ubuntu server PEAP认证 NetworkManager DNS DHCP

2018-10-26


开启路由转发:
1
2
sudo vim /etc/sysctl.conf
net.ipv4.ip_forward=1
域认证:

 安装network-manager代替系统默认网络配置

1
sudo vim /etc/netplan/50-cloud-init.yaml

1
2
3
network:
    version: 2
    renderer: NetworkManager

 安装network-manager

1
sudo nmtui

 配置一个网络 配置文件保存在/etc/NetworkManager/system-connections/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[connection]
id=Wired connection 1
uuid=37120763-3bab-3d80-8201-e8d2541ae2e4
type=ethernet
autoconnect-priority=-999
permissions=
timestamp=1532662876


[ethernet]
cloned-mac-address=(修改)
mac-address=(物理地址)
mac-address-blacklist=


[802-1x]
eap=peap;
identity=****
password=****
phase2-auth=mschapv2


[ipv4]
dns-search=
method=auto
route1=(默认路由修改,可没有)


[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore

到这重启应该可以本地上网了.

DNS部分:

修改:/etc/NetworkManager/NetworkManager.conf

1
dns=none

关闭系统自带的本地DNS服务

1
2
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved.service

 修改:/etc/dnsmasq.conf

1
2
3
4
interface=enp2s0f1
#dhcp
dhcp-range=172.16.0.100,172.16.0.110,255.255.255.0,12h
dhcp-option=3,172.16.0.1
配置服务:

dnsmasq服务需要在网络生效后启动

修改:/lib/systemd/system/dnsmasq.service

1
2
3
4
5
6
[Unit]
Description=dnsmasq - A lightweight DHCP and caching DNS server
Requires=network.target
#Wants=nss-lookup.target
#Before=nss-lookup.target
After=network.target NetworkManager-dispatcher.service NetworkManager-wait-online.service

shadowsocks:

/etc/systemd/system/shadowsocks.service

1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=Shadowsocks Server
After=dnsmasq.service

[Service]
Type=forking
ExecStart=/usr/local/bin/ssserver -k 1qaz@WSX -d start --pid-file /home/hp/ssserver.pid --log-file /home/hp/logs/ssserver.log
Restart=on-abort
User=修改

[Install]
WantedBy=multi-user.target

1
2
3
4
5
6
7
8
9
10
11
[Unit]
Description=Bridge
After=shadowsocks.service

[Service]
ExecStart=/bin/sh /home/hp/45.32.50.124.sh
Restart=on-abort
User=hp

[Install]
WantedBy=multi-user.target
iptables部分:

添加:/etc/NetworkManager/dispatcher.d/02-iptables

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
if [ -x /usr/bin/logger ]; then
        LOGGER="/usr/bin/logger -s -p daemon.info -t IptablesHandler"
else
        LOGGER=echo
fi

case "$2" in
        up)
                if [ ! -r /etc/iptables.rules ]; then
                        ${LOGGER} "No iptables rules exist to restore."
                        return
                fi
                if [ ! -x /sbin/iptables-restore ]; then
                        ${LOGGER} "No program exists to restore iptables rules."
                        return
                fi
                ${LOGGER} "Restoring iptables rules"
                /sbin/iptables-restore -c < /etc/iptables.rules
                ;;
        down)
                if [ ! -x /sbin/iptables-save ]; then
                        ${LOGGER} "No program exists to save iptables rules."
                        return
                fi
                ${LOGGER} "Saving iptables rules."
                /sbin/iptables-save -c > /etc/iptables.rules
                ;;
        *)
                ;;
esac

iptables.rules

1
2
3
4
5
6
7
8
9
10
# Generated by iptables-save v1.6.1 on Wed Sep 19 00:14:23 2018
*nat
:PREROUTING ACCEPT [2936:280651]
:INPUT ACCEPT [622:46639]
:OUTPUT ACCEPT [1553:95298]
:POSTROUTING ACCEPT [587:35220]
[3417:254394] -A POSTROUTING -j LOG --log-prefix iptables
[718852:49234582] -A POSTROUTING -o enp2s0f0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 19 00:14:23 2018