ubuntu server PEAP认证 NetworkManager DNS DHCP
2018-10-26
开启路由转发:
1 | sudo vim /etc/sysctl.conf |
域认证:
安装network-manager代替系统默认网络配置1
sudo vim /etc/netplan/50-cloud-init.yaml
1 | network: |
安装network-manager1
sudo nmtui
配置一个网络 配置文件保存在/etc/NetworkManager/system-connections/1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32[connection]
id=Wired connection 1
uuid=37120763-3bab-3d80-8201-e8d2541ae2e4
type=ethernet
autoconnect-priority=-999
permissions=
timestamp=1532662876
[ethernet]
cloned-mac-address=(修改)
mac-address=(物理地址)
mac-address-blacklist=
[802-1x]
eap=peap;
identity=****
password=****
phase2-auth=mschapv2
[ipv4]
dns-search=
method=auto
route1=(默认路由修改,可没有)
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore
到这重启应该可以本地上网了.
DNS部分:
修改:/etc/NetworkManager/NetworkManager.conf1
dns=none
关闭系统自带的本地DNS服务1
2sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved.service
修改:/etc/dnsmasq.conf
1 | interface=enp2s0f1 |
配置服务:
dnsmasq服务需要在网络生效后启动
修改:/lib/systemd/system/dnsmasq.service1
2
3
4
5
6[Unit]
Description=dnsmasq - A lightweight DHCP and caching DNS server
Requires=network.target
#Wants=nss-lookup.target
#Before=nss-lookup.target
After=network.target NetworkManager-dispatcher.service NetworkManager-wait-online.service
shadowsocks:
/etc/systemd/system/shadowsocks.service1
2
3
4
5
6
7
8
9
10
11
12[Unit]
Description=Shadowsocks Server
After=dnsmasq.service
[Service]
Type=forking
ExecStart=/usr/local/bin/ssserver -k 1qaz@WSX -d start --pid-file /home/hp/ssserver.pid --log-file /home/hp/logs/ssserver.log
Restart=on-abort
User=修改
[Install]
WantedBy=multi-user.target
1 | [Unit] |
iptables部分:
添加:/etc/NetworkManager/dispatcher.d/02-iptables1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30if [ -x /usr/bin/logger ]; then
LOGGER="/usr/bin/logger -s -p daemon.info -t IptablesHandler"
else
LOGGER=echo
fi
case "$2" in
up)
if [ ! -r /etc/iptables.rules ]; then
${LOGGER} "No iptables rules exist to restore."
return
fi
if [ ! -x /sbin/iptables-restore ]; then
${LOGGER} "No program exists to restore iptables rules."
return
fi
${LOGGER} "Restoring iptables rules"
/sbin/iptables-restore -c < /etc/iptables.rules
;;
down)
if [ ! -x /sbin/iptables-save ]; then
${LOGGER} "No program exists to save iptables rules."
return
fi
${LOGGER} "Saving iptables rules."
/sbin/iptables-save -c > /etc/iptables.rules
;;
*)
;;
esac
iptables.rules1
2
3
4
5
6
7
8
9
10# Generated by iptables-save v1.6.1 on Wed Sep 19 00:14:23 2018
*nat
:PREROUTING ACCEPT [2936:280651]
:INPUT ACCEPT [622:46639]
:OUTPUT ACCEPT [1553:95298]
:POSTROUTING ACCEPT [587:35220]
[3417:254394] -A POSTROUTING -j LOG --log-prefix iptables
[718852:49234582] -A POSTROUTING -o enp2s0f0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 19 00:14:23 2018