Mysql backup and recover

backup:

recover:

running a strongswan server with radius on your VPS

Strongswan install

1. Prepare the environment:

2. Get the package:

3. Install the package:

Note: 1) If you use the OVZ based VPS, you must add –enable-kernel-libipsec, otherwise not.
2) 5.2.1 can be replaced by the other version.

Configuration of Strongswan

The default configuration is under:

1. ipsec.conf: It is the configuration of every client part. You can config it like the following below:

2. ipsec.secrects:

3. strongswan.conf:

Note:
1) radius.xxx.com is your radius server address/ip.
2) secret can be custom by yourself.
3) The two secret can be different.

Install the certificates

Here is the a simpler command to install the certs, but you should replace yourdomain to your host domain:

Configuration for the network(router)

Note: ?.?.?.? is the Strongswan server ip address.

Now the Strongswan part is finished.

Install the FreeRadius

If you met the heart bleed warning, you should do the following steps:

After that, change the /usr/local/etc/raddb/radiusd.conf from “allow_vulnerable_openssl = no” to “allow_vulnerable_openssl = yes”

Configuration of FreeRadius
The directory of the freeRadius is under:

1) Add the following line to the dictionary file:

2) sites-enabled/default: Comment the line with unix and files, delete the comment flag for the sql

3) radiusd.conf: Delete the comment flag for the “include sql.conf”

4) clients.conf: Change the secret = testing123 under localhost section.

5) sql.conf: Change the following code as your database configuration in the sql section:

6) sql/mysql/dialup.conf: Add the following line and comment other sql_user_name line

Uncomment the simul_query_check line.

Create database

Create the base information in db:

After finished, it is better to have a local test, Now we add the test user:

Test code like the following below:

If you receive “Access-Accept”, and your local configuration is ok.

Add NAS clients
NAS is your strongswan client.
You only need to change the clients.conf file only, and just add the section like the following below:

You can also add a coa_server in proxy.conf and add the following codes:

If you set the Coa, and the kik user function is also be enabled. But the traffic have not been set yet, now we should do it with modifying sites-enabled/default:

And you should also listen the coa respond in radius.conf, and add theses lines:

I’m not sure the configutation is right, but it is finished.

Protected: Haproxy configuration

This content is password protected. To view it please enter your password below: