CentOS6.5 部署VPN管理系统(StrongSwan+iKEv2+Freeradiu+Mysql+Daloradius)
一、环境介绍
Server IP:192.168.30.133 System: CentOS 6.5 Client:Winodows
二、编译安装StrongSwan
1.下载StrongSwan
wget http://download.strongswan.org/strongswan.tar.gz
2.安装相关库
yum install pam-devel openssl-devel make gcc gmp-devel
3.编译安装
tar zxvf strongswan.tar.gz cd strongswan-* ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql \--disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka \--enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap \--enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \--enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls make && make install && echo OK
注:如果出现错误:
configure: WARNING: unrecognized options: --enable-nat-transport checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... configure: error: newly created file is older than distributed files! Check your system clock 解决方法:(原因:时间不对) cp -Rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime cat /etc/sysconfig/clock ntpdate 133.100.11.8(或 s2m.time.edu.cn) sed -i 's#ZONE="America/New_York"#ZONE="Asia/Shanghai"#g' /etc/sysconfig/clock hwclock -w date -R
4、生成证书
ipsec pki --gen --outform pem > ca.pem ipsec pki --self --in ca.pem --dn "C=com, O=myvpn, CN=VPN CA" --ca --outform pem >ca.cert.pem ipsec pki --gen --outform pem > server.pem ipsec pki --pub --in server.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem \--dn "C=com, O=myvpn, CN=192.168.30.133" --san="192.168.30.133" --flag serverAuth --flag ikeIntermediate --outform pem > server.cert.pem ipsec pki --gen --outform pem > client.pem ipsec pki --pub --in client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=com, O=myvpn, CN=VPN Client" --outform pem > client.cert.pem openssl pkcs12 -export -inkey client.pem -in client.cert.pem -name "client" -certfile ca.cert.pem -caname "VPN CA" -out client.cert.p12 注意:CN=192.168.30.133为你的VPS外网地址
5、安装证书
cp -rf ca.cert.pem /etc/ipsec.d/cacerts/ cp -rf server.cert.pem /etc/ipsec.d/certs/ cp -rf server.pem /etc/ipsec.d/private/ cp -rf client.cert.pem /etc/ipsec.d/certs/ cp -rf client.pem /etc/ipsec.d/private/
【卸载证书:非第一次安装时需要此步操作,如果第一次安装不用此步骤】
rm -rf /etc/ipsec.d/cacerts/ca.cert.pem
rm -rf /etc/ipsec.d/certs/server.cert.pem
rm -rf /etc/ipsec.d/private/server.pem
rm -rf /etc/ipsec.d/certs/client.cert.pem
rm -rf /etc/ipsec.d/private/client.pem
6、配置strongswan
a、修改/etc/ipsec.conf;如下:
# vim /etc/ipsec.conf
config setup
strictcrlpolicy=no
uniqueids=no #多台设备同时在线
conn iOS_cert
keyexchange=ikev1
# strongswan version >= , compatible with iOS
fragmentation=yes
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightauth2=xauth
rightsourceip=
rightcert=client.cert.pem
auto=add
#also supports iOS PSK and Shrew on Windows
conn android_xauth_psk
keyexchange=ikev1
left=%defaultroute
leftauth=psk
leftsubnet=
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=
auto=add
# compatible with "strongSwan VPN Client" for Android 4.0+
# and Windows cert mode.
conn networkmanager-strongswan
keyexchange=ikev2
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightsourceip=
rightcert=client.cert.pem
auto=add
conn windows7
keyexchange=ikev2
ike=aes256-sha1-modp1024!
