8月 242020
 

禁用SELinux配置

[root@lsws ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config;
[root@lsws ~]# setenforce 0
[root@lsws ~]#

配置仓库

[root@lsws ~]# dnf install http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm

查看仓库配置文件

[root@lsws ~]# cat /etc/yum.repos.d/litespeed.repo
[litespeed]
name=LiteSpeed Tech Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/centos/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-update]
name=LiteSpeed Tech Update Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/centos/$releasever/update/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-edge]
name=LiteSpeed Tech Edge Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/$basearch/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-edge-update]
name=LiteSpeed Tech Edge Update Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/update/$basearch/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed
[root@lsws ~]#

更新dnf工具缓存

[root@lsws ~]# dnf makecache
CentOS-8 - AppStream                             12 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                 7.8 kB/s | 3.9 kB     00:00
CentOS-8 - Extras                               2.9 kB/s | 1.5 kB     00:00
LiteSpeed Tech Repository for CentOS 8 - x86_64 2.1 MB/s | 490 kB     00:00
LiteSpeed Tech Update Repository for CentOS 8 - 1.0 MB/s | 227 kB     00:00
Metadata cache created.
[root@lsws ~]#

查看openlitespeed包信息

[root@lsws ~]# dnf info openlitespeed
Last metadata expiration check: 0:00:36 ago on Mon 24 Aug 2020 02:48:52 AM UTC.
Available Packages
Name         : openlitespeed
Version      : 1.6.15
Release      : 2.el8
Architecture : x86_64
Size         : 37 M
Source       : openlitespeed-1.6.15-2.el8.src.rpm
Repository   : litespeed-update
Summary      : OpenLiteSpeed
URL          : http://www.litespeedtech.com
License      : GPLv3
Description  : OpenLiteSpeed is a high-performance, lightweight, open source
             : HTTP server developed and copyrighted by LiteSpeed Technologies.
             : Users are free to download, use, distribute, and modify
             : OpenLiteSpeed and its source code in accordance with the precepts
             : of the GPLv3 license.

[root@lsws ~]#

安装litespeed及php环境包

问题

[root@lsws ~]# dnf install openlitespeed
Last metadata expiration check: 0:00:13 ago on Mon 24 Aug 2020 02:43:32 AM UTC.
Error:
Problem: package openlitespeed-1.6.15-2.el8.x86_64 requires lsphp73-mcrypt, but none of the providers can be installed
- cannot install the best candidate for the job
- nothing provides libmcrypt.so.4()(64bit) needed by lsphp73-pecl-mcrypt-1.0.3-1.el8.7.3.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[root@lsws ~]#

解决

[root@lsws ~]# dnf install epel-release

再次安装

[root@lsws ~]# dnf install openlitespeed

================================================================================
 Package                Arch      Version             Repository           Size
================================================================================
Installing:
 openlitespeed          x86_64    1.6.15-2.el8        litespeed-update     37 M
Installing dependencies:
 libXpm                 x86_64    3.5.12-8.el8        AppStream            58 k
 libargon2              x86_64    20171227-3.el8      epel                 29 k
 libc-client            x86_64    2007f-24.el8        epel                564 k
 libjpeg-turbo          x86_64    1.5.3-10.el8        AppStream           156 k
 libmcrypt              x86_64    2.5.8-26.el8        epel                109 k
 libnsl                 x86_64    2.28-101.el8        BaseOS               97 k
 libwebp                x86_64    1.0.0-1.el8         AppStream           273 k
 libxslt                x86_64    1.1.32-4.el8        BaseOS              249 k
 lsphp73                x86_64    7.3.21-1.el8        litespeed           4.7 M
 lsphp73-common         x86_64    7.3.21-1.el8        litespeed           677 k
 lsphp73-gd             x86_64    7.3.21-1.el8        litespeed           122 k
 lsphp73-imap           x86_64    7.3.21-1.el8        litespeed            39 k
 lsphp73-mbstring       x86_64    7.3.21-1.el8        litespeed           571 k
 lsphp73-mysqlnd        x86_64    7.3.21-1.el8        litespeed           142 k
 lsphp73-opcache        x86_64    7.3.21-1.el8        litespeed           203 k
 lsphp73-pdo            x86_64    7.3.21-1.el8        litespeed            75 k
 lsphp73-pecl-mcrypt    x86_64    1.0.3-1.el8.7.3     litespeed            27 k
 lsphp73-process        x86_64    7.3.21-1.el8        litespeed            37 k
 lsphp73-xml            x86_64    7.3.21-1.el8        litespeed           140 k

Transaction Summary
================================================================================
Install  20 Packages

查看openlitespeed安装路径

[root@lsws ~]# ls /usr/local/lsws/
add-ons      backup     conf      gdata    lsphp73      phpbuild  VERSION
admin        bin        docs      GPL.txt  lsrecaptcha  PLAT
adminpasswd  cachedata  Example   lib      modules      share
autoupdate   cgid       fcgi-bin  logs     php          tmp
[root@lsws ~]#

