Install IBSng ( CentOS 5.

5 x64 ) for VPN

‫ابتدا هی بایست پکیجهای زیر روی سرور ًصب بشه‬

yum install postgresql-server
yum install postgresql-python
yum install php-gd
yum install php-mbstring
yum install php-pdo
yum install httpd
yum install php
yum install ppp
yum install kernel
yum install nano
yum install mod_python php httpd-manual system-config-httpd httpd webalizer
mud_perl perl-DBD-pg mod_ssl postgresql-libs apr-util dovecot

‫داًلىد کردى‬IBSng
wget http://voxel.dl.sourceforge.net/project/ibs/IBSng/IBSng-A1.24/IBSng-
A1.24.tar.bz2

extract ‫کردى آى‬

tar -xvjf IBSng-A1.24.tar.bz2 -C /usr/local

‫ ویرایش فایل‬pg_hba.conf
service postgresql start

nano /var/lib/pgsql/data/pg_hba.conf

‫اضافه کردن متن زیر در خط اول فایل‬

local IBSng ibs trust

Ctrl+x = save

service postgresql restart

‫ساخت یىزر و دیتا بیس‬

su - postgres
createuser ibs
createdb IBSng
createlang plpgsql IBSng
logout

‫ ًصب‬IBSng
service httpd start

/usr/local/IBSng/scripts/setup.py

1>2>2>1>enter pass admin>1>2>5>1>3>1>2>b>x

1 Install
2 Test DB Connection and Continue
2 Compile Configuration and Continue
1 Import Tables and Continue
Enter System password
 1 Copy ibs.conf to '/etc/httpd/conf.d'
2 Chown apache directories to 'apache'
5 Countinue
1 Copy Redhat init file to /etc/init.d
3
1
2 Set IBSng to start on reboot
b Back to main menu
x Exit

service httpd reload

service IBSng start
login to IBSng ip/IBSng/admin
user : system
pass : enter pass admin or setup

install pptpd
rpm -ivh http://acelnmp.googlecode.com/files/pptpd-1.3.4-
1.rhel5.1.x86_64.rpm

‫ًصب‬radiusclient
rpm –ivh
ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/e
l5/en/x86_64/dries/RPMS/radiusclient-0.3.2-0.2.el5.rf.x86_64.rpm

‫اگر ایي لیٌک از بیي رفته بىد هیتىًیي از ایي سایت لیٌک جدید فایل رو پیدا کٌید‬
http://rpm.pbone.net/index.php3/stat/4/idpl/12085792/dir/redhat_el_5/com/ra
diusclient-0.3.2-0.2.el5.rf.x86_64.rpm.html

‫حاال هیرسین به کاًفیگ فایل ها‬

nano /etc/radiusclient/dictionary.microsoft

‫هحتىای فایل هی بایست ایي باشه‬

VENDOR Microsoft 311
ATTRIBUTE MS-CHAP-Response 1 string
Microsoft
ATTRIBUTE MS-CHAP-Error 2 string
Microsoft
ATTRIBUTE MS-CHAP-CPW-1 3 string
Microsoft
ATTRIBUTE MS-CHAP-CPW-2 4 string
Microsoft
ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string
Microsoft
ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string
Microsoft
ATTRIBUTE MS-MPPE-Encryption-Policy 7 string
Microsoft
# This is referred to as both singular and plural in the RFC.
# Plural seems to make more sense.
ATTRIBUTE MS-MPPE-Encryption-Type 8 string
Microsoft
ATTRIBUTE MS-MPPE-Encryption-Types 8 string
Microsoft
ATTRIBUTE MS-RAS-Vendor 9 integer
Microsoft # content is Vendor-ID
ATTRIBUTE MS-CHAP-Domain 10 string
 Microsoft
ATTRIBUTE MS-CHAP-Challenge 11 string
Microsoft
ATTRIBUTE MS-CHAP-MPPE-Keys 12 string
Microsoft
ATTRIBUTE MS-BAP-Usage 13 integer
Microsoft
ATTRIBUTE MS-Link-Utilization-Threshold 14 integer
Microsoft # values are 1-100
ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer
Microsoft
ATTRIBUTE MS-MPPE-Send-Key 16 string
Microsoft
ATTRIBUTE MS-MPPE-Recv-Key 17 string
Microsoft
ATTRIBUTE MS-RAS-Version 18 string
Microsoft
ATTRIBUTE MS-Old-ARAP-Password 19 string
Microsoft
ATTRIBUTE MS-New-ARAP-Password 20 string
Microsoft
ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer
Microsoft

