin/html.open/view/inc/scripts.php /usr/local/lsws/admin/html.open/view/logviewer.php /usr/local/lsws/admin/html.open/view/realtimestats.php /usr/local/lsws/admin/html.open/view/serviceMgr.php /usr/local/lsws/admin/logs /usr/local/lsws/admin/misc /usr/local/lsws/admin/misc/admpass.sh /usr/local/lsws/admin/misc/build_admin_php.sh /usr/local/lsws/admin/misc/convertxml.php /usr/local/lsws/admin/misc/convertxml.sh /usr/local/lsws/admin/misc/create_admin_keypair.sh /usr/local/lsws/admin/misc/enable_phpa.sh /usr/local/lsws/admin/misc/gdb-bt /usr/local/lsws/admin/misc/genjCryptionKeyPair.php /usr/local/lsws/admin/misc/gzipStatic.sh /usr/local/lsws/admin/misc/htpasswd.php /usr/local/lsws/admin/misc/lscmctl /usr/local/lsws/admin/misc/lshttpd.service /usr/local/lsws/admin/misc/lsup.sh /usr/local/lsws/admin/misc/lsws.rc /usr/local/lsws/admin/misc/lsws.rc.gentoo /usr/local/lsws/admin/misc/php.ini /usr/local/lsws/admin/misc/rc-inst.sh /usr/local/lsws/admin/misc/rc-uninst.sh /usr/local/lsws/admin/misc/testbeta.sh /usr/local/lsws/admin/misc/uninstall.sh /usr/local/lsws/admin/tmp /usr/local/lsws/adminpasswd /usr/local/lsws/autoupdate /usr/local/lsws/backup /usr/local/lsws/bin /usr/local/lsws/bin/litespeed /usr/local/lsws/bin/lshttpd /usr/local/lsws/bin/lsws_env /usr/local/lsws/bin/lswsctrl /usr/local/lsws/bin/lswsctrl.open /usr/local/lsws/bin/openlitespeed /usr/local/lsws/bin/openlitespeed.asan /usr/local/lsws/bin/openlitespeed.dbg /usr/local/lsws/bin/openlitespeed.prof /usr/local/lsws/cachedata /usr/local/lsws/cgid /usr/local/lsws/conf /usr/local/lsws/conf/cert /usr/local/lsws/conf/httpd_config.conf /usr/local/lsws/conf/mime.properties /usr/local/lsws/conf/templates /usr/local/lsws/conf/templates/ccl.conf /usr/local/lsws/conf/templates/rails.conf /usr/local/lsws/conf/vhosts /usr/local/lsws/conf/vhosts/Example /usr/local/lsws/conf/vhosts/Example/htgroup /usr/local/lsws/conf/vhosts/Example/htpasswd /usr/local/lsws/conf/vhosts/Example/vhconf.conf /usr/local/lsws/docs /usr/local/lsws/docs/AdminGeneral_Help.html /usr/local/lsws/docs/AdminListeners_General_Help.html /usr/local/lsws/docs/AdminListeners_SSL_Help.html /usr/local/lsws/docs/AdminSecurity_Help.html /usr/local/lsws/docs/App_Server_Context.html /usr/local/lsws/docs/App_Server_Help.html /usr/local/lsws/docs/CGI_Context.html /usr/local/lsws/docs/CompilePHP_Help.html /usr/local/lsws/docs/Context_Help.html /usr/local/lsws/docs/ExtApp_Help.html /usr/local/lsws/docs/External_FCGI.html /usr/local/lsws/docs/External_FCGI_Auth.html /usr/local/lsws/docs/External_LB.html /usr/local/lsws/docs/External_LSAPI.html /usr/local/lsws/docs/External_PL.html /usr/local/lsws/docs/External_Servlet.html /usr/local/lsws/docs/External_WS.html /usr/local/lsws/docs/FCGI_Context.html /usr/local/lsws/docs/Java_Web_App_Context.html /usr/local/lsws/docs/LB_Context.html /usr/local/lsws/docs/LSAPI_Context.html /usr/local/lsws/docs/Listeners_General_Help.html /usr/local/lsws/docs/Listeners_SSL_Help.html /usr/local/lsws/docs/Module_Context.html /usr/local/lsws/docs/Module_Help.html /usr/local/lsws/docs/Proxy_Context.html /usr/local/lsws/docs/Redirect_Context.html /usr/local/lsws/docs/Rewrite_Help.html /usr/local/lsws/docs/ScriptHandler_Help.html /usr/local/lsws/docs/ServGeneral_Help.html /usr/local/lsws/docs/ServLog_Help.html /usr/local/lsws/docs/ServSecurity_Help.html /usr/local/lsws/docs/ServTuning_Help.html /usr/local/lsws/docs/ServerStat_Help.html /usr/local/lsws/docs/Servlet_Context.html /usr/local/lsws/docs/Static_Context.html /usr/local/lsws/docs/Templates_Help.html /usr/local/lsws/docs/VHGeneral_Help.html /usr/local/lsws/docs/VHSSL_Help.html /usr/local/lsws/docs/VHSecurity_Help.html /usr/local/lsws/docs/VHWebSocket_Help.html /usr/local/lsws/docs/VirtualHosts_Help.html /usr/local/lsws/docs/admin.html /usr/local/lsws/docs/config.html /usr/local/lsws/docs/css /usr/local/lsws/docs/css/hdoc.css /usr/local/lsws/docs/img /usr/local/lsws/docs/img/attention.svg /usr/local/lsws/docs/img/info.svg /usr/local/lsws/docs/img/lightning-bolt.svg /usr/local/lsws/docs/img/lsws_logo.svg /usr/local/lsws/docs/img/ols_logo.svg /usr/local/lsws/docs/img/shield.svg /usr/local/lsws/docs/img/web-adc_logo.svg /usr/local/lsws/docs/index.html /usr/local/lsws/docs/install.html /usr/local/lsws/docs/intro.html /usr/local/lsws/docs/ja-JP /usr/local/lsws/docs/ja-JP/AdminGeneral_Help.html /usr/local/lsws/docs/ja-JP/AdminListeners_General_Help.html /usr/local/lsws/docs/ja-JP/AdminListeners_SSL_Help.html /usr/local/lsws/docs/ja-JP/AdminSecurity_Help.html /usr/local/lsws/docs/ja-JP/App_Server_Context.html /usr/local/lsws/docs/ja-JP/App_Server_Help.html /usr/local/lsws/docs/ja-JP/CGI_Context.html /usr/local/lsws/docs/ja-JP/CompilePHP_Help.html /usr/local/lsws/docs/ja-JP/Context_Help.html /usr/local/lsws/docs/ja-JP/ExtApp_Help.html /usr/local/lsws/docs/ja-JP/External_FCGI.html /usr/local/lsws/docs/ja-JP/External_FCGI_Auth.html /usr/local/lsws/docs/ja-JP/External_LB.html /usr/local/lsws/docs/ja-JP/External_LSAPI.html /usr/local/lsws/docs/ja-JP/External_PL.html /usr/local/lsws/docs/ja-JP/External_Servlet.html /usr/local/lsws/docs/ja-JP/External_WS.html /usr/local/lsws/docs/ja-JP/FCGI_Context.html /usr/local/lsws/docs/ja-JP/Java_Web_App_Context.html /usr/local/lsws/docs/ja-JP/LB_Context.html /usr/local/lsws/docs/ja-JP/LSAPI_Context.html /usr/local/lsws/docs/ja-JP/Listeners_General_Help.html /usr/local/lsws/docs/ja-JP/Listeners_SSL_Help.html /usr/local/lsws/docs/ja-JP/Module_Context.html /usr/local/lsws/docs/ja-JP/Module_Help.html /usr/local/lsws/docs/ja-JP/Proxy_Context.html /usr/local/lsws/docs/ja-JP/Redirect_Context.html /usr/local/lsws/docs/ja-JP/Rewrite_Help.html /usr/local/lsws/docs/ja-JP/ScriptHandler_Help.html /usr/local/lsws/docs/ja-JP/ServGeneral_Help.html /usr/local/lsws/docs/ja-JP/ServLog_Help.html /usr/local/lsws/docs/ja-JP/ServSecurity_Help.html /usr/local/lsws/docs/ja-JP/ServTuning_Help.html /usr/local/lsws/docs/ja-JP/ServerStat_Help.html /usr/local/lsws/docs/ja-JP/Servlet_Context.html /usr/local/lsws/docs/ja-JP/Static_Context.html /usr/local/lsws/docs/ja-JP/Templates_Help.html /usr/local/lsws/docs/ja-JP/VHGeneral_Help.html /usr/local/lsws/docs/ja-JP/VHSSL_Help.html /usr/local/lsws/docs/ja-JP/VHSecurity_Help.html /usr/local/lsws/docs/ja-JP/VHWebSocket_Help.html /usr/local/lsws/docs/ja-JP/VirtualHosts_Help.html /usr/local/lsws/docs/ja-JP/admin.html /usr/local/lsws/docs/ja-JP/config.html /usr/local/lsws/docs/ja-JP/index.html /usr/local/lsws/docs/ja-JP/install.html /usr/local/lsws/docs/ja-JP/intro.html /usr/local/lsws/docs/ja-JP/license.html /usr/local/lsws/docs/ja-JP/security.html /usr/local/lsws/docs/ja-JP/webconsole.html /usr/local/lsws/docs/license.html /usr/local/lsws/docs/security.html /usr/local/lsws/docs/webconsole.html /usr/local/lsws/docs/zh-CN /usr/local/lsws/docs/zh-CN/AdminGeneral_Help.html /usr/local/lsws/docs/zh-CN/AdminListeners_General_Help.html /usr/local/lsws/docs/zh-CN/AdminListeners_SSL_Help.html /usr/local/lsws/docs/zh-CN/AdminSecurity_Help.html /usr/local/lsws/docs/zh-CN/App_Server_Context.html /usr/local/lsws/docs/zh-CN/App_Server_Help.html /usr/local/lsws/docs/zh-CN/CGI_Context.html /usr/local/lsws/docs/zh-CN/CompilePHP_Help.html /usr/local/lsws/docs/zh-CN/Context_Help.html /usr/local/lsws/docs/zh-CN/ExtApp_Help.html /usr/local/lsws/docs/zh-CN/External_FCGI.html /usr/local/lsws/docs/zh-CN/External_FCGI_Auth.html /usr/local/lsws/docs/zh-CN/External_LB.html /usr/local/lsws/docs/zh-CN/External_LSAPI.html /usr/local/lsws/docs/zh-CN/External_PL.html /usr/local/lsws/docs/zh-CN/External_Servlet.html /usr/local/lsws/docs/zh-CN/External_WS.html /usr/local/lsws/docs/zh-CN/FCGI_Context.html /usr/local/lsws/docs/zh-CN/Java_Web_App_Context.html /usr/local/lsws/docs/zh-CN/LB_Context.html /usr/local/lsws/docs/zh-CN/LSAPI_Context.html /usr/local/lsws/docs/zh-CN/Listeners_General_Help.html /usr/local/lsws/docs/zh-CN/Listeners_SSL_Help.html /usr/local/lsws/docs/zh-CN/Module_Context.html /usr/local/lsws/docs/zh-CN/Module_Help.html /usr/local/lsws/docs/zh-CN/Proxy_Context.html /usr/local/lsws/docs/zh-CN/Redirect_Context.html /usr/local/lsws/docs/zh-CN/Rewrite_Help.html /usr/local/lsws/docs/zh-CN/ScriptHandler_Help.html /usr/local/lsws/docs/zh-CN/ServGeneral_Help.html /usr/local/lsws/docs/zh-CN/ServLog_Help.html /usr/local/lsws/docs/zh-CN/ServSecurity_Help.html /usr/local/lsws/docs/zh-CN/ServTuning_Help.html /usr/local/lsws/docs/zh-CN/ServerStat_Help.html /usr/local/lsws/docs/zh-CN/Servlet_Context.html /usr/local/lsws/docs/zh-CN/Static_Context.html /usr/local/lsws/docs/zh-CN/Templates_Help.html /usr/local/lsws/docs/zh-CN/VHGeneral_Help.html /usr/local/lsws/docs/zh-CN/VHSSL_Help.html /usr/local/lsws/docs/zh-CN/VHSecurity_Help.html /usr/local/lsws/docs/zh-CN/VHWebSocket_Help.html /usr/local/lsws/docs/zh-CN/VirtualHosts_Help.html /usr/local/lsws/docs/zh-CN/admin.html /usr/local/lsws/docs/zh-CN/config.html /usr/local/lsws/docs/zh-CN/index.html /usr/local/lsws/docs/zh-CN/install.html /usr/local/lsws/docs/zh-CN/intro.html /usr/local/lsws/docs/zh-CN/license.html /usr/local/lsws/docs/zh-CN/security.html /usr/local/lsws/docs/zh-CN/webconsole.html /usr/local/lsws/fcgi-bin /usr/local/lsws/fcgi-bin/RackRunner.rb /usr/local/lsws/fcgi-bin/lsnode.js /usr/local/lsws/fcgi-bin/lsperld.fpl /usr/local/lsws/fcgi-bin/lsphp /usr/local/lsws/fcgi-bin/lsphp5 /usr/local/lsws/gdata /usr/local/lsws/lib /usr/local/lsws/logs /usr/local/lsws/lsrecaptcha /usr/local/lsws/lsrecaptcha/_recaptcha /usr/local/lsws/lsrecaptcha/_recaptcha.shtml /usr/local/lsws/modules /usr/local/lsws/modules/mod_js.so /usr/local/lsws/modules/mod_security.so /usr/local/lsws/modules/modinspector.so /usr/local/lsws/modules/modpagespeed.so /usr/local/lsws/modules/modreqparser.so /usr/local/lsws/modules/uploadprogress.so /usr/local/lsws/php /usr/local/lsws/phpbuild /usr/local/lsws/share /usr/local/lsws/share/autoindex /usr/local/lsws/share/autoindex/bwlimit.html /usr/local/lsws/share/autoindex/default.php /usr/local/lsws/share/autoindex/icons /usr/local/lsws/share/autoindex/icons/binary.png /usr/local/lsws/share/autoindex/icons/blank.png /usr/local/lsws/share/autoindex/icons/compress.png /usr/local/lsws/share/autoindex/icons/folder.png /usr/local/lsws/share/autoindex/icons/html.png /usr/local/lsws/share/autoindex/icons/image.png /usr/local/lsws/share/autoindex/icons/movie.png /usr/local/lsws/share/autoindex/icons/sound.png /usr/local/lsws/share/autoindex/icons/text.png /usr/local/lsws/share/autoindex/icons/unknown.png /usr/local/lsws/share/autoindex/icons/up.png /usr/local/lsws/tmp /usr/local/lsws/tmp/ocspcache [root@lsws ~]#
服务控制命令
[root@lsws ~]# /usr/local/lsws/bin/lswsctrl Usage: /usr/local/lsws/bin/lswsctrl {start|stop|restart|reload|condrestrt|try-restart|status|help} start - start web server stop - stop web server restart - gracefully restart web server with zero down time reload - same as restart condrestart - gracefully restart web server if server is running try-restart - same as condrestart status - show service status help - this screen [root@lsws ~]#
查看端口监听
[root@lsws ~]# netstat -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN [root@lsws ~]#
使用Web控制台
默认首页
默认Web管理控制台
……
Generic Routing Encapsulation 通用路由封装协议
主机列表
18.163.50.194/172.31.44.248 18.162.60.60/172.31.37.49
查找系统可用的内核模块
[centos@ip-172-31-44-248 ~]$ ls -alRUv /lib/modules/$(uname -r)/kernel |grep ip_gre -rw-r--r--. 1 root root 9396 Nov 29 2018 ip_gre.ko.xz [centos@ip-172-31-44-248 ~]$
加载ip_gre模块
[root@ip-172-31-44-248 ~]# modprobe ip_gre [root@ip-172-31-44-248 ~]# [root@ip-172-31-37-49 ~]# modprobe ip_gre [root@ip-172-31-37-49 ~]#
新增tun0网卡配置
本端隧道地址192.168.192.1 对端隧道地址192.168.192.2 [root@ip-172-31-44-248 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0 DEVICE=tun0 BOOTPROTO=none ONBOOT=yes DEVICETYPE=tunnel TYPE=GRE PEER_INNER_IPADDR=192.168.192.2 PEER_OUTER_IPADDR=18.162.60.60 MY_INNER_IPADDR=192.168.192.1
启用tun0网卡
[root@ip-172-31-44-248 ~]# ifup tun0
查看接口信息
[root@ip-172-31-44-248 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 0e:84:f5:b0:db:f6 brd ff:ff:ff:ff:ff:ff inet 172.31.44.248/20 brd 172.31.47.255 scope global dynamic ens5 valid_lft 2667sec preferred_lft 2667sec inet6 fe80::c84:f5ff:feb0:dbf6/64 scope link valid_lft forever preferred_lft forever 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 0.0.0.0 peer 18.162.60.60 inet 192.168.192.1 peer 192.168.192.2/32 scope global tun0 valid_lft forever preferred_lft forever [root@ip-172-31-44-248 ~]#
新增tun0网卡配置
本端隧道地址192.168.192.2 对端隧道地址192.168.192.1 [root@ip-172-31-37-49 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0 DEVICE=tun0 BOOTPROTO=none ONBOOT=yes DEVICETYPE=tunnel TYPE=GRE PEER_INNER_IPADDR=192.168.192.1 PEER_OUTER_IPADDR=18.163.50.194 MY_INNER_IPADDR=192.168.192.2
启用tun0网卡
[root@ip-172-31-37-49 ~]# ifup tun0
查看接口信息
[root@ip-172-31-37-49 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 0e:4a:2b:48:b8:aa brd ff:ff:ff:ff:ff:ff inet 172.31.37.49/20 brd 172.31.47.255 scope global dynamic ens5 valid_lft 2692sec preferred_lft 2692sec inet6 fe80::c4a:2bff:fe48:b8aa/64 scope link valid_lft forever preferred_lft forever 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 0.0.0.0 peer 18.163.50.194 inet 192.168.192.2 peer 192.168.192.1/32 scope global tun0 valid_lft forever preferred_lft forever [root@ip-172-31-37-49 ~]#
分别使用对端IP地址进行ping测试
[root@ip-172-31-37-49 ~]# ping -c 4 192.168.192.1 PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data. 64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=0.283 ms 64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=0.237 ms 64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=0.268 ms --- 192.168.192.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.237/0.271/0.297/0.025 ms [root@ip-172-31-37-49 ~]# [root@ip-172-31-44-248 ~]# ping -c 4 192.168.192.2 PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data. 64 bytes from 192.168.192.2: icmp_seq=1 ttl=64 time=0.249 ms 64 bytes from 192.168.192.2: icmp_seq=2 ttl=64 time=0.279 ms 64 bytes from 192.168.192.2: icmp_seq=3 ttl=64 time=0.196 ms 64 bytes from 192.168.192.2: icmp_seq=4 ttl=64 time=0.214 ms --- 192.168.192.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.196/0.234/0.279/0.035 ms [root@ip-172-31-44-248 ~]#
安装向导欢迎页面
选择要安装的组件
同意最终用户许可协议
重要声明
选择安装目录
准备安装
安装进行中
完成安装并启动服务器管理器
选择要连接的服务器并点击连接
首次连接设置管理员密码
提示管理员密码设置成功
关闭弹出的简单设置窗口
选择是否设置开启IPsec功能
在管理器主界面进入VPN Gate设置
选择启用VPN Gate中继服务并加入研究志愿者队伍
VPN Gate服务设置选项界面
请勿在禁止使用VPN通信技术的国家使用VPN Gate服务
在管理器主界面进入动态域名设置
查看或修改该服务器的动态域名
在管理器主界面查看当前的动态域名解析主机名
查看当前已连接客户端会话信息
主机列表
ansible 167.179.84.153 }Z5c,jM-?bQec#z- server1 149.28.24.11 A7f{v#PAB8$!-K8q server2 45.76.216.130 7]Mf%YKRFP[9H!*K server3 108.160.137.54 _Rr3%[2rg,JJQpwQ
在ansible主机上配置hosts文件
[root@ansible ~]# vi /etc/hosts 149.28.24.11 server1 45.76.216.130 server2 108.160.137.54 server3
确认主机名及IP对应关系
[root@ansible ~]# ping -c 1 server1 PING server1 (149.28.24.11) 56(84) bytes of data. 64 bytes from server1 (149.28.24.11): icmp_seq=1 ttl=61 time=0.360 ms --- server1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms [root@ansible ~]# ping -c 1 server2 PING server2 (45.76.216.130) 56(84) bytes of data. 64 bytes from server2 (45.76.216.130): icmp_seq=1 ttl=57 time=0.933 ms --- server2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.933/0.933/0.933/0.000 ms [root@ansible ~]# ping -c 1 server3 PING server3 (108.160.137.54) 56(84) bytes of data. 64 bytes from server3 (108.160.137.54): icmp_seq=1 ttl=57 time=0.982 ms --- server3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.982/0.982/0.982/0.000 ms [root@ansible ~]#
解决首次登录远程系统的严格主机密钥检查交互(保存远程主机公钥)
[root@ansible ~]# ssh root@server1 The authenticity of host 'server1 (149.28.24.11)' can't be established. ECDSA key fingerprint is SHA256:NUM9LGuAESXFeEyluk7GqoY3vC7rmLvzyf4Fr5p0tWs. ECDSA key fingerprint is MD5:36:02:b3:0c:d0:33:db:a5:a5:68:21:4f:ce:87:01:aa. Are you sure you want to continue connecting (yes/no)? ^C [root@ansible ~]# [root@ansible ~]# ls .ssh/ [root@ansible ~]#
修改本机ssh客户端配置文件
[root@ansible ~]# vi /etc/ssh/ssh_config # StrictHostKeyChecking ask StrictHostKeyChecking no
查看ansible版本信息
[root@ansible ~]# ansible --version ansible 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] [root@ansible ~]#
编辑ansible主机配置文件(注意server1密码的转义字符)
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root ansible_password=A7f{v\#PAB8$!-K8q server2 ansible_user=root ansible_password=7]Mf%YKRFP[9H!*K server3 ansible_user=root ansible_password=_Rr3%[2rg,JJQpwQ
连接测试
[root@ansible ~]# ansible servers -m ping server2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@ansible ~]#
本地已保存的远程主机公钥信息
[root@ansible ~]# ls .ssh/ known_hosts [root@ansible ~]# cat .ssh/known_hosts server1,149.28.24.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCv/uWIj+5gWiri6BdEYw+QQYuE3wIfdW0FhgdCIY92UXf1P9rhRI9q5FQMQ1sJuKfzSihEsU2uwnQ8P45zE3Yc= server2,45.76.216.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+LjHvPrUcao6A5zNJwPgjRUOQAtxPCzMoEUOl21jMKiTPpDe87feCz2S/k6bo0Paf3G9lKdJg5B+r9dCZMBOU= server3,108.160.137.54 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+8jA1/3alAX2YtrLVUfJGvyCeCcpsJFG7WGwTgB5y4i0pBxPum0AYSw/G5ehaM8KPLCjEbCwUYS+XW83XYY10= [root@ansible ~]#
创建密钥对
[root@ansible ~]# ssh-keygen -b 4096 -t rsa -C "harvey.mei@linuxcache.com" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):/root/.ssh/id_rsa_ansible Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa_ansible. Your public key has been saved in id_rsa_ansible.pub. The key fingerprint is: SHA256:Cv6UZ+/72ZTeeeuYP5ePrKmr7YhcZG6DVwwzXqXmLuU harvey.mei@linuxcache.com The key's randomart image is: +---[RSA 4096]----+ | . | | o | | + + | | . O | | . S = | | . . B = . | | . = X E o .| | + B * Bo=+| | + o+O==+B=O| +----[SHA256]-----+ [root@ansible ~]#
查看公钥信息
[root@ansible ~]# cat .ssh/id_rsa_ansible.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
将公钥信息复制给一个变量
[root@ansible ~]# pubkey=`cat .ssh/id_rsa_ansible.pub` [root@ansible ~]# echo $pubkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
使用Ansible的shell模块,对目的主机组执行公钥的导入操作
[root@ansible ~]# ansible servers -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh; echo -e ${pubkey} >> .ssh/authorized_keys" server1 | CHANGED | rc=0 >> server3 | CHANGED | rc=0 >> server2 | CHANGED | rc=0 >> [root@ansible ~]#
通过Ansible远程执行查看目的主机已导入的公钥信息
[root@ansible ~]# ansible servers -m shell -a "cat .ssh/authorized_keys" server3 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com server1 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com server2 | CHANGED | rc=0 >> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com [root@ansible ~]#
修改Ansible主机配置文件以启用私钥登录验证
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible server2 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible server3 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
测试成功
[root@ansible ~]# ansible servers -m ping server3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@ansible ~]#
在执行ansible命令时指定私钥参数
[root@ansible ~]# vi /etc/ansible/hosts [servers] server1 ansible_user=root server2 ansible_user=root server3 ansible_user=root
测试成功
[root@ansible ~]# ansible servers --private-key=.ssh/id_rsa_ansible -m command -a hostname server1 | CHANGED | rc=0 >> server1 server2 | CHANGED | rc=0 >> server2 server3 | CHANGED | rc=0 >> server3 [root@ansible ~]#
禁用防火墙
[root@radius ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. [root@radius ~]# systemctl stop firewalld [root@radius ~]#
安装AMP环境
[root@radius ~]# yum install php php-pdo php-mysql php-gd php-pear httpd mariadb-server mariadb
创建数据库
MariaDB [(none)]> create database radius; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on radius.* to radius@localhost; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> set password for radius@localhost=password('radiuspassword'); Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)
设置系统及PHP时区
[root@radius ~]# cp /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime cp: overwrite ‘/etc/localtime’? y [root@radius ~]# [root@radius ~]# vi /etc/php.ini ;date.timezone = date.timezone = Asia/Hong_Kong
安装Free RADIUS及相关组件软件包
[root@radius html]# yum install freeradius freeradius-utils freeradius-mysql
查看FreeRADIUS安装包路径