[root@lsws ~]# rpm -lq openlitespeed
/etc/init.d/lsws
/usr/lib/.build-id
/usr/lib/.build-id/01
/usr/lib/.build-id/01/1fe5f65c8015eff89a7061cf3cd705df56b14d
/usr/lib/.build-id/0e
/usr/lib/.build-id/0e/0ad48b16e05134408b5ba7fda33a78ff494487
/usr/lib/.build-id/2c
/usr/lib/.build-id/2c/01b36791441d4ea4d211f1568e03a4ad6717eb
/usr/lib/.build-id/7d
/usr/lib/.build-id/7d/19ffa9101ece0920acec1aa7a41befdf870147
/usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11
/usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11.1
/usr/lib/.build-id/92
/usr/lib/.build-id/92/57016074c47d5ea7e6939c5bf92678f8bf07fd
/usr/lib/.build-id/9a
/usr/lib/.build-id/9a/54a5da0375a7bee6dfa1cec7ec3c95b51da417
/usr/lib/.build-id/c2
/usr/lib/.build-id/c2/16322f9066a8510f3f5a666bb8af7694727b4b
/usr/lib/.build-id/c5
/usr/lib/.build-id/c5/4953e950479bd6c50a614e5d37e8fcc170b91a
/usr/lib/.build-id/cd
/usr/lib/.build-id/cd/71ea0ab4fcdd0c7976dfe74c8e7333f547fa83
/usr/lib/.build-id/e8
/usr/lib/.build-id/e8/0ec2ee684e24336fb76439c1a1afc48787cdf7
/usr/lib/.build-id/f6
/usr/lib/.build-id/f6/4cc59833a8b1b9b1320b431830b6cf377e8684
/usr/local/lsws
/usr/local/lsws/Example
/usr/local/lsws/Example/cgi-bin
/usr/local/lsws/Example/cgi-bin/helloworld
/usr/local/lsws/Example/fcgi-bin
/usr/local/lsws/Example/html
/usr/local/lsws/Example/html/.htaccess
/usr/local/lsws/Example/html/blocked
/usr/local/lsws/Example/html/blocked/index.html
/usr/local/lsws/Example/html/css
/usr/local/lsws/Example/html/css/bootstrap.min.css
/usr/local/lsws/Example/html/css/custom.css
/usr/local/lsws/Example/html/error404.html
/usr/local/lsws/Example/html/img
/usr/local/lsws/Example/html/img/404-icon.png
/usr/local/lsws/Example/html/img/blocked_content-icon.png
/usr/local/lsws/Example/html/img/cgi-icon.png
/usr/local/lsws/Example/html/img/file_upload-icon.png
/usr/local/lsws/Example/html/img/olsws_logo.png
/usr/local/lsws/Example/html/img/php-icon.png
/usr/local/lsws/Example/html/img/powered_by_ols-new.png
/usr/local/lsws/Example/html/img/pwd_protect-icon.png
/usr/local/lsws/Example/html/index.html
/usr/local/lsws/Example/html/phpinfo.php
/usr/local/lsws/Example/html/protected
/usr/local/lsws/Example/html/protected/index.html
/usr/local/lsws/Example/html/upload.html
/usr/local/lsws/Example/html/upload.php
/usr/local/lsws/Example/logs
/usr/local/lsws/GPL.txt
/usr/local/lsws/PLAT
/usr/local/lsws/VERSION
/usr/local/lsws/add-ons
/usr/local/lsws/add-ons/snmp_monitoring
/usr/local/lsws/add-ons/snmp_monitoring/README
/usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_snmp_bridge.php
/usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_stats.php
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_cacti_template.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_extapp.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_general.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_vhost.xml
/usr/local/lsws/add-ons/snmp_monitoring/sample.php
/usr/local/lsws/add-ons/webcachemgr
/usr/local/lsws/add-ons/webcachemgr/VERSION
/usr/local/lsws/add-ons/webcachemgr/autoloader.php
/usr/local/lsws/add-ons/webcachemgr/bootstrap.php
/usr/local/lsws/add-ons/webcachemgr/bootstrap_cli.php
/usr/local/lsws/add-ons/webcachemgr/src
/usr/local/lsws/add-ons/webcachemgr/src/AjaxResponse.php
/usr/local/lsws/add-ons/webcachemgr/src/CliController.php
/usr/local/lsws/add-ons/webcachemgr/src/Context
/usr/local/lsws/add-ons/webcachemgr/src/Context/Context.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/ContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/RootCLIContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/RootPanelContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/UserCLIContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/DashNotifier.php
/usr/local/lsws/add-ons/webcachemgr/src/LSCMException.php
/usr/local/lsws/add-ons/webcachemgr/src/LogEntry.php
/usr/local/lsws/add-ons/webcachemgr/src/Logger.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/ControlPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanelBase.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/DirectAdmin.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/Plesk.php
/usr/local/lsws/add-ons/webcachemgr/src/PanelController.php
/usr/local/lsws/add-ons/webcachemgr/src/PluginVersion.php
/usr/local/lsws/add-ons/webcachemgr/src/UserCommand.php
/usr/local/lsws/add-ons/webcachemgr/src/Util.php
/usr/local/lsws/add-ons/webcachemgr/src/View
/usr/local/lsws/add-ons/webcachemgr/src/View/AjaxView.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax/CacheMgrRowViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/CacheRootNotSetViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/DashNotifierViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/DataFileMsgViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/ManageViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashDisableProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashNotifyProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MissingTplViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/RefreshStatusProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/ScanProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/UnflagAllProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionChangeViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionManageViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrActionsCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrFlagCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrStatusCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks/InputSubmitBtn.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/CacheRootNotSet.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DashNotifier.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DataFileMsg.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Manage.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashDisableProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashNotifyProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisable.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisableProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MissingTpl.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/RefreshStatusProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/ScanProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/UnflagAllProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionChange.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionManage.tpl
/usr/local/lsws/add-ons/webcachemgr/src/WPCaller.php
/usr/local/lsws/add-ons/webcachemgr/src/WPDashMsgs.php
/usr/local/lsws/add-ons/webcachemgr/src/WPInstall.php
/usr/local/lsws/add-ons/webcachemgr/src/WPInstallStorage.php
/usr/local/lsws/admin
/usr/local/lsws/admin/cgid
/usr/local/lsws/admin/cgid/secret
/usr/local/lsws/admin/conf
/usr/local/lsws/admin/conf/admin_config.conf
/usr/local/lsws/admin/conf/htpasswd
/usr/local/lsws/admin/conf/jcryption_keypair
/usr/local/lsws/admin/conf/php.ini
/usr/local/lsws/admin/fcgi-bin
/usr/local/lsws/admin/fcgi-bin/admin_php
/usr/local/lsws/admin/html
/usr/local/lsws/admin/html.open
/usr/local/lsws/admin/html.open/favicon.ico
/usr/local/lsws/admin/html.open/index.php
/usr/local/lsws/admin/html.open/lib
/usr/local/lsws/admin/html.open/lib/CAuthorizer.php
/usr/local/lsws/admin/html.open/lib/CData.php
/usr/local/lsws/admin/html.open/lib/CNode.php
/usr/local/lsws/admin/html.open/lib/CValidation.php
/usr/local/lsws/admin/html.open/lib/ControllerBase.php
/usr/local/lsws/admin/html.open/lib/DAttrBase.php
/usr/local/lsws/admin/html.open/lib/DAttrHelp.php
/usr/local/lsws/admin/html.open/lib/DInfo.php
/usr/local/lsws/admin/html.open/lib/DKeywordAlias.php
/usr/local/lsws/admin/html.open/lib/DMsg.php
/usr/local/lsws/admin/html.open/lib/DPage.php
/usr/local/lsws/admin/html.open/lib/DTbl.php
/usr/local/lsws/admin/html.open/lib/DTblDefBase.php
/usr/local/lsws/admin/html.open/lib/DTblMap.php
/usr/local/lsws/admin/html.open/lib/LogViewer.php
/usr/local/lsws/admin/html.open/lib/PathTool.php
/usr/local/lsws/admin/html.open/lib/PlainConfParser.php
/usr/local/lsws/admin/html.open/lib/SInfo.php
/usr/local/lsws/admin/html.open/lib/XmlParser.php
/usr/local/lsws/admin/html.open/lib/blowfish.php
/usr/local/lsws/admin/html.open/lib/jCryption.php
/usr/local/lsws/admin/html.open/lib/ows
/usr/local/lsws/admin/html.open/lib/ows/ConfValidation.php
/usr/local/lsws/admin/html.open/lib/ows/DAttr.php
/usr/local/lsws/admin/html.open/lib/ows/DPageDef.php
/usr/local/lsws/admin/html.open/lib/ows/DTblDef.php
/usr/local/lsws/admin/html.open/lib/ows/Product.php
/usr/local/lsws/admin/html.open/lib/ows/RealTimeStats.php
/usr/local/lsws/admin/html.open/lib/ows/Service.php
/usr/local/lsws/admin/html.open/lib/ows/UI.php
/usr/local/lsws/admin/html.open/lib/util
/usr/local/lsws/admin/html.open/lib/util/build_php
/usr/local/lsws/admin/html.open/lib/util/build_php/BuildConfig.php
/usr/local/lsws/admin/html.open/lib/util/build_php/build_common.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_install.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_install_ext.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_manual_run.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare_ext.template
/usr/local/lsws/admin/html.open/lib/util/build_php/buildfunc.inc.php
/usr/local/lsws/admin/html.open/login.php
/usr/local/lsws/admin/html.open/res
/usr/local/lsws/admin/html.open/res/css
/usr/local/lsws/admin/html.open/res/css/bootstrap.min.css
/usr/local/lsws/admin/html.open/res/css/font-awesome.min.css
/usr/local/lsws/admin/html.open/res/css/googlefonts.css
/usr/local/lsws/admin/html.open/res/css/lockscreen.min.css
/usr/local/lsws/admin/html.open/res/css/lst-webadmin.min.css
/usr/local/lsws/admin/html.open/res/css/smartadmin-production.min.css
/usr/local/lsws/admin/html.open/res/fonts
/usr/local/lsws/admin/html.open/res/fonts/FontAwesome.otf
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.eot
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.svg
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.ttf
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.woff
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.eot
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.svg
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.ttf
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff2
/usr/local/lsws/admin/html.open/res/img
/usr/local/lsws/admin/html.open/res/img/ajax-loader.gif
/usr/local/lsws/admin/html.open/res/img/alpha.png
/usr/local/lsws/admin/html.open/res/img/blank.gif
/usr/local/lsws/admin/html.open/res/img/clear.png
/usr/local/lsws/admin/html.open/res/img/favicon
/usr/local/lsws/admin/html.open/res/img/favicon/favicon.ico
/usr/local/lsws/admin/html.open/res/img/hue.png
/usr/local/lsws/admin/html.open/res/img/icons
/usr/local/lsws/admin/html.open/res/img/icons/adminconfig.gif
/usr/local/lsws/admin/html.open/res/img/icons/administrator.gif
/usr/local/lsws/admin/html.open/res/img/icons/application.gif
/usr/local/lsws/admin/html.open/res/img/icons/cgi.gif
/usr/local/lsws/admin/html.open/res/img/icons/controlpanel.gif
/usr/local/lsws/admin/html.open/res/img/icons/database.gif
/usr/local/lsws/admin/html.open/res/img/icons/debug.gif
/usr/local/lsws/admin/html.open/res/img/icons/down.gif
/usr/local/lsws/admin/html.open/res/img/icons/edit.gif
/usr/local/lsws/admin/html.open/res/img/icons/fast_cgi.gif
/usr/local/lsws/admin/html.open/res/img/icons/favicon.ico
/usr/local/lsws/admin/html.open/res/img/icons/file.gif
/usr/local/lsws/admin/html.open/res/img/icons/filter.gif
/usr/local/lsws/admin/html.open/res/img/icons/form.gif
/usr/local/lsws/admin/html.open/res/img/icons/graph.gif
/usr/local/lsws/admin/html.open/res/img/icons/help.png
/usr/local/lsws/admin/html.open/res/img/icons/info.gif
/usr/local/lsws/admin/html.open/res/img/icons/link.gif
/usr/local/lsws/admin/html.open/res/img/icons/load_balancer.gif
/usr/local/lsws/admin/html.open/res/img/icons/lock.gif
/usr/local/lsws/admin/html.open/res/img/icons/ls_sapi.gif
/usr/local/lsws/admin/html.open/res/img/icons/module.gif
/usr/local/lsws/admin/html.open/res/img/icons/module_handler.gif
/usr/local/lsws/admin/html.open/res/img/icons/network.gif
/usr/local/lsws/admin/html.open/res/img/icons/play.gif
/usr/local/lsws/admin/html.open/res/img/icons/record.gif
/usr/local/lsws/admin/html.open/res/img/icons/redirect.gif
/usr/local/lsws/admin/html.open/res/img/icons/refresh.gif
/usr/local/lsws/admin/html.open/res/img/icons/report.gif
/usr/local/lsws/admin/html.open/res/img/icons/script.gif
/usr/local/lsws/admin/html.open/res/img/icons/search.gif
/usr/local/lsws/admin/html.open/res/img/icons/serverconfig.gif
/usr/local/lsws/admin/html.open/res/img/icons/servlet_engine.gif
/usr/local/lsws/admin/html.open/res/img/icons/shield.gif
/usr/local/lsws/admin/html.open/res/img/icons/stop.gif
/usr/local/lsws/admin/html.open/res/img/icons/trash.gif
/usr/local/lsws/admin/html.open/res/img/icons/up.gif
/usr/local/lsws/admin/html.open/res/img/icons/web.gif
/usr/local/lsws/admin/html.open/res/img/icons/web_link.gif
/usr/local/lsws/admin/html.open/res/img/icons/web_server.gif
/usr/local/lsws/admin/html.open/res/img/loading.gif
/usr/local/lsws/admin/html.open/res/img/lsws_bolt.png
/usr/local/lsws/admin/html.open/res/img/lsws_bolt.svg
/usr/local/lsws/admin/html.open/res/img/mappin-default.png
/usr/local/lsws/admin/html.open/res/img/minus.png
/usr/local/lsws/admin/html.open/res/img/mybg.png
/usr/local/lsws/admin/html.open/res/img/plus.png
/usr/local/lsws/admin/html.open/res/img/product_logo.gif
/usr/local/lsws/admin/html.open/res/img/product_logo.svg
/usr/local/lsws/admin/html.open/res/img/ribbon.png
/usr/local/lsws/admin/html.open/res/img/sa-dark.png
/usr/local/lsws/admin/html.open/res/img/sa-default.png
/usr/local/lsws/admin/html.open/res/img/sort_asc.png
/usr/local/lsws/admin/html.open/res/img/sort_asc_disabled.png