ATTRIBUTE MS-Filter 22 string

Microsoft
ATTRIBUTE MS-Acct-Auth-Type 23 integer
Microsoft
ATTRIBUTE MS-Acct-EAP-Type 24 integer
Microsoft

ATTRIBUTE MS-CHAP2-Response 25 string

Microsoft
ATTRIBUTE MS-CHAP2-Success 26 string
Microsoft
ATTRIBUTE MS-CHAP2-CPW 27 string
Microsoft

ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr

Microsoft
ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
Microsoft
ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr
Microsoft
ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr
Microsoft

#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft

#
# Integer Translations
#

# MS-BAP-Usage Values

VALUE MS-BAP-Usage Not-Allowed 0

VALUE MS-BAP-Usage Allowed 1
VALUE MS-BAP-Usage Required 2

# MS-ARAP-Password-Change-Reason Values
VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4

# MS-Acct-Auth-Type Values

VALUE MS-Acct-Auth-Type PAP 1

VALUE MS-Acct-Auth-Type CHAP 2
VALUE MS-Acct-Auth-Type MS-CHAP-1 3
VALUE MS-Acct-Auth-Type MS-CHAP-2 4
VALUE MS-Acct-Auth-Type EAP 5

# MS-Acct-EAP-Type Values

VALUE MS-Acct-EAP-Type MD5 4

VALUE MS-Acct-EAP-Type OTP 5
VALUE MS-Acct-EAP-Type Generic-Token-Card 6
VALUE MS-Acct-EAP-Type TLS 13

‫فایل های بعدی هن به هویي صىرت‬

nano /etc/radiusclient/radiusclient.conf

auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient/issue
authserver localhost:1812
acctserver localhost:1813
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login

dictionary ‫ویرایش فایل‬

nano /etc/radiusclient/dictionary

#
# Updated 97/06/13 to livingston-radius-2.01 [email protected]
#
# This file contains dictionary translations for parsing
# requests and generating responses. All transactions are
# composed of Attribute/Value Pairs. The value of each attribute
# is specified as one of 4 data types. Valid data types are:
#
# string - 0-253 octets
# ipaddr - 4 octets in network byte order
# integer - 32 bit value in big endian order (high byte first)
# date - 32 bit value in big endian order - seconds since
# 00:00:00 GMT, Jan. 1, 1970
#
# Enumerated values are stored in the user file with dictionary
# VALUE translations for easy administration.
#
# Example:
#
# ATTRIBUTE VALUE
# --------------- -----
# Framed-Protocol = PPP
# 7 = 1 (integer encoding)
#

#
# Following are the proper new names. Use these.
#
ATTRIBUTE User-Name 1 string
ATTRIBUTE Password 2 string
ATTRIBUTE CHAP-Password 3 string
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port-Id 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Protocol 7 integer
ATTRIBUTE Framed-IP-Address 8 ipaddr
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
ATTRIBUTE Framed-Routing 10 integer
ATTRIBUTE Filter-Id 11 string
ATTRIBUTE Framed-MTU 12 integer
ATTRIBUTE Framed-Compression 13 integer
ATTRIBUTE Login-IP-Host 14 ipaddr
ATTRIBUTE Login-Service 15 integer
ATTRIBUTE Login-TCP-Port 16 integer
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Callback-Number 19 string
ATTRIBUTE Callback-Id 20 string
ATTRIBUTE Framed-Route 22 string
ATTRIBUTE Framed-IPX-Network 23 ipaddr
ATTRIBUTE State 24 string
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Termination-Action 29 integer
ATTRIBUTE Called-Station-Id 30 string
ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Delay-Time 41 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
ATTRIBUTE Connect-Info 77 string

