首页
关于本博客
友情链接
推荐
linux/shell
Search
1
LEDE官方固件安装中文语言包的方法
11,083 阅读
2
LEDE固件踢出弱信号客户端,实现WiFi无缝漫游脚本
9,170 阅读
3
基于CloudFlare API的纯Shell动态DNS(DDNS)脚本
8,142 阅读
4
一次OpenVPN交叉编译笔记
6,651 阅读
5
利用iptables的string模块来屏蔽域名(关键词匹配)
6,101 阅读
study
OpenWrt/LEDE
网络技术
数通
HCNP/CCNP
linux
shell
CentOS
Ubuntu/Debian
php
Linux应用
C#
C/C++
虚拟化
IDC
杂项
MySQL
运维笔记
zabbix
seafile
openvpn
QEMU/KVM
windows
html
互联网应用
IP地址段汇总
登录
Search
标签搜索
nginx
openvpn
cloudflare
seafile
iptables
openwrt
openssl
SSH
linux
lede
letsencrypt
openvpn配置模板
ftp
nas
vsftpd
seafile服务器
Linux启动脚本
ddns
seafile网盘
CentOS
自渡
累计撰写
71
篇文章
累计收到
1
条评论
首页
栏目
study
OpenWrt/LEDE
网络技术
数通
HCNP/CCNP
linux
shell
CentOS
Ubuntu/Debian
php
Linux应用
C#
C/C++
虚拟化
IDC
杂项
MySQL
运维笔记
zabbix
seafile
openvpn
QEMU/KVM
windows
html
互联网应用
IP地址段汇总
页面
关于本博客
友情链接
推荐
linux/shell
搜索到
1
篇与
AnyConnect
的结果
2017-07-27
CentOS搭建Cisco Anyconnect服务器-----Ocserv编译过程整理
AnyConnect是思科公司的企业安全远程接入解决方案,受许多中小企业青睐。其手机客户端可从安卓市场或者苹果商店下载。编译环境 CentOS 6.9 X86安装编译依赖环境yum install gcc libtasn1-devel zlib zlib-devel trousers trousers-devel gmp-devel gmp xz texinfo libnl-devel tcp_wrappers-libs tcp_wrappers-devel tcp_wrappers dbus dbus-devel ncurses-devel pam-devel readline-devel bison bison-devel flex gcc wget编译安装autoconf和automakecd /usrwget ftp://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gztar -zxvf autoconf-2.69.tar.gzcd autoconf-2.69/./configure --prefix=/usr/local/autoconfmake && make installcp /usr/local/autoconf/bin/autoconf /usr/bin/autoconfcd /usrwget ftp://ftp.gnu.org/gnu/automake/automake-1.14.1.tar.gzcd automake-1.14.1./configure --prefix=/usr/local/automakemake && make installcp /usr/local/automake/bin/automake /usr/bin/automake安装nettlewget ftp://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gztar zxvf nettle-2.7.1.tar.gzcd nettle-2.7.1/./configure --prefix=/usr/local/nettlemake && make installecho '/usr/local/nettle/lib/' > /etc/ld.so.conf.d/nettle.confLdconfig安装gnutlswget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.9.tar.gztar xvf gnutls-3.3.9.tar.xzcd gnutls-3.3.9/export NETTLE_CFLAGS="-I/usr/local/nettle/include/"export NETTLE_LIBS="-L/usr/local/nettle/lib/ -lnettle"export HOGWEED_LIBS="-L/usr/local/nettle/lib/ -lhogweed"export HOGWEED_CFLAGS="-I/usr/local/nettle/include"./configure --prefix=/usr/local/gnutlsmake && make installln -s /usr/local/gnutls/bin/certtool /usr/bin/certtoolecho '/usr/local/gnutls/lib/' > /etc/ld.so.conf.d/gnutls.confLdconfig安装libnlyum install bison flex(可选)wget http://www.infradead.org/~tgr/libnl/files/libnl-3.2.24.tar.gztar -zxvf libnl-3.2.24.tar.gzcd libnl-3.2.24./configure --prefix=/usr/local/libnlmake && make installecho '/usr/local/libnl/lib/' > /etc/ld.so.conf.d/libnl.confLdconfig安装ocservcd /usrexport