/usr/local/lsws/admin/html.open/res/img/sort_both.png
/usr/local/lsws/admin/html.open/res/img/sort_desc.png
/usr/local/lsws/admin/html.open/res/img/sort_desc_disabled.png
/usr/local/lsws/admin/html.open/res/img/vt-menu.png
/usr/local/lsws/admin/html.open/res/js
/usr/local/lsws/admin/html.open/res/js/app.config.min.js
/usr/local/lsws/admin/html.open/res/js/bootstrap
/usr/local/lsws/admin/html.open/res/js/bootstrap/bootstrap.min.js
/usr/local/lsws/admin/html.open/res/js/jcryption
/usr/local/lsws/admin/html.open/res/js/jcryption/jquery.jcryption.min.js
/usr/local/lsws/admin/html.open/res/js/libs
/usr/local/lsws/admin/html.open/res/js/libs/jquery-2.2.4.min.js
/usr/local/lsws/admin/html.open/res/js/libs/jquery-ui-1.12.1.min.js
/usr/local/lsws/admin/html.open/res/js/lst-app.min.js
/usr/local/lsws/admin/html.open/res/js/notification
/usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.js
/usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.min.js
/usr/local/lsws/admin/html.open/res/js/plugin
/usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive
/usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive/datatables.responsive.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.bootstrap.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colReorder.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colVis.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.tableTools.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/jquery.dataTables.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls.swf
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls_pdf.swf
/usr/local/lsws/admin/html.open/res/js/plugin/flot
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.cust.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.fillbetween.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.orderBar.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.pie.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.resize.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.tooltip.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/msie-fix
/usr/local/lsws/admin/html.open/res/js/plugin/msie-fix/jquery.mb.browser.min.js
/usr/local/lsws/admin/html.open/res/lang
/usr/local/lsws/admin/html.open/res/lang/en-US_msg.php
/usr/local/lsws/admin/html.open/res/lang/en-US_tips.php
/usr/local/lsws/admin/html.open/res/lang/ja-JP_msg.php
/usr/local/lsws/admin/html.open/res/lang/ja-JP_tips.php
/usr/local/lsws/admin/html.open/res/lang/util_sortlang.php
/usr/local/lsws/admin/html.open/res/lang/zh-CN_msg.php
/usr/local/lsws/admin/html.open/res/lang/zh-CN_tips.php
/usr/local/lsws/admin/html.open/view
/usr/local/lsws/admin/html.open/view/UIBase.php
/usr/local/lsws/admin/html.open/view/UIProperty.php
/usr/local/lsws/admin/html.open/view/ajax_data.php
/usr/local/lsws/admin/html.open/view/compilePHP.php
/usr/local/lsws/admin/html.open/view/confMgr.php
/usr/local/lsws/admin/html.open/view/dashboard.php
/usr/local/lsws/admin/html.open/view/inc
/usr/local/lsws/admin/html.open/view/inc/auth.php
/usr/local/lsws/admin/html.open/view/inc/configui.php
/usr/local/lsws/admin/html.open/view/inc/global.php
/usr/local/lsws/admin/html.open/view/inc/header.php
/usr/local/lsws/admin/html.open/view/inc/nav.php
/usr/local/lsws/admin/html.open/view/inc/scripts.php
/usr/local/lsws/admin/html.open/view/logviewer.php
/usr/local/lsws/admin/html.open/view/realtimestats.php
/usr/local/lsws/admin/html.open/view/serviceMgr.php
/usr/local/lsws/admin/logs
/usr/local/lsws/admin/misc
/usr/local/lsws/admin/misc/admpass.sh
/usr/local/lsws/admin/misc/build_admin_php.sh
/usr/local/lsws/admin/misc/convertxml.php
/usr/local/lsws/admin/misc/convertxml.sh
/usr/local/lsws/admin/misc/create_admin_keypair.sh
/usr/local/lsws/admin/misc/enable_phpa.sh
/usr/local/lsws/admin/misc/gdb-bt
/usr/local/lsws/admin/misc/genjCryptionKeyPair.php
/usr/local/lsws/admin/misc/gzipStatic.sh
/usr/local/lsws/admin/misc/htpasswd.php
/usr/local/lsws/admin/misc/lscmctl
/usr/local/lsws/admin/misc/lshttpd.service
/usr/local/lsws/admin/misc/lsup.sh
/usr/local/lsws/admin/misc/lsws.rc
/usr/local/lsws/admin/misc/lsws.rc.gentoo
/usr/local/lsws/admin/misc/php.ini
/usr/local/lsws/admin/misc/rc-inst.sh
/usr/local/lsws/admin/misc/rc-uninst.sh
/usr/local/lsws/admin/misc/testbeta.sh
/usr/local/lsws/admin/misc/uninstall.sh
/usr/local/lsws/admin/tmp
/usr/local/lsws/adminpasswd
/usr/local/lsws/autoupdate
/usr/local/lsws/backup
/usr/local/lsws/bin
/usr/local/lsws/bin/litespeed
/usr/local/lsws/bin/lshttpd
/usr/local/lsws/bin/lsws_env
/usr/local/lsws/bin/lswsctrl
/usr/local/lsws/bin/lswsctrl.open
/usr/local/lsws/bin/openlitespeed
/usr/local/lsws/bin/openlitespeed.asan
/usr/local/lsws/bin/openlitespeed.dbg
/usr/local/lsws/bin/openlitespeed.prof
/usr/local/lsws/cachedata
/usr/local/lsws/cgid
/usr/local/lsws/conf
/usr/local/lsws/conf/cert
/usr/local/lsws/conf/httpd_config.conf
/usr/local/lsws/conf/mime.properties
/usr/local/lsws/conf/templates
/usr/local/lsws/conf/templates/ccl.conf
/usr/local/lsws/conf/templates/rails.conf
/usr/local/lsws/conf/vhosts
/usr/local/lsws/conf/vhosts/Example
/usr/local/lsws/conf/vhosts/Example/htgroup
/usr/local/lsws/conf/vhosts/Example/htpasswd
/usr/local/lsws/conf/vhosts/Example/vhconf.conf
/usr/local/lsws/docs
/usr/local/lsws/docs/AdminGeneral_Help.html
/usr/local/lsws/docs/AdminListeners_General_Help.html
/usr/local/lsws/docs/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/AdminSecurity_Help.html
/usr/local/lsws/docs/App_Server_Context.html
/usr/local/lsws/docs/App_Server_Help.html
/usr/local/lsws/docs/CGI_Context.html
/usr/local/lsws/docs/CompilePHP_Help.html
/usr/local/lsws/docs/Context_Help.html
/usr/local/lsws/docs/ExtApp_Help.html
/usr/local/lsws/docs/External_FCGI.html
/usr/local/lsws/docs/External_FCGI_Auth.html
/usr/local/lsws/docs/External_LB.html
/usr/local/lsws/docs/External_LSAPI.html
/usr/local/lsws/docs/External_PL.html
/usr/local/lsws/docs/External_Servlet.html
/usr/local/lsws/docs/External_WS.html
/usr/local/lsws/docs/FCGI_Context.html
/usr/local/lsws/docs/Java_Web_App_Context.html
/usr/local/lsws/docs/LB_Context.html
/usr/local/lsws/docs/LSAPI_Context.html
/usr/local/lsws/docs/Listeners_General_Help.html
/usr/local/lsws/docs/Listeners_SSL_Help.html
/usr/local/lsws/docs/Module_Context.html
/usr/local/lsws/docs/Module_Help.html
/usr/local/lsws/docs/Proxy_Context.html
/usr/local/lsws/docs/Redirect_Context.html
/usr/local/lsws/docs/Rewrite_Help.html
/usr/local/lsws/docs/ScriptHandler_Help.html
/usr/local/lsws/docs/ServGeneral_Help.html
/usr/local/lsws/docs/ServLog_Help.html
/usr/local/lsws/docs/ServSecurity_Help.html
/usr/local/lsws/docs/ServTuning_Help.html
/usr/local/lsws/docs/ServerStat_Help.html
/usr/local/lsws/docs/Servlet_Context.html
/usr/local/lsws/docs/Static_Context.html
/usr/local/lsws/docs/Templates_Help.html
/usr/local/lsws/docs/VHGeneral_Help.html
/usr/local/lsws/docs/VHSSL_Help.html
/usr/local/lsws/docs/VHSecurity_Help.html
/usr/local/lsws/docs/VHWebSocket_Help.html
/usr/local/lsws/docs/VirtualHosts_Help.html
/usr/local/lsws/docs/admin.html
/usr/local/lsws/docs/config.html
/usr/local/lsws/docs/css
/usr/local/lsws/docs/css/hdoc.css
/usr/local/lsws/docs/img
/usr/local/lsws/docs/img/attention.svg
/usr/local/lsws/docs/img/info.svg
/usr/local/lsws/docs/img/lightning-bolt.svg
/usr/local/lsws/docs/img/lsws_logo.svg
/usr/local/lsws/docs/img/ols_logo.svg
/usr/local/lsws/docs/img/shield.svg
/usr/local/lsws/docs/img/web-adc_logo.svg
/usr/local/lsws/docs/index.html
/usr/local/lsws/docs/install.html
/usr/local/lsws/docs/intro.html
/usr/local/lsws/docs/ja-JP
/usr/local/lsws/docs/ja-JP/AdminGeneral_Help.html
/usr/local/lsws/docs/ja-JP/AdminListeners_General_Help.html
/usr/local/lsws/docs/ja-JP/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/ja-JP/AdminSecurity_Help.html
/usr/local/lsws/docs/ja-JP/App_Server_Context.html
/usr/local/lsws/docs/ja-JP/App_Server_Help.html
/usr/local/lsws/docs/ja-JP/CGI_Context.html
/usr/local/lsws/docs/ja-JP/CompilePHP_Help.html
/usr/local/lsws/docs/ja-JP/Context_Help.html
/usr/local/lsws/docs/ja-JP/ExtApp_Help.html
/usr/local/lsws/docs/ja-JP/External_FCGI.html
/usr/local/lsws/docs/ja-JP/External_FCGI_Auth.html
/usr/local/lsws/docs/ja-JP/External_LB.html
/usr/local/lsws/docs/ja-JP/External_LSAPI.html
/usr/local/lsws/docs/ja-JP/External_PL.html
/usr/local/lsws/docs/ja-JP/External_Servlet.html
/usr/local/lsws/docs/ja-JP/External_WS.html
/usr/local/lsws/docs/ja-JP/FCGI_Context.html
/usr/local/lsws/docs/ja-JP/Java_Web_App_Context.html
/usr/local/lsws/docs/ja-JP/LB_Context.html
/usr/local/lsws/docs/ja-JP/LSAPI_Context.html
/usr/local/lsws/docs/ja-JP/Listeners_General_Help.html
/usr/local/lsws/docs/ja-JP/Listeners_SSL_Help.html
/usr/local/lsws/docs/ja-JP/Module_Context.html
/usr/local/lsws/docs/ja-JP/Module_Help.html
/usr/local/lsws/docs/ja-JP/Proxy_Context.html
/usr/local/lsws/docs/ja-JP/Redirect_Context.html
/usr/local/lsws/docs/ja-JP/Rewrite_Help.html
/usr/local/lsws/docs/ja-JP/ScriptHandler_Help.html
/usr/local/lsws/docs/ja-JP/ServGeneral_Help.html
/usr/local/lsws/docs/ja-JP/ServLog_Help.html
/usr/local/lsws/docs/ja-JP/ServSecurity_Help.html
/usr/local/lsws/docs/ja-JP/ServTuning_Help.html
/usr/local/lsws/docs/ja-JP/ServerStat_Help.html
/usr/local/lsws/docs/ja-JP/Servlet_Context.html
/usr/local/lsws/docs/ja-JP/Static_Context.html
/usr/local/lsws/docs/ja-JP/Templates_Help.html
/usr/local/lsws/docs/ja-JP/VHGeneral_Help.html
/usr/local/lsws/docs/ja-JP/VHSSL_Help.html
/usr/local/lsws/docs/ja-JP/VHSecurity_Help.html
/usr/local/lsws/docs/ja-JP/VHWebSocket_Help.html
/usr/local/lsws/docs/ja-JP/VirtualHosts_Help.html
/usr/local/lsws/docs/ja-JP/admin.html
/usr/local/lsws/docs/ja-JP/config.html
/usr/local/lsws/docs/ja-JP/index.html
/usr/local/lsws/docs/ja-JP/install.html
/usr/local/lsws/docs/ja-JP/intro.html
/usr/local/lsws/docs/ja-JP/license.html
/usr/local/lsws/docs/ja-JP/security.html
/usr/local/lsws/docs/ja-JP/webconsole.html
/usr/local/lsws/docs/license.html
/usr/local/lsws/docs/security.html
/usr/local/lsws/docs/webconsole.html
/usr/local/lsws/docs/zh-CN
/usr/local/lsws/docs/zh-CN/AdminGeneral_Help.html
/usr/local/lsws/docs/zh-CN/AdminListeners_General_Help.html
/usr/local/lsws/docs/zh-CN/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/zh-CN/AdminSecurity_Help.html
/usr/local/lsws/docs/zh-CN/App_Server_Context.html
/usr/local/lsws/docs/zh-CN/App_Server_Help.html
/usr/local/lsws/docs/zh-CN/CGI_Context.html
/usr/local/lsws/docs/zh-CN/CompilePHP_Help.html
/usr/local/lsws/docs/zh-CN/Context_Help.html
/usr/local/lsws/docs/zh-CN/ExtApp_Help.html
/usr/local/lsws/docs/zh-CN/External_FCGI.html
/usr/local/lsws/docs/zh-CN/External_FCGI_Auth.html
/usr/local/lsws/docs/zh-CN/External_LB.html
/usr/local/lsws/docs/zh-CN/External_LSAPI.html
/usr/local/lsws/docs/zh-CN/External_PL.html
/usr/local/lsws/docs/zh-CN/External_Servlet.html
/usr/local/lsws/docs/zh-CN/External_WS.html
/usr/local/lsws/docs/zh-CN/FCGI_Context.html
/usr/local/lsws/docs/zh-CN/Java_Web_App_Context.html
/usr/local/lsws/docs/zh-CN/LB_Context.html
/usr/local/lsws/docs/zh-CN/LSAPI_Context.html
/usr/local/lsws/docs/zh-CN/Listeners_General_Help.html
/usr/local/lsws/docs/zh-CN/Listeners_SSL_Help.html
/usr/local/lsws/docs/zh-CN/Module_Context.html
/usr/local/lsws/docs/zh-CN/Module_Help.html
/usr/local/lsws/docs/zh-CN/Proxy_Context.html
/usr/local/lsws/docs/zh-CN/Redirect_Context.html
/usr/local/lsws/docs/zh-CN/Rewrite_Help.html
/usr/local/lsws/docs/zh-CN/ScriptHandler_Help.html
/usr/local/lsws/docs/zh-CN/ServGeneral_Help.html
/usr/local/lsws/docs/zh-CN/ServLog_Help.html
/usr/local/lsws/docs/zh-CN/ServSecurity_Help.html
/usr/local/lsws/docs/zh-CN/ServTuning_Help.html
/usr/local/lsws/docs/zh-CN/ServerStat_Help.html
/usr/local/lsws/docs/zh-CN/Servlet_Context.html
/usr/local/lsws/docs/zh-CN/Static_Context.html
/usr/local/lsws/docs/zh-CN/Templates_Help.html
/usr/local/lsws/docs/zh-CN/VHGeneral_Help.html
/usr/local/lsws/docs/zh-CN/VHSSL_Help.html
/usr/local/lsws/docs/zh-CN/VHSecurity_Help.html
/usr/local/lsws/docs/zh-CN/VHWebSocket_Help.html
/usr/local/lsws/docs/zh-CN/VirtualHosts_Help.html
/usr/local/lsws/docs/zh-CN/admin.html
/usr/local/lsws/docs/zh-CN/config.html
/usr/local/lsws/docs/zh-CN/index.html
/usr/local/lsws/docs/zh-CN/install.html
/usr/local/lsws/docs/zh-CN/intro.html
/usr/local/lsws/docs/zh-CN/license.html
/usr/local/lsws/docs/zh-CN/security.html
/usr/local/lsws/docs/zh-CN/webconsole.html
/usr/local/lsws/fcgi-bin
/usr/local/lsws/fcgi-bin/RackRunner.rb
/usr/local/lsws/fcgi-bin/lsnode.js
/usr/local/lsws/fcgi-bin/lsperld.fpl
/usr/local/lsws/fcgi-bin/lsphp
/usr/local/lsws/fcgi-bin/lsphp5
/usr/local/lsws/gdata
/usr/local/lsws/lib
/usr/local/lsws/logs
/usr/local/lsws/lsrecaptcha
/usr/local/lsws/lsrecaptcha/_recaptcha
/usr/local/lsws/lsrecaptcha/_recaptcha.shtml
/usr/local/lsws/modules
/usr/local/lsws/modules/mod_js.so
/usr/local/lsws/modules/mod_security.so
/usr/local/lsws/modules/modinspector.so
/usr/local/lsws/modules/modpagespeed.so
/usr/local/lsws/modules/modreqparser.so
/usr/local/lsws/modules/uploadprogress.so
/usr/local/lsws/php
/usr/local/lsws/phpbuild
/usr/local/lsws/share
/usr/local/lsws/share/autoindex
/usr/local/lsws/share/autoindex/bwlimit.html
/usr/local/lsws/share/autoindex/default.php
/usr/local/lsws/share/autoindex/icons
/usr/local/lsws/share/autoindex/icons/binary.png
/usr/local/lsws/share/autoindex/icons/blank.png
/usr/local/lsws/share/autoindex/icons/compress.png
/usr/local/lsws/share/autoindex/icons/folder.png
/usr/local/lsws/share/autoindex/icons/html.png
/usr/local/lsws/share/autoindex/icons/image.png
/usr/local/lsws/share/autoindex/icons/movie.png
/usr/local/lsws/share/autoindex/icons/sound.png
/usr/local/lsws/share/autoindex/icons/text.png
/usr/local/lsws/share/autoindex/icons/unknown.png
/usr/local/lsws/share/autoindex/icons/up.png
/usr/local/lsws/tmp
/usr/local/lsws/tmp/ocspcache
[root@lsws ~]#

