2015 年 3 月 – 第 2 页

FreeRADIUS与MySQL服务集成配置

3 月 172015

安装并测试

[root@localhost ~]# yum -y install freeradius freeradius-utils freeradius-mysql mysql-server

centos-6-freeradius-mysql-integration-01
[root@localhost ~]# rpm -lq freeradius-utils |grep radtest
/usr/bin/radtest
/usr/share/man/man1/radtest.1.gz
[root@localhost ~]#

centos-6-freeradius-mysql-integration-02
[root@localhost ~]# rpm -lq freeradius-mysql
/etc/raddb/sql/mysql
/etc/raddb/sql/mysql/admin.sql
/etc/raddb/sql/mysql/counter.conf
/etc/raddb/sql/mysql/cui.conf
/etc/raddb/sql/mysql/cui.sql
/etc/raddb/sql/mysql/dialup.conf
/etc/raddb/sql/mysql/ippool.conf
/etc/raddb/sql/mysql/ippool.sql
/etc/raddb/sql/mysql/nas.sql
/etc/raddb/sql/mysql/schema.sql
/etc/raddb/sql/mysql/wimax.conf
/etc/raddb/sql/mysql/wimax.sql
/etc/raddb/sql/ndb
/etc/raddb/sql/ndb/README
/etc/raddb/sql/ndb/admin.sql
/etc/raddb/sql/ndb/schema.sql
/usr/lib64/freeradius/rlm_sql_mysql-2.1.12.so
/usr/lib64/freeradius/rlm_sql_mysql.so
[root@localhost ~]#

编辑取消steve用户配置信息注释
[root@localhost ~]# cd /etc/raddb/
[root@localhost raddb]# vi users
启动debug模式
-X Turn on full debugging.
[root@localhost raddb]# radiusd -X

启动后最后6行屏幕输出
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

新建终端会话窗口并执行登录操作
[root@localhost ~]# radtest steve testing localhost 1812 testing123
Sending Access-Request of id 173 to 127.0.0.1 port 1812
User-Name = “steve”
User-Password = “testing”
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=173, length=71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = “std.ppp”
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
[root@localhost ~]#

centos-6-freeradius-mysql-integration-05 服务器debug输出最后一部分，Ctrl-C退出

配置成功恢复注释
配置数据库
[root@localhost raddb]# service mysqld start

[root@localhost raddb]# mysql -u root -p
mysql> create database radius;
Query OK, 1 row affected (0.00 sec)

mysql> exit
Bye

导入表结构
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/schema.sql
Enter password:
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/nas.sql
Enter password:
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/ippool.sql
Enter password:
[root@localhost raddb]#

查看导入的表

centos-6-freeradius-mysql-integration-06

授权，
mysql> grant select on radius.* to radius@localhost identified by ‘radpass’;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on radius.radacct to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on radius.radpostauth to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> select * from radgroupreply;
Empty set (0.00 sec)

注意此处用户名密码为/etc/raddb/sql.conf中默认配置
# Connection info:
server = “localhost”
#port = 3306
login = “radius”
password = “radpass”

向表内插入数据

插入组信息
mysql> insert into radgroupreply(groupname,attribute,op,value) values (‘user’,’Auth-Type’,’:=’,’Local’);
Query OK, 1 row affected (0.00 sec)

查看插入的数据

centos-6-freeradius-mysql-integration-07
mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Service-Type’,’=’,’Framed-User’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Framed-IP-Netmask’,’=’,’255.255.255.254′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Framed-IP-Netmask’,’:=’,’255.255.255.0′);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据

centos-6-freeradius-mysql-integration-08

插入用户信息

mysql> select * from radcheck;
Empty set (0.00 sec)

mysql> insert into radcheck (UserName,Attribute,Value) values (‘user1′,’Password’,’passwd1′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radcheck (UserName,Attribute,Value) values (‘user2′,’Password’,’passwd2′);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据

将用户加入组
mysql> select * from radusergroup;
Empty set (0.00 sec)

mysql> insert into radusergroup (username,groupname) values (‘user1′,’user’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radusergroup (username,groupname) values (‘user2′,’user’);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据
修改配置文件并连接数据库

取消注释
[root@localhost raddb]# vi radiusd.conf
$INCLUDE sql.conf
取消注释
[root@localhost raddb]# vi sql.conf
readclients = yes