[root@radius html]# rpm -lq freeradius /etc/logrotate.d/radiusd /etc/pam.d/radiusd /etc/raddb /etc/raddb/README.rst /etc/raddb/certs /etc/raddb/certs/Makefile /etc/raddb/certs/README /etc/raddb/certs/bootstrap /etc/raddb/certs/ca.cnf /etc/raddb/certs/client.cnf /etc/raddb/certs/passwords.mk /etc/raddb/certs/server.cnf /etc/raddb/certs/xpextensions /etc/raddb/clients.conf /etc/raddb/dictionary /etc/raddb/hints /etc/raddb/huntgroups /etc/raddb/mods-available /etc/raddb/mods-available/README.rst /etc/raddb/mods-available/always /etc/raddb/mods-available/attr_filter /etc/raddb/mods-available/cache /etc/raddb/mods-available/cache_eap /etc/raddb/mods-available/chap /etc/raddb/mods-available/counter /etc/raddb/mods-available/cui /etc/raddb/mods-available/date /etc/raddb/mods-available/detail /etc/raddb/mods-available/detail.example.com /etc/raddb/mods-available/detail.log /etc/raddb/mods-available/dhcp /etc/raddb/mods-available/dhcp_sqlippool /etc/raddb/mods-available/digest /etc/raddb/mods-available/dynamic_clients /etc/raddb/mods-available/eap /etc/raddb/mods-available/echo /etc/raddb/mods-available/etc_group /etc/raddb/mods-available/exec /etc/raddb/mods-available/expiration /etc/raddb/mods-available/expr /etc/raddb/mods-available/files /etc/raddb/mods-available/idn /etc/raddb/mods-available/inner-eap /etc/raddb/mods-available/ippool /etc/raddb/mods-available/linelog /etc/raddb/mods-available/logintime /etc/raddb/mods-available/mac2ip /etc/raddb/mods-available/mac2vlan /etc/raddb/mods-available/mschap /etc/raddb/mods-available/ntlm_auth /etc/raddb/mods-available/opendirectory /etc/raddb/mods-available/otp /etc/raddb/mods-available/pam /etc/raddb/mods-available/pap /etc/raddb/mods-available/passwd /etc/raddb/mods-available/preprocess /etc/raddb/mods-available/python /etc/raddb/mods-available/radutmp /etc/raddb/mods-available/realm /etc/raddb/mods-available/redis /etc/raddb/mods-available/rediswho /etc/raddb/mods-available/replicate /etc/raddb/mods-available/rest /etc/raddb/mods-available/smbpasswd /etc/raddb/mods-available/smsotp /etc/raddb/mods-available/soh /etc/raddb/mods-available/sometimes /etc/raddb/mods-available/sql /etc/raddb/mods-available/sqlcounter /etc/raddb/mods-available/sqlippool /etc/raddb/mods-available/sradutmp /etc/raddb/mods-available/unix /etc/raddb/mods-available/unpack /etc/raddb/mods-available/utf8 /etc/raddb/mods-available/wimax /etc/raddb/mods-available/yubikey /etc/raddb/mods-config /etc/raddb/mods-config/README.rst /etc/raddb/mods-config/attr_filter /etc/raddb/mods-config/attr_filter/access_challenge /etc/raddb/mods-config/attr_filter/access_reject /etc/raddb/mods-config/attr_filter/accounting_response /etc/raddb/mods-config/attr_filter/post-proxy /etc/raddb/mods-config/attr_filter/pre-proxy /etc/raddb/mods-config/files /etc/raddb/mods-config/files/accounting /etc/raddb/mods-config/files/authorize /etc/raddb/mods-config/files/pre-proxy /etc/raddb/mods-config/preprocess /etc/raddb/mods-config/preprocess/hints /etc/raddb/mods-config/preprocess/huntgroups /etc/raddb/mods-config/sql /etc/raddb/mods-config/sql/counter /etc/raddb/mods-config/sql/cui /etc/raddb/mods-config/sql/ippool /etc/raddb/mods-config/sql/ippool-dhcp /etc/raddb/mods-config/sql/main /etc/raddb/mods-enabled /etc/raddb/mods-enabled/always /etc/raddb/mods-enabled/attr_filter /etc/raddb/mods-enabled/cache_eap /etc/raddb/mods-enabled/chap /etc/raddb/mods-enabled/date /etc/raddb/mods-enabled/detail /etc/raddb/mods-enabled/detail.log /etc/raddb/mods-enabled/dhcp /etc/raddb/mods-enabled/digest /etc/raddb/mods-enabled/dynamic_clients /etc/raddb/mods-enabled/eap /etc/raddb/mods-enabled/echo /etc/raddb/mods-enabled/exec /etc/raddb/mods-enabled/expiration /etc/raddb/mods-enabled/expr /etc/raddb/mods-enabled/files /etc/raddb/mods-enabled/linelog /etc/raddb/mods-enabled/logintime /etc/raddb/mods-enabled/mschap /etc/raddb/mods-enabled/ntlm_auth /etc/raddb/mods-enabled/pap /etc/raddb/mods-enabled/passwd /etc/raddb/mods-enabled/preprocess /etc/raddb/mods-enabled/radutmp /etc/raddb/mods-enabled/realm /etc/raddb/mods-enabled/replicate /etc/raddb/mods-enabled/soh /etc/raddb/mods-enabled/sradutmp /etc/raddb/mods-enabled/unix /etc/raddb/mods-enabled/unpack /etc/raddb/mods-enabled/utf8 /etc/raddb/panic.gdb /etc/raddb/policy.d /etc/raddb/policy.d/accounting /etc/raddb/policy.d/canonicalization /etc/raddb/policy.d/control /etc/raddb/policy.d/cui /etc/raddb/policy.d/debug /etc/raddb/policy.d/dhcp /etc/raddb/policy.d/eap /etc/raddb/policy.d/filter /etc/raddb/policy.d/operator-name /etc/raddb/proxy.conf /etc/raddb/radiusd.conf /etc/raddb/sites-available /etc/raddb/sites-available/README /etc/raddb/sites-available/buffered-sql /etc/raddb/sites-available/challenge /etc/raddb/sites-available/channel_bindings /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-available/coa /etc/raddb/sites-available/control-socket /etc/raddb/sites-available/copy-acct-to-home-server /etc/raddb/sites-available/decoupled-accounting /etc/raddb/sites-available/default /etc/raddb/sites-available/dhcp /etc/raddb/sites-available/dhcp.relay /etc/raddb/sites-available/dynamic-clients /etc/raddb/sites-available/example /etc/raddb/sites-available/inner-tunnel /etc/raddb/sites-available/originate-coa /etc/raddb/sites-available/proxy-inner-tunnel /etc/raddb/sites-available/robust-proxy-accounting /etc/raddb/sites-available/soh /etc/raddb/sites-available/status /etc/raddb/sites-available/tls /etc/raddb/sites-available/virtual.example.com /etc/raddb/sites-available/vmps /etc/raddb/sites-enabled /etc/raddb/sites-enabled/default /etc/raddb/sites-enabled/inner-tunnel /etc/raddb/templates.conf /etc/raddb/trigger.conf /etc/raddb/users /usr/lib/systemd/system/radiusd.service /usr/lib/tmpfiles.d/radiusd.conf /usr/lib64/freeradius /usr/lib64/freeradius/libfreeradius-dhcp.so /usr/lib64/freeradius/libfreeradius-eap.so /usr/lib64/freeradius/libfreeradius-radius.so /usr/lib64/freeradius/libfreeradius-server.so /usr/lib64/freeradius/proto_dhcp.so /usr/lib64/freeradius/proto_vmps.so /usr/lib64/freeradius/rlm_always.so /usr/lib64/freeradius/rlm_attr_filter.so /usr/lib64/freeradius/rlm_cache.so /usr/lib64/freeradius/rlm_cache_rbtree.so /usr/lib64/freeradius/rlm_chap.so /usr/lib64/freeradius/rlm_counter.so /usr/lib64/freeradius/rlm_cram.so /usr/lib64/freeradius/rlm_date.so /usr/lib64/freeradius/rlm_detail.so /usr/lib64/freeradius/rlm_dhcp.so /usr/lib64/freeradius/rlm_digest.so /usr/lib64/freeradius/rlm_dynamic_clients.so /usr/lib64/freeradius/rlm_eap.so /usr/lib64/freeradius/rlm_eap_fast.so /usr/lib64/freeradius/rlm_eap_gtc.so /usr/lib64/freeradius/rlm_eap_leap.so /usr/lib64/freeradius/rlm_eap_md5.so /usr/lib64/freeradius/rlm_eap_mschapv2.so /usr/lib64/freeradius/rlm_eap_peap.so /usr/lib64/freeradius/rlm_eap_pwd.so /usr/lib64/freeradius/rlm_eap_sim.so /usr/lib64/freeradius/rlm_eap_tls.so /usr/lib64/freeradius/rlm_eap_tnc.so /usr/lib64/freeradius/rlm_eap_ttls.so /usr/lib64/freeradius/rlm_exec.so /usr/lib64/freeradius/rlm_expiration.so /usr/lib64/freeradius/rlm_expr.so /usr/lib64/freeradius/rlm_files.so /usr/lib64/freeradius/rlm_ippool.so /usr/lib64/freeradius/rlm_linelog.so /usr/lib64/freeradius/rlm_logintime.so /usr/lib64/freeradius/rlm_mschap.so /usr/lib64/freeradius/rlm_otp.so /usr/lib64/freeradius/rlm_pam.so /usr/lib64/freeradius/rlm_pap.so /usr/lib64/freeradius/rlm_passwd.so /usr/lib64/freeradius/rlm_preprocess.so /usr/lib64/freeradius/rlm_radutmp.so /usr/lib64/freeradius/rlm_realm.so /usr/lib64/freeradius/rlm_replicate.so /usr/lib64/freeradius/rlm_soh.so /usr/lib64/freeradius/rlm_sometimes.so /usr/lib64/freeradius/rlm_sql.so /usr/lib64/freeradius/rlm_sql_null.so /usr/lib64/freeradius/rlm_sqlcounter.so /usr/lib64/freeradius/rlm_sqlippool.so /usr/lib64/freeradius/rlm_unix.so /usr/lib64/freeradius/rlm_unpack.so /usr/lib64/freeradius/rlm_utf8.so /usr/lib64/freeradius/rlm_wimax.so /usr/lib64/freeradius/rlm_yubikey.so /usr/sbin/checkrad /usr/sbin/raddebug /usr/sbin/radiusd /usr/sbin/radmin /usr/share/doc/freeradius-3.0.13/LICENSE.gpl /usr/share/doc/freeradius-3.0.13/LICENSE.lgpl /usr/share/doc/freeradius-3.0.13/LICENSE.openssl /usr/share/doc/freeradius-3.0.13/REDHAT /usr/share/freeradius /usr/share/freeradius/dictionary /usr/share/freeradius/dictionary.3com /usr/share/freeradius/dictionary.3gpp /usr/share/freeradius/dictionary.3gpp2 /usr/share/freeradius/dictionary.acc /usr/share/freeradius/dictionary.acme /usr/share/freeradius/dictionary.actelis /usr/share/freeradius/dictionary.adtran /usr/share/freeradius/dictionary.aerohive /usr/share/freeradius/dictionary.airespace /usr/share/freeradius/dictionary.alcatel /usr/share/freeradius/dictionary.alcatel-lucent.aaa /usr/share/freeradius/dictionary.alcatel.esam /usr/share/freeradius/dictionary.alcatel.sr /usr/share/freeradius/dictionary.alteon /usr/share/freeradius/dictionary.altiga /usr/share/freeradius/dictionary.alvarion /usr/share/freeradius/dictionary.alvarion.wimax.v2_2 /usr/share/freeradius/dictionary.apc /usr/share/freeradius/dictionary.aptilo /usr/share/freeradius/dictionary.aptis /usr/share/freeradius/dictionary.arbor /usr/share/freeradius/dictionary.arista /usr/share/freeradius/dictionary.aruba /usr/share/freeradius/dictionary.ascend /usr/share/freeradius/dictionary.ascend.illegal /usr/share/freeradius/dictionary.asn /usr/share/freeradius/dictionary.audiocodes /usr/share/freeradius/dictionary.avaya /usr/share/freeradius/dictionary.azaire /usr/share/freeradius/dictionary.bay /usr/share/freeradius/dictionary.bintec /usr/share/freeradius/dictionary.bluecoat /usr/share/freeradius/dictionary.boingo /usr/share/freeradius/dictionary.bristol /usr/share/freeradius/dictionary.broadsoft /usr/share/freeradius/dictionary.brocade /usr/share/freeradius/dictionary.bskyb /usr/share/freeradius/dictionary.bt /usr/share/freeradius/dictionary.cablelabs /usr/share/freeradius/dictionary.cabletron /usr/share/freeradius/dictionary.camiant /usr/share/freeradius/dictionary.checkpoint /usr/share/freeradius/dictionary.chillispot /usr/share/freeradius/dictionary.cisco /usr/share/freeradius/dictionary.cisco.asa /usr/share/freeradius/dictionary.cisco.bbsm /usr/share/freeradius/dictionary.cisco.vpn3000 /usr/share/freeradius/dictionary.cisco.vpn5000 /usr/share/freeradius/dictionary.citrix /usr/share/freeradius/dictionary.clavister /usr/share/freeradius/dictionary.cnergee /usr/share/freeradius/dictionary.colubris /usr/share/freeradius/dictionary.columbia_university /usr/share/freeradius/dictionary.compat /usr/share/freeradius/dictionary.compatible /usr/share/freeradius/dictionary.cosine /usr/share/freeradius/dictionary.dante /usr/share/freeradius/dictionary.dhcp /usr/share/freeradius/dictionary.digium /usr/share/freeradius/dictionary.dlink /usr/share/freeradius/dictionary.dragonwave /usr/share/freeradius/dictionary.efficientip /usr/share/freeradius/dictionary.eltex /usr/share/freeradius/dictionary.epygi /usr/share/freeradius/dictionary.equallogic /usr/share/freeradius/dictionary.ericsson /usr/share/freeradius/dictionary.ericsson.ab /usr/share/freeradius/dictionary.ericsson.packet.core.networks /usr/share/freeradius/dictionary.erx /usr/share/freeradius/dictionary.extreme /usr/share/freeradius/dictionary.f5 /usr/share/freeradius/dictionary.fdxtended /usr/share/freeradius/dictionary.fortinet /usr/share/freeradius/dictionary.foundry /usr/share/freeradius/dictionary.freedhcp /usr/share/freeradius/dictionary.freeradius /usr/share/freeradius/dictionary.freeradius.internal /usr/share/freeradius/dictionary.freeswitch /usr/share/freeradius/dictionary.gandalf /usr/share/freeradius/dictionary.garderos /usr/share/freeradius/dictionary.gemtek /usr/share/freeradius/dictionary.h3c /usr/share/freeradius/dictionary.hillstone /usr/share/freeradius/dictionary.hp /usr/share/freeradius/dictionary.huawei /usr/share/freeradius/dictionary.iana /usr/share/freeradius/dictionary.iea /usr/share/freeradius/dictionary.infoblox /usr/share/freeradius/dictionary.infonet /usr/share/freeradius/dictionary.ipunplugged /usr/share/freeradius/dictionary.issanni /usr/share/freeradius/dictionary.itk /usr/share/freeradius/dictionary.juniper /usr/share/freeradius/dictionary.karlnet /usr/share/freeradius/dictionary.kineto /usr/share/freeradius/dictionary.lancom /usr/share/freeradius/dictionary.lantronix /usr/share/freeradius/dictionary.livingston /usr/share/freeradius/dictionary.localweb /usr/share/freeradius/dictionary.lucent /usr/share/freeradius/dictionary.manzara /usr/share/freeradius/dictionary.meinberg /usr/share/freeradius/dictionary.meraki /usr/share/freeradius/dictionary.merit /usr/share/freeradius/dictionary.meru /usr/share/freeradius/dictionary.microsemi /usr/share/freeradius/dictionary.microsoft /usr/share/freeradius/dictionary.mikrotik /usr/share/freeradius/dictionary.motorola /usr/share/freeradius/dictionary.motorola.illegal /usr/share/freeradius/dictionary.motorola.wimax /usr/share/freeradius/dictionary.navini /usr/share/freeradius/dictionary.netscreen /usr/share/freeradius/dictionary.networkphysics /usr/share/freeradius/dictionary.nexans /usr/share/freeradius/dictionary.nokia /usr/share/freeradius/dictionary.nokia.conflict /usr/share/freeradius/dictionary.nomadix /usr/share/freeradius/dictionary.nortel /usr/share/freeradius/dictionary.ntua /usr/share/freeradius/dictionary.openser /usr/share/freeradius/dictionary.packeteer /usr/share/freeradius/dictionary.paloalto /usr/share/freeradius/dictionary.patton /usr/share/freeradius/dictionary.perle /usr/share/freeradius/dictionary.propel /usr/share/freeradius/dictionary.prosoft /usr/share/freeradius/dictionary.proxim /usr/share/freeradius/dictionary.purewave /usr/share/freeradius/dictionary.quiconnect /usr/share/freeradius/dictionary.quintum /usr/share/freeradius/dictionary.redcreek /usr/share/freeradius/dictionary.rfc2865 /usr/share/freeradius/dictionary.rfc2866 /usr/share/freeradius/dictionary.rfc2867 /usr/share/freeradius/dictionary.rfc2868 /usr/share/freeradius/dictionary.rfc2869 /usr/share/freeradius/dictionary.rfc3162 /usr/share/freeradius/dictionary.rfc3576 /usr/share/freeradius/dictionary.rfc3580 /usr/share/freeradius/dictionary.rfc4072 /usr/share/freeradius/dictionary.rfc4372 /usr/share/freeradius/dictionary.rfc4603 /usr/share/freeradius/dictionary.rfc4675 /usr/share/freeradius/dictionary.rfc4679 /usr/share/freeradius/dictionary.rfc4818 /usr/share/freeradius/dictionary.rfc4849 /usr/share/freeradius/dictionary.rfc5090 /usr/share/freeradius/dictionary.rfc5176 /usr/share/freeradius/dictionary.rfc5447 /usr/share/freeradius/dictionary.rfc5580 /usr/share/freeradius/dictionary.rfc5607 /usr/share/freeradius/dictionary.rfc5904 /usr/share/freeradius/dictionary.rfc6519 /usr/share/freeradius/dictionary.rfc6572 /usr/share/freeradius/dictionary.rfc6677 /usr/share/freeradius/dictionary.rfc6911 /usr/share/freeradius/dictionary.rfc6929 /usr/share/freeradius/dictionary.rfc6930 /usr/share/freeradius/dictionary.rfc7055 /usr/share/freeradius/dictionary.rfc7155 /usr/share/freeradius/dictionary.rfc7268 /usr/share/freeradius/dictionary.rfc7499 /usr/share/freeradius/dictionary.rfc7930 /usr/share/freeradius/dictionary.riverbed /usr/share/freeradius/dictionary.riverstone /usr/share/freeradius/dictionary.roaringpenguin /usr/share/freeradius/dictionary.ruckus /usr/share/freeradius/dictionary.ruggedcom /usr/share/freeradius/dictionary.sangoma /usr/share/freeradius/dictionary.sg /usr/share/freeradius/dictionary.shasta /usr/share/freeradius/dictionary.shiva /usr/share/freeradius/dictionary.siemens /usr/share/freeradius/dictionary.slipstream /usr/share/freeradius/dictionary.sofaware /usr/share/freeradius/dictionary.sonicwall /usr/share/freeradius/dictionary.springtide /usr/share/freeradius/dictionary.starent /usr/share/freeradius/dictionary.starent.vsa1 /usr/share/freeradius/dictionary.surfnet /usr/share/freeradius/dictionary.symbol /usr/share/freeradius/dictionary.t_systems_nova /usr/share/freeradius/dictionary.telebit /usr/share/freeradius/dictionary.telkom /usr/share/freeradius/dictionary.terena /usr/share/freeradius/dictionary.trapeze /usr/share/freeradius/dictionary.travelping /usr/share/freeradius/dictionary.tropos /usr/share/freeradius/dictionary.ukerna /usr/share/freeradius/dictionary.unix /usr/share/freeradius/dictionary.usr /usr/share/freeradius/dictionary.usr.illegal /usr/share/freeradius/dictionary.utstarcom /usr/share/freeradius/dictionary.valemount /usr/share/freeradius/dictionary.versanet /usr/share/freeradius/dictionary.vqp /usr/share/freeradius/dictionary.walabi /usr/share/freeradius/dictionary.waverider /usr/share/freeradius/dictionary.wichorus /usr/share/freeradius/dictionary.wifialliance /usr/share/freeradius/dictionary.wimax /usr/share/freeradius/dictionary.wimax.alvarion /usr/share/freeradius/dictionary.wimax.wichorus /usr/share/freeradius/dictionary.wispr /usr/share/freeradius/dictionary.xedia /usr/share/freeradius/dictionary.xylan /usr/share/freeradius/dictionary.yubico /usr/share/freeradius/dictionary.zeus /usr/share/freeradius/dictionary.zte /usr/share/freeradius/dictionary.zyxel /usr/share/man/man5/clients.conf.5.gz /usr/share/man/man5/dictionary.5.gz /usr/share/man/man5/radiusd.conf.5.gz /usr/share/man/man5/radrelay.conf.5.gz /usr/share/man/man5/rlm_always.5.gz /usr/share/man/man5/rlm_attr_filter.5.gz /usr/share/man/man5/rlm_chap.5.gz /usr/share/man/man5/rlm_counter.5.gz /usr/share/man/man5/rlm_detail.5.gz /usr/share/man/man5/rlm_digest.5.gz /usr/share/man/man5/rlm_expr.5.gz /usr/share/man/man5/rlm_files.5.gz /usr/share/man/man5/rlm_idn.5.gz /usr/share/man/man5/rlm_mschap.5.gz /usr/share/man/man5/rlm_pap.5.gz /usr/share/man/man5/rlm_passwd.5.gz /usr/share/man/man5/rlm_realm.5.gz /usr/share/man/man5/rlm_sql.5.gz /usr/share/man/man5/rlm_unix.5.gz /usr/share/man/man5/unlang.5.gz /usr/share/man/man5/users.5.gz /usr/share/man/man8/raddebug.8.gz /usr/share/man/man8/radiusd.8.gz /usr/share/man/man8/radmin.8.gz /usr/share/man/man8/radrelay.8.gz /usr/share/snmp/mibs/FREERADIUS-MGMT-MIB.mib /usr/share/snmp/mibs/FREERADIUS-NOTIFICATION-MIB.mib /usr/share/snmp/mibs/FREERADIUS-PRODUCT-RADIUSD-MIB.mib /usr/share/snmp/mibs/FREERADIUS-SMI.mib /usr/share/snmp/mibs/RADIUS-ACC-CLIENT-MIB.mib /usr/share/snmp/mibs/RADIUS-ACC-SERVER-MIB.mib /usr/share/snmp/mibs/RADIUS-AUTH-CLIENT-MIB.mib /usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.mib /usr/share/snmp/mibs/RADIUS-STAT-MIB.mib /var/lib/radiusd /var/log/radius /var/log/radius/radacct /var/log/radius/radius.log /var/log/radius/radutmp /var/run/radiusd /var/run/radiusd/tmp [root@radius html]#
查看FreeRADIUS工具包安装路径
[root@radius html]# rpm -lq freeradius-utils /usr/bin/dhcpclient /usr/bin/map_unit /usr/bin/rad_counter /usr/bin/radattr /usr/bin/radclient /usr/bin/radcrypt /usr/bin/radeapclient /usr/bin/radlast /usr/bin/radsniff /usr/bin/radsqlrelay /usr/bin/radtest /usr/bin/radwho /usr/bin/radzap /usr/bin/rlm_ippool_tool /usr/bin/smbencrypt /usr/share/man/man1/dhcpclient.1.gz /usr/share/man/man1/rad_counter.1.gz /usr/share/man/man1/radclient.1.gz /usr/share/man/man1/radeapclient.1.gz /usr/share/man/man1/radlast.1.gz /usr/share/man/man1/radtest.1.gz /usr/share/man/man1/radwho.1.gz /usr/share/man/man1/radzap.1.gz /usr/share/man/man1/smbencrypt.1.gz /usr/share/man/man5/checkrad.5.gz /usr/share/man/man8/radcrypt.8.gz /usr/share/man/man8/radsniff.8.gz /usr/share/man/man8/radsqlrelay.8.gz /usr/share/man/man8/rlm_ippool_tool.8.gz [root@radius html]#
查看FreeRADIUS MySQL数据库扩展包安装路
[root@radius html]# rpm -lq freeradius-mysql /etc/raddb/mods-config/sql/counter/mysql /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf /etc/raddb/mods-config/sql/cui/mysql /etc/raddb/mods-config/sql/cui/mysql/queries.conf /etc/raddb/mods-config/sql/cui/mysql/schema.sql /etc/raddb/mods-config/sql/ippool-dhcp/mysql /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql /etc/raddb/mods-config/sql/ippool/mysql /etc/raddb/mods-config/sql/ippool/mysql/queries.conf /etc/raddb/mods-config/sql/ippool/mysql/schema.sql /etc/raddb/mods-config/sql/main/mysql /etc/raddb/mods-config/sql/main/mysql/extras /etc/raddb/mods-config/sql/main/mysql/extras/wimax /etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf /etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/schema.sql /etc/raddb/mods-config/sql/main/mysql/setup.sql /etc/raddb/mods-config/sql/main/ndb /etc/raddb/mods-config/sql/main/ndb/README /etc/raddb/mods-config/sql/main/ndb/schema.sql /etc/raddb/mods-config/sql/main/ndb/setup.sql /usr/lib64/freeradius/rlm_sql_mysql.so [root@radius html]#
注册并启动服务
[root@radius ~]# systemctl enable radiusd Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service. [root@radius ~]# systemctl start radiusd [root@radius ~]#
查看端口监听(UDP1812/UDP1813)
[root@radius ~]# netstat -ltun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 127.0.0.1:18120 0.0.0.0:* udp 0 0 0.0.0.0:56569 0.0.0.0:* udp 0 0 0.0.0.0:1812 0.0.0.0:* udp 0 0 0.0.0.0:1813 0.0.0.0:* udp6 0 0 ::1:323 :::* udp6 0 0 :::54657 :::* udp6 0 0 :::1812 :::* udp6 0 0 :::1813 :::* [root@radius ~]#
导入数据库
[root@radius ~]# mysql -uroot -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql Enter password: [root@radius ~]#
启用数据库模块
[root@radius ~]# cd /etc/raddb/mods-enabled/ [root@radius mods-enabled]# ln -s ../mods-available/sql sql [root@radius mods-enabled]#
修改数据库连接配置文件
[root@radius mods-enabled]# vi sql driver = "rlm_sql_null" driver = "rlm_sql_mysql" dialect = "sqlite" dialect = "mysql" # server = "localhost" # port = 3306 # login = "radius" # password = "radpass" server = "localhost" port = 3306 login = "radius" password = "radiuspassword" # read_clients = yes read_clients = yes
修改数据库连接配置文件属组
[root@radius mods-enabled]# ll sql lrwxrwxrwx 1 root root 21 Feb 20 05:58 sql -> ../mods-available/sql [root@radius mods-enabled]# chgrp -h radiusd sql [root@radius mods-enabled]# ll sql lrwxrwxrwx 1 root radiusd 21 Feb 20 05:58 sql -> ../mods-available/sql [root@radius mods-enabled]#
下载daloRADIUS安装包并解压缩
[root@radius ~]# wget https://github.com/lirantal/daloradius/archive/master.zip [root@radius ~]# cp -R daloradius-master/ /var/www/html/daloradius
导入数据库
[root@radius ~]# cd /var/www/html/ [root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql Enter password: [root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/mysql-daloradius.sql Enter password: [root@radius html]#
