请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科社区 关注
思科社区

搜索
热搜: 邮件服务器
查看: 1068|回复: 8

【原创】Cisco路由器中安装科学上网插件

[复制链接]
发表于 2020-1-24 13:06:34 | 显示全部楼层 |阅读模式
本帖最后由 zylccna2015 于 2020-1-24 13:19 编辑

  • 开始之前准备DDNS&L2TP/Ipsec为手机提供外部联入方案
    1. aaa new-model
    2. aaa authentication ppp default local
    3. !
    4. username root privilege 15 password 7 097D5FD4C434C47525FD507B
    5. !
    6. ip ddns update method 3322
    7. HTTP
    8.   add http://kagamigawa:************@<s>/nic/update?system=dyndns&hostname=<h>&myip=<a>
    9. interval maximum 0 0 1 0
    10. interval minimum 0 0 1 0
    11. !
    12. ip dhcp pool l2tp-pool
    13. network 192.168.1.0 255.255.255.0
    14. default-router 192.168.1.1
    15. dns-server 192.168.1.1
    16. !
    17. vpdn enable
    18. vpdn-group l2tpv2
    19. ! Default L2TP VPDN group
    20. accept-dialin
    21.   protocol l2tp
    22.   virtual-template 1
    23. no l2tp tunnel authentication
    24. !
    25. crypto isakmp policy 1
    26. encr aes 256
    27. hash md5
    28. authentication pre-share
    29. group 14
    30. crypto isakmp key ***** address 0.0.0.0        
    31. crypto ipsec transform-set l2tp esp-3des esp-sha-hmac
    32. mode transport
    33. crypto dynamic-map l2tp 1
    34. set transform-set l2tp
    35. crypto map l2tp 1 ipsec-isakmp dynamic l2tp
    36. #
    37. interface dialer 1
    38. ip nbar protocol-discovery
    39. crypto map l2tp
    40. service-policy input WEBUI-MARKING-IN
    41. service-policy output WEBUI-QUEUING-OUT
    42. crypto map l2tp
    43. ip ddns update hostname kagamigawa.f3322.net
    44. ip ddns update 3322 host members.3322.net
    45. !
    46. interface Virtual-Template1
    47. ip address 192.168.1.1 255.255.255.0
    48. ip nat inside
    49. peer default ip address dhcp-pool l2tp-pool
    50. ppp authentication chap eap ms-chap ms-chap-v2 pap
    51. end
    复制代码