服务控制命令

[root@lsws ~]# /usr/local/lsws/bin/lswsctrl
Usage: /usr/local/lsws/bin/lswsctrl {start|stop|restart|reload|condrestrt|try-restart|status|help}

start       - start web server
stop        - stop web server
restart     - gracefully restart web server with zero down time
reload      - same as restart
condrestart - gracefully restart web server if server is running
try-restart - same as condrestart
status      - show service status
help        - this screen

[root@lsws ~]#

查看端口监听

[root@lsws ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
[root@lsws ~]#

使用Web控制台

默认首页

默认Web管理控制台

3月 052020
 

Generic Routing Encapsulation 通用路由封装协议

主机列表

18.163.50.194/172.31.44.248
18.162.60.60/172.31.37.49

查找系统可用的内核模块

[centos@ip-172-31-44-248 ~]$ ls -alRUv /lib/modules/$(uname -r)/kernel |grep ip_gre
-rw-r--r--. 1 root root 9396 Nov 29 2018 ip_gre.ko.xz
[centos@ip-172-31-44-248 ~]$

加载ip_gre模块

[root@ip-172-31-44-248 ~]# modprobe ip_gre
[root@ip-172-31-44-248 ~]#

[root@ip-172-31-37-49 ~]# modprobe ip_gre
[root@ip-172-31-37-49 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.1
对端隧道地址192.168.192.2

[root@ip-172-31-44-248 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.2
PEER_OUTER_IPADDR=18.162.60.60
MY_INNER_IPADDR=192.168.192.1

启用tun0网卡

[root@ip-172-31-44-248 ~]# ifup tun0

查看接口信息

[root@ip-172-31-44-248 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:84:f5:b0:db:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.31.44.248/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2667sec preferred_lft 2667sec
    inet6 fe80::c84:f5ff:feb0:dbf6/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.162.60.60
    inet 192.168.192.1 peer 192.168.192.2/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-44-248 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.2
对端隧道地址192.168.192.1

[root@ip-172-31-37-49 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.1
PEER_OUTER_IPADDR=18.163.50.194
MY_INNER_IPADDR=192.168.192.2

启用tun0网卡

[root@ip-172-31-37-49 ~]# ifup tun0

查看接口信息

[root@ip-172-31-37-49 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:4a:2b:48:b8:aa brd ff:ff:ff:ff:ff:ff
    inet 172.31.37.49/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2692sec preferred_lft 2692sec
    inet6 fe80::c4a:2bff:fe48:b8aa/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.163.50.194
    inet 192.168.192.2 peer 192.168.192.1/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-37-49 ~]# 

分别使用对端IP地址进行ping测试

[root@ip-172-31-37-49 ~]# ping -c 4 192.168.192.1
PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data.
64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=0.297 ms
64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=0.283 ms
64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=0.237 ms
64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=0.268 ms

--- 192.168.192.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.237/0.271/0.297/0.025 ms
[root@ip-172-31-37-49 ~]#


[root@ip-172-31-44-248 ~]# ping -c 4 192.168.192.2
PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data.
64 bytes from 192.168.192.2: icmp_seq=1 ttl=64 time=0.249 ms
64 bytes from 192.168.192.2: icmp_seq=2 ttl=64 time=0.279 ms
64 bytes from 192.168.192.2: icmp_seq=3 ttl=64 time=0.196 ms
64 bytes from 192.168.192.2: icmp_seq=4 ttl=64 time=0.214 ms

--- 192.168.192.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.196/0.234/0.279/0.035 ms
[root@ip-172-31-44-248 ~]#
3月 022020
 

安装向导欢迎页面

选择要安装的组件

同意最终用户许可协议

重要声明

选择安装目录

准备安装

安装进行中

完成安装并启动服务器管理器

选择要连接的服务器并点击连接

首次连接设置管理员密码

提示管理员密码设置成功

关闭弹出的简单设置窗口

选择是否设置开启IPsec功能

在管理器主界面进入VPN Gate设置

选择启用VPN Gate中继服务并加入研究志愿者队伍

VPN Gate服务设置选项界面

请勿在禁止使用VPN通信技术的国家使用VPN Gate服务

在管理器主界面进入动态域名设置

查看或修改该服务器的动态域名

在管理器主界面查看当前的动态域名解析主机名

查看当前已连接客户端会话信息

2月 272020
 

主机列表

ansible 167.179.84.153 }Z5c,jM-?bQec#z-
server1 149.28.24.11 A7f{v#PAB8$!-K8q
server2 45.76.216.130 7]Mf%YKRFP[9H!*K
server3 108.160.137.54 _Rr3%[2rg,JJQpwQ

在ansible主机上配置hosts文件

[root@ansible ~]# vi /etc/hosts
149.28.24.11 server1
45.76.216.130 server2
108.160.137.54 server3

确认主机名及IP对应关系

[root@ansible ~]# ping -c 1 server1
PING server1 (149.28.24.11) 56(84) bytes of data.
64 bytes from server1 (149.28.24.11): icmp_seq=1 ttl=61 time=0.360 ms

--- server1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms
[root@ansible ~]# ping -c 1 server2
PING server2 (45.76.216.130) 56(84) bytes of data.
64 bytes from server2 (45.76.216.130): icmp_seq=1 ttl=57 time=0.933 ms

--- server2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.933/0.933/0.933/0.000 ms
[root@ansible ~]# ping -c 1 server3
PING server3 (108.160.137.54) 56(84) bytes of data.
64 bytes from server3 (108.160.137.54): icmp_seq=1 ttl=57 time=0.982 ms

--- server3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.982/0.982/0.982/0.000 ms
[root@ansible ~]#

解决首次登录远程系统的严格主机密钥检查交互(保存远程主机公钥)

[root@ansible ~]# ssh root@server1
The authenticity of host 'server1 (149.28.24.11)' can't be established.
ECDSA key fingerprint is SHA256:NUM9LGuAESXFeEyluk7GqoY3vC7rmLvzyf4Fr5p0tWs.
ECDSA key fingerprint is MD5:36:02:b3:0c:d0:33:db:a5:a5:68:21:4f:ce:87:01:aa.
Are you sure you want to continue connecting (yes/no)? ^C
[root@ansible ~]#

[root@ansible ~]# ls .ssh/
[root@ansible ~]#

修改本机ssh客户端配置文件

[root@ansible ~]# vi /etc/ssh/ssh_config
# StrictHostKeyChecking ask
StrictHostKeyChecking no

查看ansible版本信息

[root@ansible ~]# ansible --version
ansible 2.9.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[root@ansible ~]#

编辑ansible主机配置文件(注意server1密码的转义字符)

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root ansible_password=A7f{v\#PAB8$!-K8q
server2 ansible_user=root ansible_password=7]Mf%YKRFP[9H!*K
server3 ansible_user=root ansible_password=_Rr3%[2rg,JJQpwQ

连接测试

[root@ansible ~]# ansible servers -m ping
server2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@ansible ~]#

本地已保存的远程主机公钥信息

[root@ansible ~]# ls .ssh/
known_hosts
[root@ansible ~]# cat .ssh/known_hosts
server1,149.28.24.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCv/uWIj+5gWiri6BdEYw+QQYuE3wIfdW0FhgdCIY92UXf1P9rhRI9q5FQMQ1sJuKfzSihEsU2uwnQ8P45zE3Yc=
server2,45.76.216.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+LjHvPrUcao6A5zNJwPgjRUOQAtxPCzMoEUOl21jMKiTPpDe87feCz2S/k6bo0Paf3G9lKdJg5B+r9dCZMBOU=
server3,108.160.137.54 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+8jA1/3alAX2YtrLVUfJGvyCeCcpsJFG7WGwTgB5y4i0pBxPum0AYSw/G5ehaM8KPLCjEbCwUYS+XW83XYY10=
[root@ansible ~]#

创建密钥对

[root@ansible ~]# ssh-keygen -b 4096 -t rsa -C "harvey.mei@linuxcache.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):/root/.ssh/id_rsa_ansible
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_ansible.
Your public key has been saved in id_rsa_ansible.pub.
The key fingerprint is:
SHA256:Cv6UZ+/72ZTeeeuYP5ePrKmr7YhcZG6DVwwzXqXmLuU harvey.mei@linuxcache.com
The key's randomart image is:
+---[RSA 4096]----+
|            .    |
|           o     |
|        + +      |
|       . O       |
|    .   S =      |
|   . . B =     . |
|    . = X E   o .|
|     + B *   Bo=+|
|      + o+O==+B=O|
+----[SHA256]-----+
[root@ansible ~]#

查看公钥信息

[root@ansible ~]# cat .ssh/id_rsa_ansible.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

将公钥信息复制给一个变量

[root@ansible ~]# pubkey=`cat .ssh/id_rsa_ansible.pub`
[root@ansible ~]# echo $pubkey
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

使用Ansible的shell模块,对目的主机组执行公钥的导入操作

[root@ansible ~]# ansible servers -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh; echo -e ${pubkey} >> .ssh/authorized_keys"
server1 | CHANGED | rc=0 >>

server3 | CHANGED | rc=0 >>

server2 | CHANGED | rc=0 >>

[root@ansible ~]#

通过Ansible远程执行查看目的主机已导入的公钥信息

[root@ansible ~]# ansible servers -m shell -a "cat .ssh/authorized_keys"
server3 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
server1 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
server2 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

修改Ansible主机配置文件以启用私钥登录验证

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
server2 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
server3 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible

测试成功

[root@ansible ~]# ansible servers -m ping
server3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@ansible ~]#