修改目录及配置文件属性
[root@radius html]# chown -R apache.apache daloradius/ [root@radius html]# chmod 664 daloradius/library/daloradius.conf.php [root@radius html]#
修改daloRADIUS配置文件
[root@radius html]# vi daloradius/library/daloradius.conf.php $configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'radiuspassword'; $configValues['CONFIG_DB_NAME'] = 'radius';
安装PEAR扩展
更新频道
[root@radius ~]# pear channel-update pear.php.net Updating channel "pear.php.net" Update of Channel "pear.php.net" succeeded [root@radius ~]#
升级pear/PEAR版本
错误提示
[root@radius ~]# pear install DB WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" pear/DB requires package "pear/PEAR" (version >= 1.10.0), installed version is 1.9.4 No valid packages found install failed [root@radius ~]#
升级操作
[root@radius ~]# pear install PEAR WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus" downloading PEAR-1.10.10.tgz ... Starting to download PEAR-1.10.10.tgz (293,388 bytes) .............................................................done: 293,388 bytes downloading Archive_Tar-1.4.9.tgz ... Starting to download Archive_Tar-1.4.9.tgz (21,343 bytes) ...done: 21,343 bytes downloading Structures_Graph-1.1.1.tgz ... Starting to download Structures_Graph-1.1.1.tgz (12,579 bytes) ...done: 12,579 bytes downloading Console_Getopt-1.4.3.tgz ... Starting to download Console_Getopt-1.4.3.tgz (5,789 bytes) ...done: 5,789 bytes downloading XML_Util-1.4.3.tgz ... Starting to download XML_Util-1.4.3.tgz (18,842 bytes) ...done: 18,842 bytes install ok: channel://pear.php.net/Archive_Tar-1.4.9 install ok: channel://pear.php.net/Structures_Graph-1.1.1 install ok: channel://pear.php.net/Console_Getopt-1.4.3 install ok: channel://pear.php.net/XML_Util-1.4.3 install ok: channel://pear.php.net/PEAR-1.10.10 PEAR: Optional feature webinstaller available (PEAR's web-based installer) PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer) PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer) PEAR: To install optional features use "pear install pear/PEAR#featurename" [root@radius ~]#
安装pear/DB扩展
[root@radius ~]# pear install DB WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" downloading DB-1.9.3.tgz ... Starting to download DB-1.9.3.tgz (132,290 bytes) .............................done: 132,290 bytes install ok: channel://pear.php.net/DB-1.9.3 [root@radius ~]#
安装pear/MDB2扩展
[root@radius ~]# pear install MDB2 downloading MDB2-2.4.1.tgz ... Starting to download MDB2-2.4.1.tgz (121,557 bytes) ..........................done: 121,557 bytes install ok: channel://pear.php.net/MDB2-2.4.1 MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2) MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2) MDB2: Optional feature mysql available (MySQL driver for MDB2) MDB2: Optional feature mysqli available (MySQLi driver for MDB2) MDB2: Optional feature mssql available (MS SQL Server driver for MDB2) MDB2: Optional feature oci8 available (Oracle driver for MDB2) MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2) MDB2: Optional feature querysim available (Querysim driver for MDB2) MDB2: Optional feature sqlite available (SQLite2 driver for MDB2) MDB2: To install optional features use "pear install pear/MDB2#featurename" [root@radius ~]#
重启服务
[root@radius ~]# systemctl restart radiusd
使用浏览器访问daloRADIUS控制台
自签根证书导入客户端计算机
正确的自签CA证书导入路径(证书-本地计算机-受信任的根证书颁发机构)
查看已导入的CA证书详情
错误的自签CA证书导入路径(证书-当前用户-受信任的根证书颁发机构)
证书导入位置错误时的连接错误提示:IKE身份验证凭证不可接受
拨号连接属性设置详情
常规选项卡
安全选项卡
网络选项卡
建立连接后的状态信息
安装EPEL仓库源
[root@host1 ~]# yum -y install epel-release
更新缓存并安装StrongSwan及net-tools工具
[root@host1 ~]# yum makecache [root@host1 ~]# yum -y install strongswan net-tools
查看StrongSwan版本信息
[root@host1 ~]# yum info strongswan Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-lax.psychz.net * epel: mirror.lax.genesisadaptive.com * extras: mirror.hostduplex.com * updates: repos-lax.psychz.net Installed Packages Name : strongswan Arch : x86_64 Version : 5.7.2 Release : 1.el7 Size : 4.0 M Repo : installed From repo : epel Summary : An OpenSource IPsec-based VPN and TNC solution URL : http://www.strongswan.org/ License : GPLv2+ Description : The strongSwan IPsec implementation supports both the IKEv1 and : IKEv2 key exchange protocols in conjunction with the native NETKEY : IPsec stack of the Linux kernel. [root@host1 ~]#
准备证书生成脚本
服务器证书脚本
[root@host1 ipsec.d]# cat server_key.sh #!/bin/bash if [ $1 ]; then CN=$1 echo "generating keys for $CN ..." else echo -e "usage:\n sh server_key.sh YOUR EXACT HOST NAME or SERVER IP\n Run this script in directory to store your keys" exit 1 fi mkdir -p private && mkdir -p cacerts && mkdir -p certs strongswan pki --gen --type rsa --size 4096 --outform pem > private/strongswanKey.pem strongswan pki --self --ca --lifetime 3650 --in private/strongswanKey.pem --type rsa --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" --outform pem > cacerts/strongswanCert.pem echo 'CA certs at cacerts/strongswanCert.pem' strongswan pki --print --in cacerts/strongswanCert.pem sleep 1 echo "generating server keys ..." strongswan pki --gen --type rsa --size 2048 --outform pem > private/vpnHostKey.pem strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" \ --san $CN \ --flag serverAuth --flag ikeIntermediate \ --outform pem > certs/vpnHostCert.pem echo "vpn server cert at certs/vpnHostCert.pem" strongswan pki --print --in certs/vpnHostCert.pem [root@host1 ipsec.d]#
客户端证书脚本
[root@host1 ipsec.d]# cat client_key.sh #!/bin/bash info="usage:\n sh client_key.sh USER_NAME EMAIL \n Run this script in directory to store your keys" if [ $1 ]; then if [ $2 ]; then NAME=$1 MAIL=$2 echo "generating keys for $NAME $MAIL ..." else echo -e $info exit 1 fi else echo -e $info exit 1 fi mkdir -p private && mkdir -p cacerts && mkdir -p certs keyfile="private/"$NAME"Key.pem" certfile="certs/"$NAME"Cert.pem" p12file=$NAME".p12" strongswan pki --gen --type rsa --size 2048 \ --outform pem \ > $keyfile strongswan pki --pub --in $keyfile --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ --dn "C=HK, O=LINUXCACHE.COM, CN=$MAIL" \ --san $MAIL \ --outform pem > $certfile strongswan pki --print --in $certfile echo "Enter password to protect p12 cert for $NAME" openssl pkcs12 -export -inkey $keyfile \ -in $certfile -name "$NAME's VPN Certificate" \ -certfile cacerts/strongswanCert.pem \ -caname "strongSwan Root CA" \ -out $p12file if [ $? -eq 0 ]; then echo "cert for $NAME at $p12file" fi [root@host1 ipsec.d]#
生成服务器证书
[root@host1 ipsec.d]# ./server_key.sh 144.202.116.133 generating keys for 144.202.116.133 ... CA certs at cacerts/strongswanCert.pem subject: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:02:11 2020, ok not after Jan 29 02:02:11 2030, ok (expires in 3650 days) serial: 1d:40:6a:e0:af:56:64:33 flags: CA CRLSign self-signed subjkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 pubkey: RSA 4096 bits keyid: 7e:1e:66:62:f0:cc:d9:51:9e:ea:c0:97:37:d5:84:1c:b9:27:97:c2 subjkey: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 generating server keys ... vpn server cert at certs/vpnHostCert.pem subject: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:02:13 2020, ok not after Jan 31 02:02:13 2022, ok (expires in 730 days) serial: 1d:ff:d1:51:97:c9:46:72 altNames: 144.202.116.133 flags: serverAuth ikeIntermediate authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 subjkeyId: c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe pubkey: RSA 2048 bits keyid: 15:7d:c7:47:3e:07:7b:66:92:d0:2e:75:8e:78:0e:6b:72:8e:5e:b2 subjkey: c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe [root@host1 ipsec.d]#