增加注释，取消sql注释
[root@localhost raddb]# vi sites-enabled/default

3图

增加注释，取消注释2处
[root@localhost raddb]# vi sites-enabled/inner-tunnel

修改1处
[root@localhost raddb]# vi eap.conf

修改1处
[root@localhost raddb]# vi proxy.conf

启动debug模式确认启动状态
[root@localhost raddb]# radiusd -X

Linux screen远程会话程序安装与使用

未分类 No Responses »

3 月 172015

安装
 [root@localhost ~]# yum -y install screen

描述

linux-screen-usage-01

启动screen并运行top命令

 [root@localhost ~]# screen

linux-screen-usage-02

退出并保持当前screen会话
Ctrl+a+d

查看

[root@localhost ~]# screen -ls
 There is a screen on:
 16688.pts-4.localhost (Detached)
 1 Socket in /var/run/screen/S-root.

[root@localhost ~]#

激活screen会话
[root@localhost ~]# screen -r 16688

linux-screen-usage-03
打开多个screen会话窗口并在窗口间切换

Ctrl a c创建一个新窗口并运行vi编辑器

linux-screen-usage-04

Ctrl a c创建一个新窗口并运行htop

linux-screen-usage-05

使用Ctrl-a p上翻窗口
使用Ctrl-a n下翻窗口
使用Ctrl-a Ctrl-a在两个窗口间切换
使用窗口编号快速切换窗口
Ctrl-a 0-9

Ctrl-a c创建一个新窗口并使用Ctrl-a k杀掉当前窗口

linux-screen-usage-06
异常关闭的SSH连接及screen会话窗口的恢复

linux-screen-usage-07

-D (-r) Detach and logout remote (and reattach here).

linux-screen-usage-08

杀掉无法正常切换的screen会话进程

[root@localhost ~]# screen -ls
 There is a screen on:
 16521.pts-0.localhost (Attached)
 1 Socket in /var/run/screen/S-root.

[root@localhost ~]# ps 16521
 PID TTY STAT TIME COMMAND
 16521 ? Ss 0:00 SCREEN
 [root@localhost ~]# kill -9 16521
 [root@localhost ~]# screen -ls
 There is a screen on:
 16521.pts-0.localhost (Dead ???)
 Remove dead screens with 'screen -wipe'.
 1 Socket in /var/run/screen/S-root.

[root@localhost ~]#

清除已杀死的screen会话进程

[root@localhost ~]# screen -wipe
 There is a screen on:
 16521.pts-0.localhost (Removed)
 1 socket wiped out.
 No Sockets found in /var/run/screen/S-root.

[root@localhost ~]# screen -ls
 No Sockets found in /var/run/screen/S-root.

[root@localhost ~]#

远程演示
screen -x
screen -x lesson1
screen -S lesson1

会话锁定和解锁屏幕无显示但会接受键盘操作
锁定 Ctrl-a s 解锁Ctrl-a q

密码会话锁定
Ctrl-a x

linux-screen-usage-09

屏幕分割

CentOS常用文本图形监控程序安装配置

未分类 No Responses »

3 月 162015

CentOS 6.6集成安装包的监控工具
[root@localhost ~]# yum install iptraf

centos-text-gui-monitoring-tools-01
[root@localhost ~]# yum install iotop

需通过EPEL源安装的监控工具
[root@localhost ~]# yum -y install http://mirrors.zju.edu.cn/epel/6/i386/epel-release-6-8.noarch.rpm

[root@localhost ~]# yum -y install htop

centos-text-gui-monitoring-tools-04

centos-text-gui-monitoring-tools-05
[root@localhost ~]# yum -y install glances
[root@localhost ~]# yum -y install apachetop

centos-text-gui-monitoring-tools-06

L2TP Over IPSEC VPN安装与配置

未分类 No Responses »

3 月 132015

参考

https://github.com/xelerance/Openswan/wiki/L2tp-ipsec-configuration-using-openswan-and-xl2tpd

安装
openswan xl2tpd lsof ppp

http://mirrors.zju.edu.cn/epel/6/i386/epel-release-6-8.noarch.rpm
配置openswan 两部分
公网接口IP地址
# /etc/ipsec.secrets
193.110.157.148 %any 0.0.0.0: PSK “test”
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification

config setup
nat_traversal=yes
virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.254.253.0/24
protostack=netkey
#protostack=mast # used for SAref + MAST only
interfaces=”%defaultroute”
oe=off

conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=no
# overlapip=yes # for SAref + MAST
# sareftrack=yes # for SAref + MAST
type=transport
left=193.110.157.148
leftprotoport=17/1701
#
# The remote user.
#
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
配置xl2tpd

