Ola , tive vários problemas ao fazer uma vpn, utilizando o opendns ou ate mesmo o dns do meu fornecedor, andei estudando o bfw e vi que ele utiliza o BIND, o problema era que se ele estivesse ativo minha vpn não conetava seja ela pptp, l2tp ou openvpn, e se você parar o serviço named "que e o bind" funcionava normal a vpn , dai pra facilatar pq preciso do opendns pq quem resolve o dns na minha rede e o firewall e tenho uma conta paga e mesmo habilitando vpn na conta paga do opendns nao funcionava.
Criei um novo arquivo em /etc/brazilfw/custom/ com o nome de rc.vpn-client dentro dele coloquei o rc.vpn-client do sistema mais editado, ele para o bind conecta e depois inicia o bind!
- Código: Selecionar todos
#!/bin/sh
# vpn client script by Washington Rodrigues 2010 #
. /etc/brazilfw/brazilfw.cfg
. /lib/system-functions
/etc/init.d/named stop
hide_kernel_message
CERT_FOLDER="/etc/brazilfw/cert/custom"
L2TP_PID="/var/run/l2tpclient.pid"
L2TP_CONFIG="/etc/l2tp_client.conf"
PPTP_CONFIG="/etc/ppp/peers"
L2TP_FOLDER="/etc/ppp"
OVPN_FOLDER="/etc"
L2TP_COUNT=1
PPTP_COUNT=1
OVPN_COUNT=1
if [ -n "$(pidof pptp)" ]; then
killall -SIGTERM pptp
sleep 1
fi
if [ -e "$L2TP_PID" ]; then
for VPN in /var/log/l2tp*.vpn; do
echo "d $(basename $VPN .vpn)" > /var/run/l2tp_client
done
kill SIGTERM $(cat $L2TP_PID) >/dev/null 2>&1
rm -fr $L2TP_PID >/dev/null 2>&1
sleep 1
fi
if [ "$(file_exist "/var/run/ovpn-out-*.pid")" = "true" ]; then
for OVPN in /var/run/ovpn-out-*.pid; do
kill SIGTERM $(cat $OVPN) >/dev/null 2>&1
rm -fr $OVPN >/dev/null 2>&1
done
sleep 1
fi
rm -fr $L2TP_CONFIG >/dev/null 2>&1
rm -fr $PPTP_CONFIG/*.pptp >/dev/null 2>&1
rm -fr $L2TP_FOLDER/*.l2tp >/dev/null 2>&1
rm -fr $OVPN_FOLDER/*.ovpn >/dev/null 2>&1
rm -fr $OVPN_FOLDER/*.pass >/dev/null 2>&1
rm -fr /var/state/*.vpninfo >/dev/null 2>&1
rm -fr /var/log/*.vpn >/dev/null 2>&1
modprobe -r l2tp_ppp >/dev/null 2>&1
if [ "$1" = "stop" ]; then
exit
fi
echo -n "Starting VPN... "
readconfig /etc/brazilfw/vpn-client.cfg | while read ACTIVE TYPE SERVER USER PASSWORD CA CERT KEY AUTH CIPHER; do
if [ "$ACTIVE" = "yes" ]; then
if [ "$TYPE" = "l2tp" ]; then
L2TP_NAME="l2tp-out-$L2TP_COUNT"
[ -n "$CA" ] && MTU="$CA" || MTU="1410"
[ -n "$CERT" ] && MRU="$CERT" || MRU="1410"
echo -e "[lac $L2TP_NAME]\nlns = $SERVER\nredial = yes\nredial timeout = 10\nautodial = yes\nppp debug = no\npppoptfile = /etc/ppp/$L2TP_NAME.l2tp\nlength bit = yes\n" >> $L2TP_CONFIG
echo -e "ipcp-accept-local\nipcp-accept-remote\nrefuse-eap\nrequire-mschap-v2\nnoauth\nmtu $MTU\nmru $MRU\nnodefaultroute\nlock\nconnect-delay 5000\nname $USER\npassword $PASSWORD\nipparam l2tp\nrequire-mppe-128\nlcp-echo-interval 30\npersist\nlinkname $L2TP_NAME" > $L2TP_FOLDER/$L2TP_NAME.l2tp
echo "$SERVER $USER" > /var/state/$L2TP_NAME.vpninfo
L2TP_COUNT=$((L2TP_COUNT+1))
elif [ "$TYPE" = "pptp" ]; then
PPTP_NAME="pptp-out-$PPTP_COUNT"
[ -n "$CA" ] && MTU="$CA" || MTU="1410"
[ -n "$CERT" ] && MRU="$CERT" || MRU="1410"
echo "pty \"/usr/local/sbin/pptp $SERVER --nolaunchpppd --loglevel 0\" linkname $PPTP_NAME user $USER password $PASSWORD refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate nodefaultroute require-mppe-128 ipparam pptp mtu $MTU mru $MRU" > $PPTP_CONFIG/$PPTP_NAME.pptp
echo "$SERVER $USER" > /var/state/$PPTP_NAME.vpninfo
pppd call $PPTP_NAME.pptp
PPTP_COUNT=$((PPTP_COUNT+1))
elif [ "$TYPE" = "openvpn" ]; then
OVPN_NAME="ovpn-out-$OVPN_COUNT"
[ "$CA" = "default" ] && CA="/var/cert/brazilfw.pem" || CA=$CERT_FOLDER/$CA
echo -e "client\nremote $SERVER\ndev tun\nkeepalive 10 120\nca $CA\ncert $CERT_FOLDER/$CERT\nkey $CERT_FOLDER/$KEY\ncipher $CIPHER\nauth $AUTH\nproto tcp\nscript-security 2\nverb 0\nnobind\nup /etc/ppp/ip-up\ndown /etc/ppp/ip-down\nsetenv LINKNAME $OVPN_NAME\nsetenv PROG ovpn\nsetenv USER $USER\npersist-key\nauth-user-pass $OVPN_FOLDER/$OVPN_NAME.pass\nns-cert-type server\ndaemon\nwritepid /var/run/$OVPN_NAME.pid" > $OVPN_FOLDER/$OVPN_NAME.ovpn
echo -e "$USER\n$PASSWORD" > $OVPN_FOLDER/$OVPN_NAME.pass
chmod 600 $OVPN_FOLDER/$OVPN_NAME.pass >/dev/null 2>&1
chmod 600 $CERT_FOLDER/$KEY >/dev/null 2>&1
/usr/local/sbin/openvpn --config $OVPN_FOLDER/$OVPN_NAME.ovpn
OVPN_COUNT=$((OVPN_COUNT+1))
fi
fi
done
if [ -e "$L2TP_CONFIG" ]; then
modprobe -s l2tp_ppp >/dev/null 2>&1
echo -e "[global]\nport = 1799" >> $L2TP_CONFIG
/usr/local/sbin/xl2tpd -c $L2TP_CONFIG -p $L2TP_PID -C /var/run/l2tp_client
fi
/etc/init.d/named start
echo "done"
show_kernel_message
dai coloque no rc.local para que substitua na inicialização
- Código: Selecionar todos
#VPN Cliente sem usar bind
rm /etc/rc.d/rc.vpn-client
cp /etc/brazilfw/custom/rc.vpn-client /etc/rc.d/
chmod 777 /etc/rc.d/rc.vpn-client
Agora esta 100% ^^ fica minha ideia, espero que ajudem outros.