#
# Experimental Non Protocol Attributes used by Cistron-Radiusd
#
ATTRIBUTE Huntgroup-Name 221 string
ATTRIBUTE User-Category 1029 string
ATTRIBUTE Group-Name 1030 string
ATTRIBUTE Simultaneous-Use 1034 integer
ATTRIBUTE Strip-User-Name 1035 integer
ATTRIBUTE Fall-Through 1036 integer
ATTRIBUTE Add-Port-To-IP-Address 1037 integer
ATTRIBUTE Exec-Program 1038 string
ATTRIBUTE Exec-Program-Wait 1039 string
ATTRIBUTE Hint 1040 string

#
# Non-Protocol Attributes
# These attributes are used internally by the server
#
ATTRIBUTE Expiration 21 date
ATTRIBUTE Auth-Type 1000 integer
ATTRIBUTE Menu 1001 string
ATTRIBUTE Termination-Menu 1002 string
ATTRIBUTE Prefix 1003 string
ATTRIBUTE Suffix 1004 string
ATTRIBUTE Group 1005 string
ATTRIBUTE Crypt-Password 1006 string
ATTRIBUTE Connect-Rate 1007 integer

#
# Integer Translations
#

# User Types

VALUE Service-Type Login-User 1

VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7

# Framed Protocols

VALUE Framed-Protocol PPP 1

VALUE Framed-Protocol SLIP 2

# Framed Routing Values

VALUE Framed-Routing None 0

VALUE Framed-Routing Broadcast 1
VALUE Framed-Routing Listen 2
VALUE Framed-Routing Broadcast-Listen 3

# Framed Compression Types

VALUE Framed-Compression None 0

VALUE Framed-Compression Van-Jacobson-TCP-IP 1

# Login Services

VALUE Login-Service Telnet 0

VALUE Login-Service Rlogin 1
VALUE Login-Service TCP-Clear 2
VALUE Login-Service PortMaster 3

# Status Types

VALUE Acct-Status-Type Start 1

VALUE Acct-Status-Type Stop 2
VALUE Acct-Status-Type Accounting-On 7
VALUE Acct-Status-Type Accounting-Off 8

# Authentication Types

VALUE Acct-Authentic RADIUS 1

VALUE Acct-Authentic Local 2
VALUE Acct-Authentic PowerLink128 100

# Termination Options

VALUE Termination-Action Default 0

VALUE Termination-Action RADIUS-Request 1

# NAS Port Types, available in 3.3.1 and later

VALUE NAS-Port-Type Async 0

VALUE NAS-Port-Type Sync 1
VALUE NAS-Port-Type ISDN 2
VALUE NAS-Port-Type ISDN-V120 3
VALUE NAS-Port-Type ISDN-V110 4

# Acct Terminate Causes, available in 3.3.2 and later

VALUE Acct-Terminate-Cause User-Request 1

VALUE Acct-Terminate-Cause Lost-Carrier 2
VALUE Acct-Terminate-Cause Lost-Service 3
VALUE Acct-Terminate-Cause Idle-Timeout 4
VALUE Acct-Terminate-Cause Session-Timeout 5
VALUE Acct-Terminate-Cause Admin-Reset 6
VALUE Acct-Terminate-Cause Admin-Reboot 7
VALUE Acct-Terminate-Cause Port-Error 8
VALUE Acct-Terminate-Cause NAS-Error 9
VALUE Acct-Terminate-Cause NAS-Request 10
VALUE Acct-Terminate-Cause NAS-Reboot 11
VALUE Acct-Terminate-Cause Port-Unneeded 12
VALUE Acct-Terminate-Cause Port-Preempted 13
VALUE Acct-Terminate-Cause Port-Suspended 14
VALUE Acct-Terminate-Cause Service-Unavailable 15
VALUE Acct-Terminate-Cause Callback 16
VALUE Acct-Terminate-Cause User-Error 17
VALUE Acct-Terminate-Cause Host-Request 18