生成客户端证书并为密钥对设置密码
[root@host1 ipsec.d]# ./client_key.sh harveymei harvey.mei@msn.com generating keys for harveymei harvey.mei@msn.com ... subject: "C=HK, O=LINUXCACHE.COM, CN=harvey.mei@msn.com" issuer: "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133" validity: not before Feb 01 02:03:46 2020, ok not after Jan 31 02:03:46 2022, ok (expires in 730 days) serial: 60:f7:02:c5:33:21:3a:13 altNames: harvey.mei@msn.com flags: authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26 subjkeyId: ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40 pubkey: RSA 2048 bits keyid: 1a:8d:12:09:54:a6:a6:d4:f9:d4:7a:6c:75:0a:85:6d:90:b6:0d:fe subjkey: ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40 Enter password to protect p12 cert for harveymei Enter Export Password: Verifying - Enter Export Password: cert for harveymei at harveymei.p12 [root@host1 ipsec.d]#
复制客户端需要用到的证书
修改配置文件
修改ipsec.conf配置文件
初始配置文件
# ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections #conn sample-self-signed # leftsubnet=10.1.0.0/16 # leftcert=selfCert.der # leftsendcert=never # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightcert=peerCert.der # auto=start #conn sample-with-ca-cert # leftsubnet=10.1.0.0/16 # leftcert=myCert.pem # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightid="C=HK, O=Linux strongSwan CN=peer name" # auto=start
修改为
config setup uniqueids=never charondebug="cfg 2, dmn 2, ike 2, net 0" conn %default left=%defaultroute leftsubnet=0.0.0.0/0 leftcert=vpnHostCert.pem right=%any rightsourceip=172.16.1.100/16 conn CiscoIPSec keyexchange=ikev1 fragmentation=yes rightauth=pubkey rightauth2=xauth leftsendcert=always rekey=no auto=add conn XauthPsk keyexchange=ikev1 leftauth=psk rightauth=psk rightauth2=xauth auto=add conn IpsecIKEv2 keyexchange=ikev2 leftauth=pubkey rightauth=pubkey leftsendcert=always auto=add conn IpsecIKEv2-EAP keyexchange=ikev2 ike=aes256-sha1-modp1024! rekey=no leftauth=pubkey leftsendcert=always rightauth=eap-mschapv2 eap_identity=%any auto=add
修改strongswan.conf配置文件
初始配置文件
# strongswan.conf - strongSwan configuration file # # Refer to the strongswan.conf(5) manpage for details # # Configuration changes should be made in the included files charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf
修改为
charon { load_modular = yes duplicheck.enable = no compress = yes plugins { include strongswan.d/charon/*.conf } dns1 = 8.8.8.8 dns2 = 8.8.4.4 nbns1 = 8.8.8.8 nbns2 = 8.8.4.4 } include strongswan.d/*.conf
语法变化/错误的处理
Feb 01 02:41:00 host1 strongswan[4598]: /etc/strongswan/strongswan.conf:3: syntax error, unexpected ., expecting : or '{' or '=' [.]
charon { load_modular = yes duplicheck{ enable = no } compress = yes plugins { include strongswan.d/charon/*.conf } dns1 = 8.8.8.8 dns2 = 8.8.4.4 nbns1 = 8.8.8.8 nbns2 = 8.8.4.4 } include strongswan.d/*.conf
修改ipsec.secrets配置文件(账号密码)
初始配置文件
# ipsec.secrets - strongSwan IPsec secrets file
修改为
# ipsec.secrets - strongSwan IPsec secrets file : RSA vpnHostKey.pem : PSK "PSK_KEY" harveymei %any : EAP "harvey#pwd2020" harveymei %any : XAUTH "harvey#pwd2020"
开启内核及防火墙包转发设置
内核
[root@host1 strongswan]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf [root@host1 strongswan]# sysctl -p net.ipv6.conf.all.accept_ra = 2 net.ipv6.conf.eth0.accept_ra = 2 net.ipv4.ip_forward = 1 [root@host1 strongswan]#
防火墙
[root@host1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@host1 ~]# firewall-cmd --permanent --add-service=ipsec success [root@host1 ~]# firewall-cmd --permanent --add-port=4500/udp success [root@host1 ~]# firewall-cmd --permanent --add-masquerade success [root@host1 ~]# firewall-cmd --reload success [root@host1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ipsec ssh ports: 4500/udp protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: [root@host1 ~]#
启动服务
[root@host1 ~]# systemctl enable strongswan Created symlink from /etc/systemd/system/multi-user.target.wants/strongswan.service to /usr/lib/systemd/system/strongswan.service. [root@host1 ~]# systemctl start strongswan
查看端口监听
n2n两种节点类型的命令参数参考
[root@host1 ~]# /usr/local/n2n/sbin/supernode --help Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu Built on Jan 31 2020 06:48:19 Copyright 2007-19 - ntop.org and contributors supernode <config file> (see supernode.conf) or supernode -l <lport> -c <path> [-v] -l <lport> Set UDP main listen port to <lport> -c <path> File containing the allowed communities. -v Increase verbosity. Can be used multiple times. -h This help message. [root@host1 ~]#
[root@host1 ~]# /usr/local/n2n/sbin/edge --help Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu Built on Jan 31 2020 06:48:19 Copyright 2007-19 - ntop.org and contributors edge <config file> (see edge.conf) or edge -d <tun device> -a [static:|dhcp:]<tun IP address> -c <community> [-k <encrypt key>] [-s <netmask>] [-u <uid> -g <gid>][-f][-T <tos>][-m <MAC address>] -l <supernode host:port> [-p <local port>] [-M <mtu>] [-D] [-r] [-E] [-v] [-i <reg_interval>] [-L <reg_ttl>] [-t <mgmt port>] [-A] [-h] -d <tun device> | tun device name -a <mode:address> | Set interface address. For DHCP use '-r -a dhcp:0.0.0.0' -c <community> | n2n community name the edge belongs to. -k <encrypt key> | Encryption key (ASCII) - also N2N_KEY=<encrypt key>. -s <netmask> | Edge interface netmask in dotted decimal notation (255.255.255.0). -l <supernode host:port> | Supernode IP:port -i <reg_interval> | Registration interval, for NAT hole punching (default 20 seconds) -L <reg_ttl> | TTL for registration packet when UDP NAT hole punching through supernode (default 0 for not set ) -p <local port> | Fixed local UDP port. -u <UID> | User ID (numeric) to use when privileges are dropped. -g <GID> | Group ID (numeric) to use when privileges are dropped. -f | Do not fork and run as a daemon; rather run in foreground. -m <MAC address> | Fix MAC address for the TAP interface (otherwise it may be random) | eg. -m 01:02:03:04:05:06 -M <mtu> | Specify n2n MTU of edge interface (default 1290). -D | Enable PMTU discovery. PMTU discovery can reduce fragmentation but | causes connections stall when not properly supported. -r | Enable packet forwarding through n2n community. -E | Accept multicast MAC addresses (default=drop). -S | Do not connect P2P. Always use the supernode. -T <tos> | TOS for packets (e.g. 0x48 for SSH like priority) -v | Make more verbose. Repeat as required. -t <port> | Management UDP Port (for multiple edges on a machine). Environment variables: N2N_KEY | Encryption key (ASCII). Not with -k. [root@host1 ~]#