在执行ansible命令时指定私钥参数

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root
server2 ansible_user=root
server3 ansible_user=root

测试成功

[root@ansible ~]# ansible servers --private-key=.ssh/id_rsa_ansible -m command -a hostname
server1 | CHANGED | rc=0 >>
server1
server2 | CHANGED | rc=0 >>
server2
server3 | CHANGED | rc=0 >>
server3
[root@ansible ~]#
2月 202020
 

禁用防火墙

[root@radius ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@radius ~]# systemctl stop firewalld
[root@radius ~]#

安装AMP环境

[root@radius ~]# yum install php php-pdo php-mysql php-gd php-pear httpd mariadb-server mariadb

创建数据库

MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on radius.* to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> set password for radius@localhost=password('radiuspassword');
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

设置系统及PHP时区

[root@radius ~]# cp /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime
cp: overwrite ‘/etc/localtime’? y
[root@radius ~]#
[root@radius ~]# vi /etc/php.ini
;date.timezone =
date.timezone = Asia/Hong_Kong

安装Free RADIUS及相关组件软件包

[root@radius html]# yum install freeradius freeradius-utils freeradius-mysql

查看FreeRADIUS安装包路径

[root@radius html]# rpm -lq freeradius
/etc/logrotate.d/radiusd
/etc/pam.d/radiusd
/etc/raddb
/etc/raddb/README.rst
/etc/raddb/certs
/etc/raddb/certs/Makefile
/etc/raddb/certs/README
/etc/raddb/certs/bootstrap
/etc/raddb/certs/ca.cnf
/etc/raddb/certs/client.cnf
/etc/raddb/certs/passwords.mk
/etc/raddb/certs/server.cnf
/etc/raddb/certs/xpextensions
/etc/raddb/clients.conf
/etc/raddb/dictionary
/etc/raddb/hints
/etc/raddb/huntgroups
/etc/raddb/mods-available
/etc/raddb/mods-available/README.rst
/etc/raddb/mods-available/always
/etc/raddb/mods-available/attr_filter
/etc/raddb/mods-available/cache
/etc/raddb/mods-available/cache_eap
/etc/raddb/mods-available/chap
/etc/raddb/mods-available/counter
/etc/raddb/mods-available/cui
/etc/raddb/mods-available/date
/etc/raddb/mods-available/detail
/etc/raddb/mods-available/detail.example.com
/etc/raddb/mods-available/detail.log
/etc/raddb/mods-available/dhcp
/etc/raddb/mods-available/dhcp_sqlippool
/etc/raddb/mods-available/digest
/etc/raddb/mods-available/dynamic_clients
/etc/raddb/mods-available/eap
/etc/raddb/mods-available/echo
/etc/raddb/mods-available/etc_group
/etc/raddb/mods-available/exec
/etc/raddb/mods-available/expiration
/etc/raddb/mods-available/expr
/etc/raddb/mods-available/files
/etc/raddb/mods-available/idn
/etc/raddb/mods-available/inner-eap
/etc/raddb/mods-available/ippool
/etc/raddb/mods-available/linelog
/etc/raddb/mods-available/logintime
/etc/raddb/mods-available/mac2ip
/etc/raddb/mods-available/mac2vlan
/etc/raddb/mods-available/mschap
/etc/raddb/mods-available/ntlm_auth
/etc/raddb/mods-available/opendirectory
/etc/raddb/mods-available/otp
/etc/raddb/mods-available/pam
/etc/raddb/mods-available/pap
/etc/raddb/mods-available/passwd
/etc/raddb/mods-available/preprocess
/etc/raddb/mods-available/python
/etc/raddb/mods-available/radutmp
/etc/raddb/mods-available/realm
/etc/raddb/mods-available/redis
/etc/raddb/mods-available/rediswho
/etc/raddb/mods-available/replicate
/etc/raddb/mods-available/rest
/etc/raddb/mods-available/smbpasswd
/etc/raddb/mods-available/smsotp
/etc/raddb/mods-available/soh
/etc/raddb/mods-available/sometimes
/etc/raddb/mods-available/sql
/etc/raddb/mods-available/sqlcounter
/etc/raddb/mods-available/sqlippool
/etc/raddb/mods-available/sradutmp
/etc/raddb/mods-available/unix
/etc/raddb/mods-available/unpack
/etc/raddb/mods-available/utf8
/etc/raddb/mods-available/wimax
/etc/raddb/mods-available/yubikey
/etc/raddb/mods-config
/etc/raddb/mods-config/README.rst
/etc/raddb/mods-config/attr_filter
/etc/raddb/mods-config/attr_filter/access_challenge
/etc/raddb/mods-config/attr_filter/access_reject
/etc/raddb/mods-config/attr_filter/accounting_response
/etc/raddb/mods-config/attr_filter/post-proxy
/etc/raddb/mods-config/attr_filter/pre-proxy
/etc/raddb/mods-config/files
/etc/raddb/mods-config/files/accounting
/etc/raddb/mods-config/files/authorize
/etc/raddb/mods-config/files/pre-proxy
/etc/raddb/mods-config/preprocess
/etc/raddb/mods-config/preprocess/hints
/etc/raddb/mods-config/preprocess/huntgroups
/etc/raddb/mods-config/sql
/etc/raddb/mods-config/sql/counter
/etc/raddb/mods-config/sql/cui
/etc/raddb/mods-config/sql/ippool
/etc/raddb/mods-config/sql/ippool-dhcp
/etc/raddb/mods-config/sql/main
/etc/raddb/mods-enabled
/etc/raddb/mods-enabled/always
/etc/raddb/mods-enabled/attr_filter
/etc/raddb/mods-enabled/cache_eap
/etc/raddb/mods-enabled/chap
/etc/raddb/mods-enabled/date
/etc/raddb/mods-enabled/detail
/etc/raddb/mods-enabled/detail.log
/etc/raddb/mods-enabled/dhcp
/etc/raddb/mods-enabled/digest
/etc/raddb/mods-enabled/dynamic_clients
/etc/raddb/mods-enabled/eap
/etc/raddb/mods-enabled/echo
/etc/raddb/mods-enabled/exec
/etc/raddb/mods-enabled/expiration
/etc/raddb/mods-enabled/expr
/etc/raddb/mods-enabled/files
/etc/raddb/mods-enabled/linelog
/etc/raddb/mods-enabled/logintime
/etc/raddb/mods-enabled/mschap
/etc/raddb/mods-enabled/ntlm_auth
/etc/raddb/mods-enabled/pap
/etc/raddb/mods-enabled/passwd
/etc/raddb/mods-enabled/preprocess
/etc/raddb/mods-enabled/radutmp
/etc/raddb/mods-enabled/realm
/etc/raddb/mods-enabled/replicate
/etc/raddb/mods-enabled/soh
/etc/raddb/mods-enabled/sradutmp
/etc/raddb/mods-enabled/unix
/etc/raddb/mods-enabled/unpack
/etc/raddb/mods-enabled/utf8
/etc/raddb/panic.gdb
/etc/raddb/policy.d
/etc/raddb/policy.d/accounting
/etc/raddb/policy.d/canonicalization
/etc/raddb/policy.d/control
/etc/raddb/policy.d/cui
/etc/raddb/policy.d/debug
/etc/raddb/policy.d/dhcp
/etc/raddb/policy.d/eap
/etc/raddb/policy.d/filter
/etc/raddb/policy.d/operator-name
/etc/raddb/proxy.conf
/etc/raddb/radiusd.conf
/etc/raddb/sites-available
/etc/raddb/sites-available/README
/etc/raddb/sites-available/buffered-sql
/etc/raddb/sites-available/challenge
/etc/raddb/sites-available/channel_bindings
/etc/raddb/sites-available/check-eap-tls
/etc/raddb/sites-available/coa
/etc/raddb/sites-available/control-socket
/etc/raddb/sites-available/copy-acct-to-home-server
/etc/raddb/sites-available/decoupled-accounting
/etc/raddb/sites-available/default
/etc/raddb/sites-available/dhcp
/etc/raddb/sites-available/dhcp.relay
/etc/raddb/sites-available/dynamic-clients
/etc/raddb/sites-available/example
/etc/raddb/sites-available/inner-tunnel
/etc/raddb/sites-available/originate-coa
/etc/raddb/sites-available/proxy-inner-tunnel
/etc/raddb/sites-available/robust-proxy-accounting
/etc/raddb/sites-available/soh
/etc/raddb/sites-available/status
/etc/raddb/sites-available/tls
/etc/raddb/sites-available/virtual.example.com
/etc/raddb/sites-available/vmps
/etc/raddb/sites-enabled
/etc/raddb/sites-enabled/default
/etc/raddb/sites-enabled/inner-tunnel
/etc/raddb/templates.conf
/etc/raddb/trigger.conf
/etc/raddb/users
/usr/lib/systemd/system/radiusd.service
/usr/lib/tmpfiles.d/radiusd.conf
/usr/lib64/freeradius
/usr/lib64/freeradius/libfreeradius-dhcp.so
/usr/lib64/freeradius/libfreeradius-eap.so
/usr/lib64/freeradius/libfreeradius-radius.so
/usr/lib64/freeradius/libfreeradius-server.so
/usr/lib64/freeradius/proto_dhcp.so
/usr/lib64/freeradius/proto_vmps.so
/usr/lib64/freeradius/rlm_always.so
/usr/lib64/freeradius/rlm_attr_filter.so
/usr/lib64/freeradius/rlm_cache.so
/usr/lib64/freeradius/rlm_cache_rbtree.so
/usr/lib64/freeradius/rlm_chap.so
/usr/lib64/freeradius/rlm_counter.so
/usr/lib64/freeradius/rlm_cram.so
/usr/lib64/freeradius/rlm_date.so
/usr/lib64/freeradius/rlm_detail.so
/usr/lib64/freeradius/rlm_dhcp.so
/usr/lib64/freeradius/rlm_digest.so
/usr/lib64/freeradius/rlm_dynamic_clients.so
/usr/lib64/freeradius/rlm_eap.so
/usr/lib64/freeradius/rlm_eap_fast.so
/usr/lib64/freeradius/rlm_eap_gtc.so
/usr/lib64/freeradius/rlm_eap_leap.so
/usr/lib64/freeradius/rlm_eap_md5.so
/usr/lib64/freeradius/rlm_eap_mschapv2.so
/usr/lib64/freeradius/rlm_eap_peap.so
/usr/lib64/freeradius/rlm_eap_pwd.so
/usr/lib64/freeradius/rlm_eap_sim.so
/usr/lib64/freeradius/rlm_eap_tls.so
/usr/lib64/freeradius/rlm_eap_tnc.so
/usr/lib64/freeradius/rlm_eap_ttls.so
/usr/lib64/freeradius/rlm_exec.so
/usr/lib64/freeradius/rlm_expiration.so
/usr/lib64/freeradius/rlm_expr.so
/usr/lib64/freeradius/rlm_files.so
/usr/lib64/freeradius/rlm_ippool.so
/usr/lib64/freeradius/rlm_linelog.so
/usr/lib64/freeradius/rlm_logintime.so
/usr/lib64/freeradius/rlm_mschap.so
/usr/lib64/freeradius/rlm_otp.so
/usr/lib64/freeradius/rlm_pam.so
/usr/lib64/freeradius/rlm_pap.so
/usr/lib64/freeradius/rlm_passwd.so
/usr/lib64/freeradius/rlm_preprocess.so
/usr/lib64/freeradius/rlm_radutmp.so
/usr/lib64/freeradius/rlm_realm.so
/usr/lib64/freeradius/rlm_replicate.so
/usr/lib64/freeradius/rlm_soh.so
/usr/lib64/freeradius/rlm_sometimes.so
/usr/lib64/freeradius/rlm_sql.so
/usr/lib64/freeradius/rlm_sql_null.so
/usr/lib64/freeradius/rlm_sqlcounter.so
/usr/lib64/freeradius/rlm_sqlippool.so
/usr/lib64/freeradius/rlm_unix.so
/usr/lib64/freeradius/rlm_unpack.so
/usr/lib64/freeradius/rlm_utf8.so
/usr/lib64/freeradius/rlm_wimax.so
/usr/lib64/freeradius/rlm_yubikey.so
/usr/sbin/checkrad
/usr/sbin/raddebug
/usr/sbin/radiusd
/usr/sbin/radmin
/usr/share/doc/freeradius-3.0.13/LICENSE.gpl
/usr/share/doc/freeradius-3.0.13/LICENSE.lgpl
/usr/share/doc/freeradius-3.0.13/LICENSE.openssl
/usr/share/doc/freeradius-3.0.13/REDHAT
/usr/share/freeradius
/usr/share/freeradius/dictionary
/usr/share/freeradius/dictionary.3com
/usr/share/freeradius/dictionary.3gpp
/usr/share/freeradius/dictionary.3gpp2
/usr/share/freeradius/dictionary.acc
/usr/share/freeradius/dictionary.acme
/usr/share/freeradius/dictionary.actelis
/usr/share/freeradius/dictionary.adtran
/usr/share/freeradius/dictionary.aerohive
/usr/share/freeradius/dictionary.airespace
/usr/share/freeradius/dictionary.alcatel
/usr/share/freeradius/dictionary.alcatel-lucent.aaa
