初心易得,始終難守

Category: Tech

  • Windows7 hosted AP configure

    Windows7 hosted AP configure

    addap.cmd

    netsh wlan set hostednetwork mode=allow ssid=”appstore” key=11111111

    delap.cmd

    netsh wlan set hostednetwork mode=disallow

    startap.cmd

    netsh wlan start hostednetwork

    stopap.cmd

    netsh wlan stop hostednetwork

    then,change the state of active internet connection to shared in the properties.

  • CentOS下安装Openvpn(含OpenVZ类VPS)

    前提:VPS已经打开tun/tap,装有iptables,openssl及openssl-devel,现在很多VPS尽量简化,编译器可能会需要安装gcc。

    1,下载LZO和OpenVPN。
    wget http://www.oberhumer.com/opensource/lzo … .04.tar.gz
    wget http://openvpn.net/release/openvpn-2.1_rc22.tar.gz

    2,安装,都使用默认路径,
    ./configure && make && make install
    即可。

    3,拷贝文件,初始化PKI。
    cp -r /root/src/openvpn-2.1_rc22/easy-rsa/ /etc/openvpn/
    cd /etc/openvpn/2.0/
    export D=`pwd`
    export KEY_CONFIG=$D/openssl.cnf
    export KEY_DIR=$D/keys
    export KEY_SIZE=1024
    export KEY_COUNTRY=US
    export KEY_PROVINCE=FL
    export KEY_CITY=CHUNGKING
    export KEY_ORG=”Sun”
    export KEY_EMAIL=”lynn302@gmail.com”
    . /vars

    4,创建CA。

    ./clean-all
    ./build-ca

    5,签发服务器证书和客户端证书。
    ./build-key-server server
    ./build-key client1

    6,生成Diffie Hellman。
    ./build-dh
    若不能执行,则 openssl dhparam -out ./keys/dh1024.pem 1024

    证书生成完毕,可以把keys目录打包下载到本地以供客户端使用,下面进行openvpn服务器配置,

    7,修改配置文件,如需使用代理连接,例如穿过中国移动CMWAP网关,配置文件中应使用tcp proto。
    mkdir /etc/openvpn/2.0/conf
    cd /etc/openvpn/2.0/conf && vi server.conf
    ——
    port 1194
    proto udp
    dev tun
    ca /etc/openvpn/2.0/keys/ca.crt
    cert /etc/openvpn/2.0/keys/server.crt
    key /etc/openvpn/2.0/keys/server.key置
    dh /etc/openvpn/2.0/keys/dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push “redirect-gateway def1 bypass-dhcp”
    push “dhcp-option DNS 10.8.0.1”
    push “dhcp-option DNS 8.8.8.8”
    client-to-client
    keepalive 10 120
    comp-lzo
    user nobody
    group nobody
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    ——

    8,启动openvpn.
    /usr/local/sbin/openvpn –config /etc/openvpn/2.0/conf/server.conf

    9,设置iptables nat,下面的环节,独立主机和OpenVZ会有一些区别,但区别不大,下为独立主机例,OpenVZ需要把eth0替换成venet0。

    独立主机一般输入
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    即可,部分OpenVZ VPS需要执行
    iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT –to-source x.x.x.x
    其中x.x.x.x是VPS的IP地址。
    保存防火墙配置:
    /etc/init.d/iptables save
    /etc/init.d/iptables restart

    10,设置转发参数。
    检查当前参数:sysctl -a | grep forward
    对比下列参数,若有为0的项目,使用
    sysctl -w net.ipv4.ip_forward=1
    类似命令修改。
    ——
    net.ipv4.conf.tun0.mc_forwarding = 0
    net.ipv4.conf.tun0.forwarding = 1
    net.ipv4.conf.eth0.mc_forwarding = 0
    net.ipv4.conf.eth0.forwarding = 1
    net.ipv4.conf.virbr0.mc_forwarding = 0
    net.ipv4.conf.virbr0.forwarding = 1
    net.ipv4.conf.lo.mc_forwarding = 0
    net.ipv4.conf.lo.forwarding = 1
    net.ipv4.conf.default.mc_forwarding = 0
    net.ipv4.conf.default.forwarding = 1
    net.ipv4.conf.all.mc_forwarding = 0
    net.ipv4.conf.all.forwarding = 1
    net.ipv4.ip_forward = 1
    ——

    11,服务端设置已经完成,客户端配置文件如下,其中,x.x.x.x是服务器对外的服务IP地址,ca.crt,client1.crt,client1.key是之前在服务器上生成的服务器证书,客户端证书和客户端密钥。
    ——
    client
    dev tun
    proto udp
    remote x.x.x.x 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    comp-lzo
    verb 3
    redirect-gateway def1
    ——

  • pptp through Cisco ASA

    policy-map global_policy
    class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect dns
    inspect pptp