LIBNL3_CFLAGS="-I/usr/local/libnl/include/libnl3"export LIBNL3_LIBS="-L//usr/local/libnl/lib/ -lnl-3 -lnl-route-3"export LIBGNUTLS_LIBS="-L/usr/local/gnutls/lib/ -lgnutls"export LIBGNUTLS_CFLAGS="-I/usr/local/gnutls/include/"wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.9.0.1.tar.xztar xvf ocserv-0.9.0.1.tar.xzcd ocserv-0.9.0./configure --prefix=/usr/local/ocservmake && make installecho 'export PATH=$PATH://usr/local/ocserv/sbin/:/usr/local/ocserv/bin/' >> $HOME/.bashrcsource $HOME/.bashrc配置NATiptables -t nat -A POSTROUTING -s 192.168.12.0/255.255.255.0 -o eth0 -j MASQUERADEvi /etc/sysctl.conf net.ipv4.ip_forward=1 // 配置ip转发iptables -t nat -L // 查看防火墙NAT规则出错则编译安装protobuf及三个文件cd /usryum install glibc-headers gcc-c++wget no-check-certificatehttps://github.com/google/protobuf/releases/download/v2.6.1/protobuf-2.6.1.tar.gztar -zxvf protobuf-2.6.1.tar.gzcd protobuf-2.6.1./configuremake && make install用户名登录cp /usr/ocserv-0.9.0/src/ocpasswd /usr/bin/ocpasswdocpasswd -c /etc/ocserv/passwd (username) //username为用户名,可自定义配置文件auth = "plain[/etc/ocserv/passwd]"证书认证 //默认采用用户名密码认证,证书认证在文末auth = "certificate"ca-cert /etc/ocserv/ca-cert.pemmax-clients = 16max-same-clients = 2tcp-port = 10443 //端口号可自定义,不与常用端口冲突udp-port = 10443 //自定义端口号,自行选择协议,若选择TCP则注释掉UDP这行keepalive = 32400try-mtu-discovery = truecisco-client-compat = trueserver-cert = /etc/ocserv/server-cert.pemserver-key = /etc/ocserv/server-key.pemauth-timeout = 40pid-file = /var/run/ocserv.pidsocket-file = /var/run/ocserv-socketrun-as-user = nobodyrun-as-group = daemondevice = vpnsipv4-network = 192.168.12.0 //网段可自定义ipv4-netmask = 255.255.255.0route = 192.168.12.0/255.255.255.0 //若未配置国内外分流务必注释掉这行启动ocserv ocserv -c /etc/ocserv.conf //加-f则为调试模式 不加则后台运行 服务器证书 生成SSL证书mkdir /etc/ocserv/cd /etc/ocservCA私钥:certtool --generate-privkey --outfile ca-key.pemCA模板:cat << EOF > ca.tmplcn = "www.lonelyboy.org" //名称可自定义organization = "www.lonelyboy.org" //名称可自定义serial = 1expiration_days = 3650casigning_keycert_signing_keycrl_signing_keyEOFCA证书:certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pemServer私钥:certtool --generate-privkey --outfile server-key.pemServer证书模板:cat << EOF > server.tmplcn = "www.lonelyboy.org" //名称可自定义o = "www.lonelyboy.org" //名称可自定义expiration_days = 3650signing_keyencryption_keytls_www_serverEOFServer证书:certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem证书登录 //默认用户名密码认证,可自行选择是否使用证书认证用户私钥certtool --generate-privkey --outfile user-key.pem用户模板 //自定义cat << EOF > user.tmplcn = "XXX" //随机名可自定义unit = "XXX" //随机名可自定义expiration_days = 365signing_keytls_www_clientEOFuser证书certtool --generate-certificate --load-privkey user-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template user.tmpl --outfile user-cert.pem
2017年07月27日
4,325 阅读
0 评论
0 点赞