/usr/share/freeradius/dictionary.alcatel.esam
/usr/share/freeradius/dictionary.alcatel.sr
/usr/share/freeradius/dictionary.alteon
/usr/share/freeradius/dictionary.altiga
/usr/share/freeradius/dictionary.alvarion
/usr/share/freeradius/dictionary.alvarion.wimax.v2_2
/usr/share/freeradius/dictionary.apc
/usr/share/freeradius/dictionary.aptilo
/usr/share/freeradius/dictionary.aptis
/usr/share/freeradius/dictionary.arbor
/usr/share/freeradius/dictionary.arista
/usr/share/freeradius/dictionary.aruba
/usr/share/freeradius/dictionary.ascend
/usr/share/freeradius/dictionary.ascend.illegal
/usr/share/freeradius/dictionary.asn
/usr/share/freeradius/dictionary.audiocodes
/usr/share/freeradius/dictionary.avaya
/usr/share/freeradius/dictionary.azaire
/usr/share/freeradius/dictionary.bay
/usr/share/freeradius/dictionary.bintec
/usr/share/freeradius/dictionary.bluecoat
/usr/share/freeradius/dictionary.boingo
/usr/share/freeradius/dictionary.bristol
/usr/share/freeradius/dictionary.broadsoft
/usr/share/freeradius/dictionary.brocade
/usr/share/freeradius/dictionary.bskyb
/usr/share/freeradius/dictionary.bt
/usr/share/freeradius/dictionary.cablelabs
/usr/share/freeradius/dictionary.cabletron
/usr/share/freeradius/dictionary.camiant
/usr/share/freeradius/dictionary.checkpoint
/usr/share/freeradius/dictionary.chillispot
/usr/share/freeradius/dictionary.cisco
/usr/share/freeradius/dictionary.cisco.asa
/usr/share/freeradius/dictionary.cisco.bbsm
/usr/share/freeradius/dictionary.cisco.vpn3000
/usr/share/freeradius/dictionary.cisco.vpn5000
/usr/share/freeradius/dictionary.citrix
/usr/share/freeradius/dictionary.clavister
/usr/share/freeradius/dictionary.cnergee
/usr/share/freeradius/dictionary.colubris
/usr/share/freeradius/dictionary.columbia_university
/usr/share/freeradius/dictionary.compat
/usr/share/freeradius/dictionary.compatible
/usr/share/freeradius/dictionary.cosine
/usr/share/freeradius/dictionary.dante
/usr/share/freeradius/dictionary.dhcp
/usr/share/freeradius/dictionary.digium
/usr/share/freeradius/dictionary.dlink
/usr/share/freeradius/dictionary.dragonwave
/usr/share/freeradius/dictionary.efficientip
/usr/share/freeradius/dictionary.eltex
/usr/share/freeradius/dictionary.epygi
/usr/share/freeradius/dictionary.equallogic
/usr/share/freeradius/dictionary.ericsson
/usr/share/freeradius/dictionary.ericsson.ab
/usr/share/freeradius/dictionary.ericsson.packet.core.networks
/usr/share/freeradius/dictionary.erx
/usr/share/freeradius/dictionary.extreme
/usr/share/freeradius/dictionary.f5
/usr/share/freeradius/dictionary.fdxtended
/usr/share/freeradius/dictionary.fortinet
/usr/share/freeradius/dictionary.foundry
/usr/share/freeradius/dictionary.freedhcp
/usr/share/freeradius/dictionary.freeradius
/usr/share/freeradius/dictionary.freeradius.internal
/usr/share/freeradius/dictionary.freeswitch
/usr/share/freeradius/dictionary.gandalf
/usr/share/freeradius/dictionary.garderos
/usr/share/freeradius/dictionary.gemtek
/usr/share/freeradius/dictionary.h3c
/usr/share/freeradius/dictionary.hillstone
/usr/share/freeradius/dictionary.hp
/usr/share/freeradius/dictionary.huawei
/usr/share/freeradius/dictionary.iana
/usr/share/freeradius/dictionary.iea
/usr/share/freeradius/dictionary.infoblox
/usr/share/freeradius/dictionary.infonet
/usr/share/freeradius/dictionary.ipunplugged
/usr/share/freeradius/dictionary.issanni
/usr/share/freeradius/dictionary.itk
/usr/share/freeradius/dictionary.juniper
/usr/share/freeradius/dictionary.karlnet
/usr/share/freeradius/dictionary.kineto
/usr/share/freeradius/dictionary.lancom
/usr/share/freeradius/dictionary.lantronix
/usr/share/freeradius/dictionary.livingston
/usr/share/freeradius/dictionary.localweb
/usr/share/freeradius/dictionary.lucent
/usr/share/freeradius/dictionary.manzara
/usr/share/freeradius/dictionary.meinberg
/usr/share/freeradius/dictionary.meraki
/usr/share/freeradius/dictionary.merit
/usr/share/freeradius/dictionary.meru
/usr/share/freeradius/dictionary.microsemi
/usr/share/freeradius/dictionary.microsoft
/usr/share/freeradius/dictionary.mikrotik
/usr/share/freeradius/dictionary.motorola
/usr/share/freeradius/dictionary.motorola.illegal
/usr/share/freeradius/dictionary.motorola.wimax
/usr/share/freeradius/dictionary.navini
/usr/share/freeradius/dictionary.netscreen
/usr/share/freeradius/dictionary.networkphysics
/usr/share/freeradius/dictionary.nexans
/usr/share/freeradius/dictionary.nokia
/usr/share/freeradius/dictionary.nokia.conflict
/usr/share/freeradius/dictionary.nomadix
/usr/share/freeradius/dictionary.nortel
/usr/share/freeradius/dictionary.ntua
/usr/share/freeradius/dictionary.openser
/usr/share/freeradius/dictionary.packeteer
/usr/share/freeradius/dictionary.paloalto
/usr/share/freeradius/dictionary.patton
/usr/share/freeradius/dictionary.perle
/usr/share/freeradius/dictionary.propel
/usr/share/freeradius/dictionary.prosoft
/usr/share/freeradius/dictionary.proxim
/usr/share/freeradius/dictionary.purewave
/usr/share/freeradius/dictionary.quiconnect
/usr/share/freeradius/dictionary.quintum
/usr/share/freeradius/dictionary.redcreek
/usr/share/freeradius/dictionary.rfc2865
/usr/share/freeradius/dictionary.rfc2866
/usr/share/freeradius/dictionary.rfc2867
/usr/share/freeradius/dictionary.rfc2868
/usr/share/freeradius/dictionary.rfc2869
/usr/share/freeradius/dictionary.rfc3162
/usr/share/freeradius/dictionary.rfc3576
/usr/share/freeradius/dictionary.rfc3580
/usr/share/freeradius/dictionary.rfc4072
/usr/share/freeradius/dictionary.rfc4372
/usr/share/freeradius/dictionary.rfc4603
/usr/share/freeradius/dictionary.rfc4675
/usr/share/freeradius/dictionary.rfc4679
/usr/share/freeradius/dictionary.rfc4818
/usr/share/freeradius/dictionary.rfc4849
/usr/share/freeradius/dictionary.rfc5090
/usr/share/freeradius/dictionary.rfc5176
/usr/share/freeradius/dictionary.rfc5447
/usr/share/freeradius/dictionary.rfc5580
/usr/share/freeradius/dictionary.rfc5607
/usr/share/freeradius/dictionary.rfc5904
/usr/share/freeradius/dictionary.rfc6519
/usr/share/freeradius/dictionary.rfc6572
/usr/share/freeradius/dictionary.rfc6677
/usr/share/freeradius/dictionary.rfc6911
/usr/share/freeradius/dictionary.rfc6929
/usr/share/freeradius/dictionary.rfc6930
/usr/share/freeradius/dictionary.rfc7055
/usr/share/freeradius/dictionary.rfc7155
/usr/share/freeradius/dictionary.rfc7268
/usr/share/freeradius/dictionary.rfc7499
/usr/share/freeradius/dictionary.rfc7930
/usr/share/freeradius/dictionary.riverbed
/usr/share/freeradius/dictionary.riverstone
/usr/share/freeradius/dictionary.roaringpenguin
/usr/share/freeradius/dictionary.ruckus
/usr/share/freeradius/dictionary.ruggedcom
/usr/share/freeradius/dictionary.sangoma
/usr/share/freeradius/dictionary.sg
/usr/share/freeradius/dictionary.shasta
/usr/share/freeradius/dictionary.shiva
/usr/share/freeradius/dictionary.siemens
/usr/share/freeradius/dictionary.slipstream
/usr/share/freeradius/dictionary.sofaware
/usr/share/freeradius/dictionary.sonicwall
/usr/share/freeradius/dictionary.springtide
/usr/share/freeradius/dictionary.starent
/usr/share/freeradius/dictionary.starent.vsa1
/usr/share/freeradius/dictionary.surfnet
/usr/share/freeradius/dictionary.symbol
/usr/share/freeradius/dictionary.t_systems_nova
/usr/share/freeradius/dictionary.telebit
/usr/share/freeradius/dictionary.telkom
/usr/share/freeradius/dictionary.terena
/usr/share/freeradius/dictionary.trapeze
/usr/share/freeradius/dictionary.travelping
/usr/share/freeradius/dictionary.tropos
/usr/share/freeradius/dictionary.ukerna
/usr/share/freeradius/dictionary.unix
/usr/share/freeradius/dictionary.usr
/usr/share/freeradius/dictionary.usr.illegal
/usr/share/freeradius/dictionary.utstarcom
/usr/share/freeradius/dictionary.valemount
/usr/share/freeradius/dictionary.versanet
/usr/share/freeradius/dictionary.vqp
/usr/share/freeradius/dictionary.walabi
/usr/share/freeradius/dictionary.waverider
/usr/share/freeradius/dictionary.wichorus
/usr/share/freeradius/dictionary.wifialliance
/usr/share/freeradius/dictionary.wimax
/usr/share/freeradius/dictionary.wimax.alvarion
/usr/share/freeradius/dictionary.wimax.wichorus
/usr/share/freeradius/dictionary.wispr
/usr/share/freeradius/dictionary.xedia
/usr/share/freeradius/dictionary.xylan
/usr/share/freeradius/dictionary.yubico
/usr/share/freeradius/dictionary.zeus
/usr/share/freeradius/dictionary.zte
/usr/share/freeradius/dictionary.zyxel
/usr/share/man/man5/clients.conf.5.gz
/usr/share/man/man5/dictionary.5.gz
/usr/share/man/man5/radiusd.conf.5.gz
/usr/share/man/man5/radrelay.conf.5.gz
/usr/share/man/man5/rlm_always.5.gz
/usr/share/man/man5/rlm_attr_filter.5.gz
/usr/share/man/man5/rlm_chap.5.gz
/usr/share/man/man5/rlm_counter.5.gz
/usr/share/man/man5/rlm_detail.5.gz
/usr/share/man/man5/rlm_digest.5.gz
/usr/share/man/man5/rlm_expr.5.gz
/usr/share/man/man5/rlm_files.5.gz
/usr/share/man/man5/rlm_idn.5.gz
/usr/share/man/man5/rlm_mschap.5.gz
/usr/share/man/man5/rlm_pap.5.gz
/usr/share/man/man5/rlm_passwd.5.gz
/usr/share/man/man5/rlm_realm.5.gz
/usr/share/man/man5/rlm_sql.5.gz
/usr/share/man/man5/rlm_unix.5.gz
/usr/share/man/man5/unlang.5.gz
/usr/share/man/man5/users.5.gz
/usr/share/man/man8/raddebug.8.gz
/usr/share/man/man8/radiusd.8.gz
/usr/share/man/man8/radmin.8.gz
/usr/share/man/man8/radrelay.8.gz
/usr/share/snmp/mibs/FREERADIUS-MGMT-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-NOTIFICATION-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-PRODUCT-RADIUSD-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-SMI.mib
/usr/share/snmp/mibs/RADIUS-ACC-CLIENT-MIB.mib
/usr/share/snmp/mibs/RADIUS-ACC-SERVER-MIB.mib
/usr/share/snmp/mibs/RADIUS-AUTH-CLIENT-MIB.mib
/usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.mib
/usr/share/snmp/mibs/RADIUS-STAT-MIB.mib
/var/lib/radiusd
/var/log/radius
/var/log/radius/radacct
/var/log/radius/radius.log
/var/log/radius/radutmp
/var/run/radiusd
/var/run/radiusd/tmp
[root@radius html]#

查看FreeRADIUS工具包安装路径

[root@radius html]# rpm -lq freeradius-utils
/usr/bin/dhcpclient
/usr/bin/map_unit
/usr/bin/rad_counter
/usr/bin/radattr
/usr/bin/radclient
/usr/bin/radcrypt
/usr/bin/radeapclient
/usr/bin/radlast
/usr/bin/radsniff
/usr/bin/radsqlrelay
/usr/bin/radtest
/usr/bin/radwho
/usr/bin/radzap
/usr/bin/rlm_ippool_tool
/usr/bin/smbencrypt
/usr/share/man/man1/dhcpclient.1.gz
/usr/share/man/man1/rad_counter.1.gz
/usr/share/man/man1/radclient.1.gz
/usr/share/man/man1/radeapclient.1.gz
/usr/share/man/man1/radlast.1.gz
/usr/share/man/man1/radtest.1.gz
/usr/share/man/man1/radwho.1.gz
/usr/share/man/man1/radzap.1.gz
/usr/share/man/man1/smbencrypt.1.gz
/usr/share/man/man5/checkrad.5.gz
/usr/share/man/man8/radcrypt.8.gz
/usr/share/man/man8/radsniff.8.gz
/usr/share/man/man8/radsqlrelay.8.gz
/usr/share/man/man8/rlm_ippool_tool.8.gz
[root@radius html]#

查看FreeRADIUS MySQL数据库扩展包安装路

[root@radius html]# rpm -lq freeradius-mysql
/etc/raddb/mods-config/sql/counter/mysql
/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
/etc/raddb/mods-config/sql/cui/mysql
/etc/raddb/mods-config/sql/cui/mysql/queries.conf
/etc/raddb/mods-config/sql/cui/mysql/schema.sql
/etc/raddb/mods-config/sql/ippool-dhcp/mysql
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
/etc/raddb/mods-config/sql/ippool/mysql
/etc/raddb/mods-config/sql/ippool/mysql/queries.conf
/etc/raddb/mods-config/sql/ippool/mysql/schema.sql
/etc/raddb/mods-config/sql/main/mysql
/etc/raddb/mods-config/sql/main/mysql/extras
/etc/raddb/mods-config/sql/main/mysql/extras/wimax
/etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf
/etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql
/etc/raddb/mods-config/sql/main/mysql/queries.conf
/etc/raddb/mods-config/sql/main/mysql/schema.sql
/etc/raddb/mods-config/sql/main/mysql/setup.sql
/etc/raddb/mods-config/sql/main/ndb
/etc/raddb/mods-config/sql/main/ndb/README
/etc/raddb/mods-config/sql/main/ndb/schema.sql
/etc/raddb/mods-config/sql/main/ndb/setup.sql
/usr/lib64/freeradius/rlm_sql_mysql.so
[root@radius html]#

注册并启动服务

[root@radius ~]# systemctl enable radiusd
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
[root@radius ~]# systemctl start radiusd
[root@radius ~]#

查看端口监听(UDP1812/UDP1813)

[root@radius ~]# netstat -ltun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 127.0.0.1:323           0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 127.0.0.1:18120         0.0.0.0:*
udp        0      0 0.0.0.0:56569           0.0.0.0:*
udp        0      0 0.0.0.0:1812            0.0.0.0:*
udp        0      0 0.0.0.0:1813            0.0.0.0:*
udp6       0      0 ::1:323                 :::*
udp6       0      0 :::54657                :::*
udp6       0      0 :::1812                 :::*
udp6       0      0 :::1813                 :::*
[root@radius ~]#

导入数据库

[root@radius ~]# mysql -uroot -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password:
[root@radius ~]#

启用数据库模块

[root@radius ~]# cd /etc/raddb/mods-enabled/
[root@radius mods-enabled]# ln -s ../mods-available/sql sql
[root@radius mods-enabled]#

修改数据库连接配置文件

[root@radius mods-enabled]# vi sql

driver = "rlm_sql_null"
driver = "rlm_sql_mysql"

dialect = "sqlite"
dialect = "mysql"

#       server = "localhost"
#       port = 3306
#       login = "radius"
#       password = "radpass"

        server = "localhost"
        port = 3306
        login = "radius"
        password = "radiuspassword"

#       read_clients = yes
        read_clients = yes

修改数据库连接配置文件属组

[root@radius mods-enabled]# ll sql
lrwxrwxrwx 1 root root 21 Feb 20 05:58 sql -> ../mods-available/sql
[root@radius mods-enabled]# chgrp -h radiusd sql
[root@radius mods-enabled]# ll sql
lrwxrwxrwx 1 root radiusd 21 Feb 20 05:58 sql -> ../mods-available/sql
[root@radius mods-enabled]#

下载daloRADIUS安装包并解压缩

[root@radius ~]# wget https://github.com/lirantal/daloradius/archive/master.zip
[root@radius ~]# cp -R daloradius-master/ /var/www/html/daloradius

导入数据库

[root@radius ~]# cd /var/www/html/
[root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Enter password:
[root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/mysql-daloradius.sql
Enter password:
[root@radius html]#

修改目录及配置文件属性

[root@radius html]# chown -R apache.apache daloradius/
[root@radius html]# chmod 664 daloradius/library/daloradius.conf.php
[root@radius html]#

修改daloRADIUS配置文件

[root@radius html]# vi daloradius/library/daloradius.conf.php
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radiuspassword';
$configValues['CONFIG_DB_NAME'] = 'radius';

安装PEAR扩展

更新频道

[root@radius ~]# pear channel-update pear.php.net
Updating channel "pear.php.net"
Update of Channel "pear.php.net" succeeded
[root@radius ~]#

升级pear/PEAR版本

错误提示

[root@radius ~]# pear install DB
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"
pear/DB requires package "pear/PEAR" (version >= 1.10.0), installed version is 1.9.4
No valid packages found
install failed
[root@radius ~]#

升级操作

[root@radius ~]# pear install PEAR
WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus"
downloading PEAR-1.10.10.tgz ...
Starting to download PEAR-1.10.10.tgz (293,388 bytes)
.............................................................done: 293,388 bytes
downloading Archive_Tar-1.4.9.tgz ...
Starting to download Archive_Tar-1.4.9.tgz (21,343 bytes)
...done: 21,343 bytes
downloading Structures_Graph-1.1.1.tgz ...
Starting to download Structures_Graph-1.1.1.tgz (12,579 bytes)
...done: 12,579 bytes
downloading Console_Getopt-1.4.3.tgz ...
Starting to download Console_Getopt-1.4.3.tgz (5,789 bytes)
...done: 5,789 bytes
downloading XML_Util-1.4.3.tgz ...
Starting to download XML_Util-1.4.3.tgz (18,842 bytes)
...done: 18,842 bytes
install ok: channel://pear.php.net/Archive_Tar-1.4.9
install ok: channel://pear.php.net/Structures_Graph-1.1.1
install ok: channel://pear.php.net/Console_Getopt-1.4.3
install ok: channel://pear.php.net/XML_Util-1.4.3
install ok: channel://pear.php.net/PEAR-1.10.10
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
PEAR: To install optional features use "pear install pear/PEAR#featurename"
[root@radius ~]#

安装pear/DB扩展

[root@radius ~]# pear install DB
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"
downloading DB-1.9.3.tgz ...
Starting to download DB-1.9.3.tgz (132,290 bytes)
.............................done: 132,290 bytes
install ok: channel://pear.php.net/DB-1.9.3
[root@radius ~]#

安装pear/MDB2扩展

[root@radius ~]# pear install MDB2
downloading MDB2-2.4.1.tgz ...
Starting to download MDB2-2.4.1.tgz (121,557 bytes)
..........................done: 121,557 bytes
install ok: channel://pear.php.net/MDB2-2.4.1
MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2)
MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2)
MDB2: Optional feature mysql available (MySQL driver for MDB2)
MDB2: Optional feature mysqli available (MySQLi driver for MDB2)
MDB2: Optional feature mssql available (MS SQL Server driver for MDB2)
MDB2: Optional feature oci8 available (Oracle driver for MDB2)
MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2)
MDB2: Optional feature querysim available (Querysim driver for MDB2)
MDB2: Optional feature sqlite available (SQLite2 driver for MDB2)
MDB2: To install optional features use "pear install pear/MDB2#featurename"
[root@radius ~]#

重启服务

[root@radius ~]# systemctl restart radiusd

使用浏览器访问daloRADIUS控制台

2月 012020
 

自签根证书导入客户端计算机

正确的自签CA证书导入路径(证书-本地计算机-受信任的根证书颁发机构)

查看已导入的CA证书详情

错误的自签CA证书导入路径(证书-当前用户-受信任的根证书颁发机构)

证书导入位置错误时的连接错误提示:IKE身份验证凭证不可接受

拨号连接属性设置详情

常规选项卡

安全选项卡

网络选项卡

建立连接后的状态信息

2月 012020
 

安装EPEL仓库源

[root@host1 ~]# yum -y install epel-release

更新缓存并安装StrongSwan及net-tools工具

[root@host1 ~]# yum makecache
[root@host1 ~]# yum -y install strongswan net-tools

查看StrongSwan版本信息

[root@host1 ~]# yum info strongswan
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: repos-lax.psychz.net
 * epel: mirror.lax.genesisadaptive.com
 * extras: mirror.hostduplex.com
 * updates: repos-lax.psychz.net
Installed Packages
Name        : strongswan
Arch        : x86_64
Version     : 5.7.2
Release     : 1.el7
Size        : 4.0 M
Repo        : installed
From repo   : epel
Summary     : An OpenSource IPsec-based VPN and TNC solution
URL         : http://www.strongswan.org/
License     : GPLv2+
Description : The strongSwan IPsec implementation supports both the IKEv1 and
            : IKEv2 key exchange protocols in conjunction with the native NETKEY
            : IPsec stack of the Linux kernel.

[root@host1 ~]#

准备证书生成脚本

服务器证书脚本

[root@host1 ipsec.d]# cat server_key.sh
#!/bin/bash
if [ $1 ];      then
        CN=$1
        echo "generating keys for $CN ..."
else
        echo -e "usage:\n sh server_key.sh YOUR EXACT HOST NAME or SERVER IP\n Run this script in directory to store your keys"
        exit 1
fi

mkdir -p private && mkdir -p cacerts && mkdir -p certs

strongswan pki --gen --type rsa --size 4096 --outform pem > private/strongswanKey.pem
strongswan pki --self --ca --lifetime 3650 --in private/strongswanKey.pem --type rsa --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" --outform pem > cacerts/strongswanCert.pem
echo 'CA certs at cacerts/strongswanCert.pem'
strongswan pki --print --in cacerts/strongswanCert.pem

sleep 1
echo "generating server keys ..."
strongswan pki --gen --type rsa --size 2048 --outform pem > private/vpnHostKey.pem
strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
        strongswan pki --issue --lifetime 730 \
        --cacert cacerts/strongswanCert.pem \
        --cakey private/strongswanKey.pem \
        --dn "C=HK, O=LINUXCACHE.COM, CN=$CN" \
        --san $CN \
        --flag serverAuth --flag ikeIntermediate \
        --outform pem > certs/vpnHostCert.pem
echo "vpn server cert at certs/vpnHostCert.pem"
strongswan pki --print --in certs/vpnHostCert.pem
[root@host1 ipsec.d]#

客户端证书脚本

[root@host1 ipsec.d]# cat client_key.sh
#!/bin/bash
info="usage:\n sh client_key.sh USER_NAME EMAIL \n Run this script in directory to store your keys"

if [ $1 ];      then
        if [ $2 ]; then
                NAME=$1
                MAIL=$2
                echo "generating keys for $NAME $MAIL ..."
        else
                echo -e $info
                exit 1
        fi
else
        echo -e $info
        exit 1
fi

mkdir -p private && mkdir -p cacerts && mkdir -p certs

keyfile="private/"$NAME"Key.pem"

certfile="certs/"$NAME"Cert.pem"

p12file=$NAME".p12"

strongswan pki --gen --type rsa --size 2048 \
        --outform pem \
        > $keyfile

strongswan pki --pub --in $keyfile --type rsa | \
        strongswan pki --issue --lifetime 730 \
        --cacert cacerts/strongswanCert.pem \
        --cakey private/strongswanKey.pem \
        --dn "C=HK, O=LINUXCACHE.COM, CN=$MAIL" \
        --san $MAIL \
        --outform pem > $certfile

strongswan pki --print --in $certfile

echo "Enter password to protect p12 cert for $NAME"
openssl pkcs12 -export -inkey $keyfile \
        -in $certfile -name "$NAME's VPN Certificate" \
        -certfile cacerts/strongswanCert.pem \
        -caname "strongSwan Root CA" \
        -out $p12file

if [ $? -eq 0 ]; then
        echo "cert for $NAME at $p12file"
fi
[root@host1 ipsec.d]#

生成服务器证书

[root@host1 ipsec.d]# ./server_key.sh 144.202.116.133
generating keys for 144.202.116.133 ...
CA certs at cacerts/strongswanCert.pem
  subject:  "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133"
  issuer:   "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133"
  validity:  not before Feb 01 02:02:11 2020, ok
             not after  Jan 29 02:02:11 2030, ok (expires in 3650 days)
  serial:    1d:40:6a:e0:af:56:64:33
  flags:     CA CRLSign self-signed
  subjkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26
  pubkey:    RSA 4096 bits
  keyid:     7e:1e:66:62:f0:cc:d9:51:9e:ea:c0:97:37:d5:84:1c:b9:27:97:c2
  subjkey:   91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26
generating server keys ...
vpn server cert at certs/vpnHostCert.pem
  subject:  "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133"
  issuer:   "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133"
  validity:  not before Feb 01 02:02:13 2020, ok
             not after  Jan 31 02:02:13 2022, ok (expires in 730 days)
  serial:    1d:ff:d1:51:97:c9:46:72
  altNames:  144.202.116.133
  flags:     serverAuth ikeIntermediate
  authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26
  subjkeyId: c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe
  pubkey:    RSA 2048 bits
  keyid:     15:7d:c7:47:3e:07:7b:66:92:d0:2e:75:8e:78:0e:6b:72:8e:5e:b2
  subjkey:   c8:82:e7:43:45:cf:0d:f1:8a:8b:7c:cc:ea:72:f0:4f:18:d9:85:fe
[root@host1 ipsec.d]#

生成客户端证书并为密钥对设置密码

[root@host1 ipsec.d]# ./client_key.sh harveymei harvey.mei@msn.com
generating keys for harveymei harvey.mei@msn.com ...
  subject:  "C=HK, O=LINUXCACHE.COM, CN=harvey.mei@msn.com"
  issuer:   "C=HK, O=LINUXCACHE.COM, CN=144.202.116.133"
  validity:  not before Feb 01 02:03:46 2020, ok
             not after  Jan 31 02:03:46 2022, ok (expires in 730 days)
  serial:    60:f7:02:c5:33:21:3a:13
  altNames:  harvey.mei@msn.com
  flags:
  authkeyId: 91:38:53:8e:8e:85:aa:ec:db:75:1c:82:34:05:6c:7b:da:06:62:26
  subjkeyId: ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40
  pubkey:    RSA 2048 bits
  keyid:     1a:8d:12:09:54:a6:a6:d4:f9:d4:7a:6c:75:0a:85:6d:90:b6:0d:fe
  subjkey:   ee:08:46:4e:bc:b1:7e:37:b5:b8:71:f1:5d:72:43:7f:4e:42:9c:40
Enter password to protect p12 cert for harveymei
Enter Export Password:
Verifying - Enter Export Password:
cert for harveymei at harveymei.p12
[root@host1 ipsec.d]#

复制客户端需要用到的证书

修改配置文件

修改ipsec.conf配置文件

初始配置文件

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=HK, O=Linux strongSwan CN=peer name"
#      auto=start

修改为

config setup
    uniqueids=never
    charondebug="cfg 2, dmn 2, ike 2, net 0"

conn %default
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftcert=vpnHostCert.pem
    right=%any
    rightsourceip=172.16.1.100/16

conn CiscoIPSec
    keyexchange=ikev1
    fragmentation=yes
    rightauth=pubkey
    rightauth2=xauth
    leftsendcert=always
    rekey=no
    auto=add

conn XauthPsk
    keyexchange=ikev1
    leftauth=psk
    rightauth=psk
    rightauth2=xauth
    auto=add

conn IpsecIKEv2
    keyexchange=ikev2
    leftauth=pubkey
    rightauth=pubkey
    leftsendcert=always
    auto=add

conn IpsecIKEv2-EAP
    keyexchange=ikev2
    ike=aes256-sha1-modp1024!
    rekey=no
    leftauth=pubkey
    leftsendcert=always
    rightauth=eap-mschapv2
    eap_identity=%any
    auto=add

修改strongswan.conf配置文件

初始配置文件

# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files

charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
}

include strongswan.d/*.conf

修改为

charon {
    load_modular = yes
    duplicheck.enable = no
    compress = yes
    plugins {
            include strongswan.d/charon/*.conf
    }
    dns1 = 8.8.8.8
    dns2 = 8.8.4.4
    nbns1 = 8.8.8.8
    nbns2 = 8.8.4.4
}

include strongswan.d/*.conf

语法变化/错误的处理

Feb 01 02:41:00 host1 strongswan[4598]: /etc/strongswan/strongswan.conf:3: syntax error, unexpected ., expecting : or '{' or '=' [.]
charon {
    load_modular = yes
    duplicheck{
	enable = no
	}
    compress = yes
    plugins {
            include strongswan.d/charon/*.conf
    }
    dns1 = 8.8.8.8
    dns2 = 8.8.4.4
    nbns1 = 8.8.8.8
    nbns2 = 8.8.4.4
}

include strongswan.d/*.conf

修改ipsec.secrets配置文件(账号密码)

初始配置文件

# ipsec.secrets - strongSwan IPsec secrets file

修改为

# ipsec.secrets - strongSwan IPsec secrets file
: RSA vpnHostKey.pem
: PSK "PSK_KEY"
harveymei %any : EAP "harvey#pwd2020"
harveymei %any : XAUTH "harvey#pwd2020"

开启内核及防火墙包转发设置

内核

[root@host1 strongswan]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@host1 strongswan]# sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.eth0.accept_ra = 2
net.ipv4.ip_forward = 1
[root@host1 strongswan]#

防火墙

[root@host1 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

[root@host1 ~]# firewall-cmd --permanent --add-service=ipsec
success
[root@host1 ~]# firewall-cmd --permanent --add-port=4500/udp
success
[root@host1 ~]# firewall-cmd --permanent --add-masquerade
success
[root@host1 ~]# firewall-cmd --reload
success
[root@host1 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ipsec ssh
ports: 4500/udp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:

[root@host1 ~]#

启动服务

[root@host1 ~]# systemctl enable strongswan
Created symlink from /etc/systemd/system/multi-user.target.wants/strongswan.service to /usr/lib/systemd/system/strongswan.service.
[root@host1 ~]# systemctl start strongswan

查看端口监听

1月 312020
 

n2n两种节点类型的命令参数参考

[root@host1 ~]# /usr/local/n2n/sbin/supernode --help
Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu
Built on Jan 31 2020 06:48:19
Copyright 2007-19 - ntop.org and contributors

supernode <config file> (see supernode.conf)
or
supernode -l <lport> -c <path> [-v]

-l <lport> Set UDP main listen port to <lport>
-c <path> File containing the allowed communities.
-v Increase verbosity. Can be used multiple times.
-h This help message.

[root@host1 ~]#

 

[root@host1 ~]# /usr/local/n2n/sbin/edge --help
Welcome to n2n v.2.5.1.r244.46aaa86 for x86_64-unknown-linux-gnu
Built on Jan 31 2020 06:48:19
Copyright 2007-19 - ntop.org and contributors

edge <config file> (see edge.conf)
or
edge -d <tun device> -a [static:|dhcp:]<tun IP address> -c <community> [-k <encrypt key>]
[-s <netmask>] [-u <uid> -g <gid>][-f][-T <tos>][-m <MAC address>] -l <supernode host:port>
[-p <local port>] [-M <mtu>] [-D] [-r] [-E] [-v] [-i <reg_interval>] [-L <reg_ttl>] [-t <mgmt port>] [-A] [-h]

-d <tun device> | tun device name
-a <mode:address> | Set interface address. For DHCP use '-r -a dhcp:0.0.0.0'
-c <community> | n2n community name the edge belongs to.
-k <encrypt key> | Encryption key (ASCII) - also N2N_KEY=<encrypt key>.
-s <netmask> | Edge interface netmask in dotted decimal notation (255.255.255.0).
-l <supernode host:port> | Supernode IP:port
-i <reg_interval> | Registration interval, for NAT hole punching (default 20 seconds)
-L <reg_ttl> | TTL for registration packet when UDP NAT hole punching through supernode (default 0 for not set )
-p <local port> | Fixed local UDP port.
-u <UID> | User ID (numeric) to use when privileges are dropped.
-g <GID> | Group ID (numeric) to use when privileges are dropped.
-f | Do not fork and run as a daemon; rather run in foreground.
-m <MAC address> | Fix MAC address for the TAP interface (otherwise it may be random)
| eg. -m 01:02:03:04:05:06
-M <mtu> | Specify n2n MTU of edge interface (default 1290).
-D | Enable PMTU discovery. PMTU discovery can reduce fragmentation but
| causes connections stall when not properly supported.
-r | Enable packet forwarding through n2n community.
-E | Accept multicast MAC addresses (default=drop).
-S | Do not connect P2P. Always use the supernode.
-T <tos> | TOS for packets (e.g. 0x48 for SSH like priority)
-v | Make more verbose. Repeat as required.
-t <port> | Management UDP Port (for multiple edges on a machine).

Environment variables:
N2N_KEY | Encryption key (ASCII). Not with -k.
[root@host1 ~]#