[global]
; you cannot leave out listen-addr, causes possible wrong src ip on return packets
listen-addr = 193.110.157.148
; ipsec saref = yes ; For SAref + MAST only
; debug tunnel = yes

[lns default]
ip range = 10.254.253.128-10.254.253.250
local ip = 10.254.253.1
assign ip = yes
require chap = yes
refuse pap = yes
require authentication = yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

配置PPP两部分

/etc/ppp/options.xl2tpd

ipcp-accept-local
ipcp-accept-remote
ms-dns 193.110.157.123
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

账户部分

root@localhost ppp]# vi chap-secrets
# client server secret IP addresses
test * "test" 10.254.253.128/25

系统配置两种方法
手动添加
# /etc/sysct.conf
# only values specific for ipsec/l2tp functioning are shown here. merge with existing file
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1

自动添加

[root@localhost ~]# sysctl -a |egrep “ipv4.*(accept|send)_redirects” |awk -F “=” ‘{print $1″= 0″}’ >> /etc/sysctl.conf

[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
error: “net.bridge.bridge-nf-call-iptables” is an unknown key
error: “net.bridge.bridge-nf-call-arptables” is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
[root@localhost ~]#

开放防火墙及设置转发

i
iptables -I INPUT -p udp –dport 500 -j ACCEPT
iptables -I INPUT -p udp –dport 4500 -j ACCEPT
iptables -I INPUT -p udp –dport 1701 -j ACCEPT
iptables -I INPUT -p esp -j ACCEPT

iptables -I FORWARD -s 10.254.253.0/24 -j ACCEPT
iptables -I FORWARD -d 10.254.253.0/24 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.254.253.0/24 -o eth0 -j MASQUERADE
检测状态

[root@localhost ~]# ipsec verify
 Checking your system to see if IPsec got installed and started correctly:
 Version check and ipsec on-path [OK]
 Linux Openswan U2.6.32/K(no kernel code presently loaded)
 Checking for IPsec support in kernel [FAILED]
 SAref kernel support [N/A]
 Checking that pluto is running [FAILED]
 whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
 Checking for 'ip' command [OK]
 Checking /bin/sh is not /bin/dash [OK]
 Checking for 'iptables' command [OK]
 Opportunistic Encryption Support [DISABLED]
[root@localhost ~]#

123

RTMP与HLS压力测试工具安装与配置

未分类 32 Responses »

3 月 092015

在CentOS 6.5环境中安装依赖软件包，使用git下载最新版本st-load源码包

 [root@localhost ~]# yum install git unzip patch gcc gcc-c++ make
 [root@localhost ~]# git clone https://github.com/winlinvip/st-load.git

执行配置和编译

 [root@localhost st-load]# ./configure
 [root@localhost st-load]# make

查看生成的文件和目录

 [root@localhost st-load]# ls objs/
 http-parser-2.1 src st_hls_load st_rtmp_load st_rtmp_publish
 Makefile st-1.9 st_http_load st_rtmp_load_fast
 [root@localhost st-load]#

模拟RTMP用户

./st_rtmp_load -c 1 -r rtmp://127.0.0.1:1935/live/livestream

模拟HLS直播用户

./st_hls_load -c 1 -r http://127.0.0.1:3080/hls/hls.m3u8

模拟HSL点播用户

./st_hls_load -c 10000 -o -r http://127.0.0.1:3080/hls/hls.m3u8

模拟RTMP推流用户

./st_rtmp_publish -i doc/source.200kbps.768x320.flv -c 1 -r rtmp://127.0.0.1:1935/live/livestream

模拟RTMP多路推流用户

./st_rtmp_publish -i doc/source.200kbps.768x320.flv -c 1000 -r rtmp://127.0.0.1:1935/live/livestream_{i}

支持RTMP流播放测试，一个进程支持5k并发
支持RTMP流推流测试，一个进程支持500个并发。

相关下载：
(1) SRS Bench （原st-load，最后更新：20151231）

Newer Entries

2015 年 3 月
一	二	三	四	五	六	日
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31