  • 开启Guestshell与流量监测
    1. ip nbar http-services
    2. !
    3. class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-DSCP
    4. match dscp af41
    5. class-map match-all WEBUI-BROADCAST_VIDEO-NBAR
    6. match protocol attribute traffic-class broadcast-video
    7. match protocol attribute business-relevance business-relevant
    8. class-map match-all WEBUI-VOICE-NBAR
    9. match protocol attribute traffic-class voip-telephony
    10. match protocol attribute business-relevance business-relevant
    11. class-map match-all WEBUI-BULK_DATA-NBAR
    12. match protocol attribute traffic-class bulk-data
    13. match protocol attribute business-relevance business-relevant
    14. class-map match-all WEBUI-SIGNALING-NBAR
    15. match protocol attribute traffic-class signaling
    16. match protocol attribute business-relevance business-relevant
    17. class-map match-all WEBUI-NETWORK_CONTROL-DSCP
    18. match dscp cs6
    19. class-map match-all WEBUI-SCAVENGER-NBAR
    20. match protocol attribute business-relevance business-irrelevant
    21. class-map match-all WEBUI-SCAVENGER-DSCP
    22. match dscp cs1
    23. class-map match-all WEBUI-NETWORK_CONTROL-NBAR
    24. match protocol attribute traffic-class network-control
    25. match protocol attribute business-relevance business-relevant
    26. class-map match-all WEBUI-SIGNALING-DSCP
    27. match dscp cs3
    28. class-map match-all WEBUI-BULK_DATA-DSCP
    29. match dscp af11
    30. class-map match-all WEBUI-BROADCAST_VIDEO-DSCP
    31. match dscp cs5
    32. class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-NBAR
    33. match protocol attribute traffic-class multimedia-conferencing
    34. match protocol attribute business-relevance business-relevant
    35. class-map match-all WEBUI-VOICE-DSCP
    36. match dscp ef
    37. class-map match-all WEBUI-NETWORK_MANAGEMENT-NBAR
    38. match protocol attribute traffic-class ops-admin-mgmt
    39. match protocol attribute business-relevance business-relevant
    40. class-map match-all WEBUI-MULTIMEDIA_STREAMING-DSCP
    41. match dscp af31
    42. class-map match-all WEBUI-REALTIME_INTERACTIVE-NBAR
    43. match protocol attribute traffic-class real-time-interactive
    44. match protocol attribute business-relevance business-relevant
    45. class-map match-all WEBUI-TRANSACTIONAL_DATA-DSCP
    46. match dscp af21
    47. class-map match-all WEBUI-REALTIME_INTERACTIVE-DSCP
    48. match dscp cs4
    49. class-map match-all WEBUI-TRANSACTIONAL_DATA-NBAR
    50. match protocol attribute traffic-class transactional-data
    51. match protocol attribute business-relevance business-relevant
    52. class-map match-all WEBUI-NETWORK_MANAGEMENT-DSCP
    53. match dscp cs2
    54. class-map match-all WEBUI-MULTIMEDIA_STREAMING-NBAR
    55. match protocol attribute traffic-class multimedia-streaming
    56. match protocol attribute business-relevance business-relevant
    57. !
    58. ip name-server 8.8.8.8 8.8.4.4
    59. ip domain name home.lab
    60. ip domain look-up
    61. ip dns server
    62. !
    63. interface VirtualPortGroup0
    64. ip address 192.168.2.1 255.255.255.0
    65. ip nbar protocol-discovery
    66. ip nat inside
    67. no mop enabled
    68. no mop sysid
    69. service-policy input WEBUI-MARKING-IN
    70. service-policy output WEBUI-QUEUING-OUT
    71. !
    72. ip nat inside source list 1 interface Dialer1 overload
    73. access-list 1 permit 192.168.0.0 0.0.255.255
    74. !
    75. app-hosting appid guestshell
    76. app-vnic gateway0 virtualportgroup 0 guest-interface 0
    77.   guest-ipaddress 192.168.2.100 netmask 255.255.0.0
    78. app-default-gateway 192.168.2.1 guest-interface 0
    79. name-server0 192.168.2.1
    复制代码

  • 进入Guestshell准备依赖库与软件包
    1. Gateway#guestshell
    2. [guestshell@guestshell ~]$ sudo su
    3. [root@guestshell guestshell]#cd /tmp
    4. yum install -y nano
    5. yum install -y epel-release
    6. yum install -y systemd-sysv
    7. pip install --upgrade pip
    8. pip install http://192.168.0.64/shadowsocks-master.zip -U                                           #相关提供请自行github或联系我
    9. rpm -i http://192.168.0.64/privoxy-3.0.26-1.el7.x86_64.rpm
    10. wget http://192.168.0.64/gfwlist.action
    复制代码