#
# Non-Protocol Integer Translations
#

VALUE Auth-Type Local 0

VALUE Auth-Type System 1
VALUE Auth-Type SecurID 2
VALUE Auth-Type Crypt-Local 3
VALUE Auth-Type Reject 4
#
# Cistron extensions
#
VALUE Auth-Type Pam 253
VALUE Auth-Type None 254

#
# Experimental Non-Protocol Integer Translations for Cistron-Radiusd
#
VALUE Fall-Through No 0
VALUE Fall-Through Yes 1
VALUE Add-Port-To-IP-Address No 0
VALUE Add-Port-To-IP-Address Yes 1

#
# Configuration Values
# uncomment these two lines to turn account expiration on
#

#VALUE Server-Config Password-Expiration 30

#VALUE Server-Config Password-Warning 5

INCLUDE /etc/radiusclient/dictionary.microsoft

sysctl.conf ‫ویرایش فایل‬

nano /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux

#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding

net.ipv4.ip_forward = 1

# Controls source route verification

# net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing

# net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

# kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
# kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes

# kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue

# kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes

# kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in pages

# kernel.shmall = 268435456

options.pptpd ‫ویرایش فایل‬

nano /etc/ppp/options.pptpd

lock
debug
name pptpd
proxyarp
nobsdcomp
nodeflate

#+mschap
#-chap
#-pap
+mschap-v2
require-mppe-128

ms-dns 4.2.2.4
plugin radius.so
lcp-echo-interval 20
lcp-echo-failure 6
nologfd

#mtu 1496
#nomppe-lower-mtu
#connect-delay 5000

pptpd.conf ‫ویرایش فایل‬

nano /etc/pptpd.conf

###########################################################################
####
# $Id: pptpd.conf,v 1.10 2006/09/04 23:30:57 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###########################################################################
####
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.0.1
remoteip 192.168.10.100-200
# TAG: debug
# Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam

# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#

# TAG: bcrelay <if>

# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: delegate
# Delegates the allocation of client IP addresses to pppd.
#
# Without this option, which is the default, pptpd manages the list
of
# IP addresses for clients and passes the next free address to pppd.
# With this option, pptpd does not pass an address, and so pppd may
use
# radius or chap-secrets to allocate an address.
#
#delegate

# TAG: connections
# Limits the number of client connections that may be accepted.
#
# If pptpd is allocating IP addresses (e.g. delegate is not
# used) then the number of connections is also limited by the
# remoteip option. The default is 100.
#connections 100

# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# These options are ignored if delegate option is set.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than the value of connections,
# it will start at the beginning of the list and go until it
# gets connections IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)

ip-up ‫ویرایش فایل‬

nano /etc/ppp/ip-up

#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-up.local instead

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

LOGDEVICE=$6
REALDEVICE=$1

[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] &&
/etc/sysconfig/network-scripts/ifup-post --realdevice ${REALDEVICE} ifcfg-
${LOGDEVICE}

/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}

[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"

exit 0
/sbin/ifconfig $1 mtu 1400
 ‫ ایي به کارتىى هیاد‬IBSng ‫ تعریف کٌید تى‬RAS ‫و اها ویرایش ایي فایل زهاًی که هی خىاى‬
…radius secret
nano /etc/radiusclient/servers

127.0.0.1 jalal3643667

‫ اجرا کردى چٌد تا دستىر‬....

sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/service iptables save

‫ ایي هن برای ایٌه که سرور ریستارت شد سرویس ها‬start ‫بشه‬

chkconfig pptpd on
chkconfig httpd on
chkconfig postgresql on
----------------
service postgresql restart
service pptpd restart
service httpd reload
service IBSng start

(‫ توام شد رفت به هویي راحتی‬GROUP ‫ بعد‬RAS ‫ یه شارژ تعریف هیکٌید یه‬IBS ‫توام بقیشن هیرید تى‬

‫حق کپی محفوظ است‬

www.Phpsupport.ir