wannat支持四元组分流, 升级rpm包, 支持openvpn接入.
This commit is contained in:
lijia
@@ -10,6 +10,7 @@ wannat_global:
|
||||
bifang_db_password: "bifang!@#"
|
||||
bifang_radius_db_name: "tsg-bifang"
|
||||
vpn_client_ip_cidr: "10.10.120.0/24"
|
||||
vpn_client_ip_mask: "10.10.120.0 255.255.255.0"
|
||||
vpn_server_ip_local: "10.10.120.1"
|
||||
vpn_client_ip_range: "10.10.120.2-254"
|
||||
sentry_upload_url: "https://sentry.mesalab.cn/api/3/minidump/?sentry_key=xxxxx"
|
||||
@@ -32,20 +33,19 @@ wannat_global:
|
||||
g_probe_retry_times: 5
|
||||
max_item_number: 10000
|
||||
lru_timeout: 60
|
||||
|
||||
pptp:
|
||||
mtu: 2000
|
||||
dns1: "8.8.8.8"
|
||||
dns2: "114.114.114.114"
|
||||
|
||||
openvpn:
|
||||
mtu: 1400
|
||||
mss: 1360
|
||||
|
||||
radius:
|
||||
shared_secret: "testing123"
|
||||
server_ip: "192.168.44.72"
|
||||
|
||||
rpm_files:
|
||||
natgw_rpm_file: "wannat_natgw-1.3.8.ed8832d-2.el7.x86_64.rpm"
|
||||
wire_graft_rpm_file: "libwire_graft-1.4.1.ec1bc7b-2.el7.x86_64.rpm"
|
||||
toroad_rpm_file: "toroad-1.2.5.ceffe93-2.el7.x86_64.rpm"
|
||||
natgw_rpm_file: "wannat_natgw-1.4.0.88cdbce-2.el7.x86_64.rpm"
|
||||
wire_graft_rpm_file: "libwire_graft-1.5.0.f3cadd2-2.el7.x86_64.rpm"
|
||||
toroad_rpm_file: "toroad-1.3.1.64c74cb-2.el7.x86_64.rpm"
|
||||
ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm"
|
||||
pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm"
|
||||
openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm"
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -65,6 +65,4 @@
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
state: started
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ while [ 1 ]; do
|
||||
# echo $PROCESS_NUM
|
||||
if [ $PROCESS_NUM -lt 1 ]
|
||||
then
|
||||
ip tuntap del dev tun_natgw mod tun
|
||||
./wannat_natgw &
|
||||
sleep 1
|
||||
ifconfig tun_natgw 192.168.1.254/24 up
|
||||
|
||||
@@ -23,7 +23,7 @@ ExecStartPost=/bin/sh -c "ip route add default via 100.64.1.253 table 1001"
|
||||
|
||||
ExecStartPost=/bin/sh -c "/opt/tsg/wannat/natgw/natgw_set_iptables_rule.sh {{wannat_global.natgw.ctrl_device_name}}"
|
||||
|
||||
TimeoutSec=300s
|
||||
TimeoutSec=1000s
|
||||
RestartSec=10s
|
||||
Restart=always
|
||||
LimitNOFILE=524288
|
||||
|
||||
@@ -81,8 +81,8 @@
|
||||
|
||||
- name: "template windows_client_example.ovpn to destination server"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/windows_client_example.ovpn"
|
||||
dest: "/etc/openvpn/client/windows_client_example.ovpn"
|
||||
src: "{{ role_path }}/templates/openvpn_client_example.ovpn"
|
||||
dest: "/etc/openvpn/client/openvpn_client_example.ovpn"
|
||||
tags: template
|
||||
|
||||
- name: "Template the openvpn server.conf config file"
|
||||
@@ -106,6 +106,8 @@
|
||||
- name: "enable openvpn service"
|
||||
systemd:
|
||||
name: openvpn-server
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
|
||||
|
||||
@@ -1,23 +1,15 @@
|
||||
client
|
||||
dev tun
|
||||
proto tcp
|
||||
;;;change remote ipaddress for your environment
|
||||
;;;change remote server ipaddress or port for your environment
|
||||
remote 192.168.1.1 1194
|
||||
resolv-retry infinite
|
||||
nobind
|
||||
;user nobody
|
||||
;group nobody
|
||||
persist-key
|
||||
persist-tun
|
||||
;;;ca ca.crt
|
||||
;;;cert client.crt
|
||||
;;;key client.key
|
||||
remote-cert-tls server
|
||||
;;;tls-auth ta.key 1
|
||||
;;;;cipher AES-256-CBC
|
||||
compress lz4-v2
|
||||
verb 3
|
||||
;mute 20
|
||||
auth-user-pass
|
||||
|
||||
<ca>
|
||||
@@ -41,4 +33,4 @@ ZQWWAx+/dIZ8n6MVz5MQceaKpC+x/EL9wUcSHEVF5xEa9wm9B7daewrIprERNLSq
|
||||
S0XRwXFrspwUIoL0KFm/HA25LjSYRU9OlKiCCP9JsxjhhW5ExcNAxVbI0HpZY5bV
|
||||
RmQ4krnQ3hYS
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
</ca>
|
||||
@@ -6,11 +6,11 @@ ca /etc/openvpn/server/ca.crt
|
||||
cert /etc/openvpn/server/server.crt
|
||||
key /etc/openvpn/server/server.key
|
||||
dh /etc/openvpn/server/dh.pem
|
||||
server 10.10.130.0 255.255.255.0
|
||||
server {{wannat_global.common.vpn_client_ip_mask}}
|
||||
ifconfig-pool-persist ipp.txt
|
||||
push "route 10.10.130.0 255.255.255.0"
|
||||
push "route {{wannat_global.common.vpn_client_ip_mask}}"
|
||||
push "redirect-gateway def1"
|
||||
push "remote-gateway 10.10.130.1"
|
||||
;;;push "remote-gateway 10.10.130.1"
|
||||
;client-to-client
|
||||
;duplicate-cn
|
||||
keepalive 10 120
|
||||
@@ -27,8 +27,8 @@ persist-tun
|
||||
status openvpn-status.log
|
||||
log /var/log/openvpn.log
|
||||
verb 9
|
||||
tun-mtu 1472
|
||||
mssfix 1400
|
||||
tun-mtu {{wannat_global.openvpn.mtu}}
|
||||
mssfix {{wannat_global.openvpn.mss}}
|
||||
|
||||
username-as-common-name
|
||||
client-cert-not-required #close cert, use username and password to radius for auth
|
||||
|
||||
Binary file not shown.
BIN
roles/toroad/files/rpm/toroad-1.3.1.64c74cb-2.el7.x86_64.rpm
Normal file
BIN
roles/toroad/files/rpm/toroad-1.3.1.64c74cb-2.el7.x86_64.rpm
Normal file
Binary file not shown.
@@ -25,17 +25,17 @@
|
||||
vars_files:
|
||||
- deploy_env/group_vars/all.yml
|
||||
|
||||
- hosts: pptpd
|
||||
roles:
|
||||
- pptpd
|
||||
vars_files:
|
||||
- deploy_env/group_vars/all.yml
|
||||
|
||||
- hosts: radius_server
|
||||
roles:
|
||||
- radius_server
|
||||
vars_files:
|
||||
- deploy_env/group_vars/all.yml
|
||||
|
||||
- hosts: openvpn
|
||||
roles:
|
||||
- openvpn
|
||||
vars_files:
|
||||
- deploy_env/group_vars/all.yml
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user