  • 配置SSPrivoxy-Pac
    1. #==================配置SS====================
    2. mkdir /etc/shadowsocks
    3. nano /etc/shadowsocks/shadowsocks.json
    4. {
    5.     "server": "64.64.239.111",
    6.     "server_port": 53160,
    7.     "local_address": "192.168.2.100",
    8.     "local_port": 1080,
    9.     "password": "*********",
    10.     "method": "**********",
    11.     "fast_open": true,
    12.     "workers": 1
    13. }
    14. #==============配置SS服务启动脚本===============
    15. nano /etc/systemd/system/shadowsocks.service
    16. [Unit]
    17. Description=Shadowsocks
    18. [Service]
    19. TimeoutStartSec=0
    20. ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
    21. [Install]
    22. WantedBy=multi-user.target
    23. #
    24. systemctl enable shadowsocks.service
    25. #================检查SS服务启动状态=============
    26. [root@guestshell tmp]#systemctl start shadowsocks.service
    27. [root@guestshell tmp]#systemctl status -l shadowsocks.service
    28. #
    29. ● shadowsocks.service - Shadowsocks
    30.    Loaded: loaded (/etc/systemd/system/shadowsocks.service; enabled; vendor preset: disabled)
    31.    Active: active (running) since Thu 2020-01-23 19:26:31 UTC; 7h ago
    32. Main PID: 33 (sslocal)
    33.    CGroup: /system.slice/libvirtd.service/system.slice/shadowsocks.service
    34.            └─33 /usr/bin/python /usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
    35. #
    36. [root@guestshell tmp]# curl --socks5 192.168.2.100:1080 http://httpbin.org/ip       #测试返回ip
    37. {
    38.   "origin": "64.XX.2XX.11X"
    39. }
    40. #===============配置privoxy服务启动脚本================
    41. [Unit]
    42. Description=Privoxy Web Proxy With Advanced Filtering Capabilities
    43. Wants=network-online.target
    44. After=network-online.target
    45. [Service]
    46. Type=simple
    47. PIDFile=/run/privoxy.pid
    48. ExecStart=/usr/sbin/privoxy --no-daemon --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config
    49. [Install]
    50. WantedBy=multi-user.target
    51. #
    52. systemctl enable privoxy.service
    53. #================检查privoxy服务启动状态=============
    54. [root@guestshell tmp]# systemctl start privoxy
    55. [root@guestshell tmp]# systemctl status privoxy
    56. ● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities
    57.    Loaded: loaded (/etc/systemd/system/privoxy.service; enabled; vendor preset: disabled)
    58.    Active: active (running) since Thu 2020-01-23 19:44:51 UTC; 7h ago
    59. Main PID: 1967 (privoxy)
    60.    CGroup: /system.slice/libvirtd.service/system.slice/privoxy.service
    61.            └─1967 /usr/sbin/privoxy --no-daemon --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config
    62. #================配置PAC及http代理=============
    63. [root@guestshell tmp]# ll
    64. total 76
    65. -rw-r--r-- 1 root root 74726 Jan 23 19:44 gfwlist.action
    66. cp gfwlist.action /etc/privoxy/
    67. echo 'actionsfile gfwlist.action' >> /etc/privoxy/config
    68. echo 'listen-address  192.168.2.100:8118' >> /etc/privoxy/config
    69. #================配置PROFILE =================
    70. nano /etc/profile
    71. export http_proxy=http://192.168.2.100:8118
    72. export https_proxy=http://192.168.2.100:8118
    73. #================重启服务====================
    74. systemctl restart privoxy.service
    75. #================检查NAT生效====================
    76. Gateway#sh ip nat translations | inc 192.168.2.100
    77. tcp  49.113.73.239:5696    192.168.2.100:60516   64.64.239.111:53160   64.64.239.111:53160
    78. tcp  49.113.73.239:5674    192.168.2.100:60526   64.64.239.111:53160   64.64.239.111:53160
    79. tcp  49.113.73.239:5689    192.168.2.100:60554   64.64.239.111:53160   64.64.239.111:53160
    80. tcp  49.113.73.239:5688    192.168.2.100:60550   64.64.239.111:53160   64.64.239.111:53160
    81. tcp  49.113.73.239:5665    192.168.2.100:60562   64.64.239.111:53160   64.64.239.111:53160
    复制代码

  • 配置终端(win/mac/ios

本帖子中包含更多资源

您需要 思科 CCO 登录 才可以下载或查看,没有帐号?思科 CCO 注册   

x
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分5 (1 评价)
发表于 2020-1-24 21:39:37 | 显示全部楼层
你这是啥设备啊 啥IOS。。。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
 楼主| 发表于 2020-1-24 21:40:13 来自手机 | 显示全部楼层
wuhao0015 发表于 2020-1-24 21:39
你这是啥设备啊 啥IOS。。。

家用的csr1000v
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (1 评价)
 楼主| 发表于 2020-1-24 21:41:49 | 显示全部楼层
wuhao0015 发表于 2020-1-24 21:39
你这是啥设备啊 啥IOS。。。

版本是 16.9.4
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分2 (1 评价)
发表于 2020-1-25 12:12:29 | 显示全部楼层
感谢楼主分享,谢谢~
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2020-2-6 12:57:48 | 显示全部楼层
虚拟的软路由给力啊,看来思科拥抱Linux时间挺长了!
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
 楼主| 发表于 2020-2-6 20:38:22 | 显示全部楼层
boy6585948 发表于 2020-2-6 12:57
虚拟的软路由给力啊,看来思科拥抱Linux时间挺长了!

准备重新码一下文,最近发现用anyconnect搭配SSR更稳定一些
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 7 天前 | 显示全部楼层
CIsco其他路由器可以安装配置吗?请详细说明一下。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
 楼主| 发表于 7 天前 | 显示全部楼层
sufee 发表于 2020-2-11 15:14
CIsco其他路由器可以安装配置吗?请详细说明一下。

可以 ISR4000系列和ASR1000系列均可以
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 思科 CCO 登录 | 思科 CCO 注册   

本版积分规则

Archiver | 思科社区  

GMT+8, 2020-2-18 17:40 , Processed in 0.104721 second(s), 54 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表