rekey=no
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=eap-mschapv2
rightsourceip=
rightsendcert=never
eap_identity=%any
auto=add
[该配置文件详解请参考:https://zh.opensuse.org/SDB:Setup_Ipsec_VPN_with_Strongswan]
b、修改/etc/strongswan.conf 将内容替换成如下:
vim /etc/strongswan.conf
charon {
load_modular = yes
duplicheck.enable = no
compress = yes
plugins {
include strongswan.d/charon/*.conf
}
dns1 = 8.8.8.8
dns2 = 8.8.4.4
nbns1 = 8.8.8.8
nbns2 = 8.8.4.4
}
include strongswan.d/*.conf
c、修改/etc/ipsec.secrets(没有此文件请自行创建)
vim /etc/ipsec.secrets : RSA server.pem : PSK "myPSKkey" : XAUTH "myXAUTHPass" [用户名] %any : EAP "[密码]" 【解:】 将上面的myPSKkey单词更改为你需要的PSK认证方式的密钥; 将上面的myXAUTHPass单词更改为你需要的XAUTH认证方式的密码,该认证方式的用户名是随意的; 将上面的[用户名]改为自己想要的登录名,[密码]改为自己想要的密码([]符号去掉),可以添加多行,得到多个用户,这即是使用IKEv2的用户名+密码认证方式的登录凭据.
7、配置网络转发规则转发
a、设置iptables规则
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
注意iptables规则的顺序。以下做为参考:
# Generated by iptables-save v1.4.7 on Thu Dec 8 12:51:52 2016
*nat
:PREROUTING ACCEPT [2:156]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.10.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.11.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.12.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.13.0.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Dec 8 12:51:52 2016
# Generated by iptables-save v1.4.7 on Thu Dec 8 12:51:52 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39:3992]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.10.0.0/24 -j ACCEPT
-A FORWARD -s 10.11.0.0/24 -j ACCEPT
-A FORWARD -s 10.12.0.0/24 -j ACCEPT
-A FORWARD -s 10.13.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Dec 8 12:51:52 2016
service iptables restart
b、设置ip_forward转发
vim /etc/sysctl.conf
net.ipv4.ip_forward =
改为:
net.ipv4.ip_forward =
sysctl -p
至此,strongswan就已经配置完成了,以下来测试
Windows 7测试拨号:http://zlyang.blog.51cto.com/1196234/1881212
二、部署Freeradius+mysql+daloradius
1、安装Freeradius和Mysql
yum -y install freeradius freeradius-mysql freeradius-utils mysql-server
2、启动Mysql及设置密码
service mysqld start
chkconfig mysqld on
mysql_secure_installation
3、导入Freeradius库数据
mysql -uroot -p
mysql> CREATE DATABASE radius;
mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@'localhost' IDENTIFIED BY "radpass";
mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@'%' IDENTIFIED BY "radpass";
mysql> flush privileges;
mysql> use radius;
mysql> SOURCE /etc/raddb/sql/mysql/schema.sql
mysql> SOURCE /etc/raddb/sql/mysql/cui.sql
mysql> SOURCE /etc/raddb/sql/mysql/ippool.sql
mysql> SOURCE /etc/raddb/sql/mysql/nas.sql
mysql> SOURCE /etc/raddb/sql/mysql/wimax.sql
4、配置Freeradius连接Mysql
vim /etc/raddb/sql.conf
# Connection info:
server = "localhost"
#port =
login = "radius"
password = "radpass"
# Database table configuration for everything except Oracle
radius_db = "radius"
#第108行 readclients = yes
5、使用sql数据库里的nas表读取客户端信息
vim /etc/raddb/radiusd.conf
#$INCLUDE sql.conf
修改后:
$INCLUDE sql.conf
vim /etc/raddb/sites-available/default
需要修改的行数及修改后的结果:例:#001行 line001
#170行 #files
# sql
# #radutmp
# sradutmp
# sql
# #radutmp
# sql
# sql
# sql
vim /etc/raddb/sites-available/inner-tunnel
# #file
# sql
# #radutmp
# sql
# sql
# sql
修改密钥:
vim /etc/raddb/clients.conf
secret = testing123
6、添加测试用户:
mysql -uroot -p
mysql> use radius;
mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
mysql> flush privileges;
mysql> exit;
测试Freeradius+Mysql
以Debug模式启动Freeradius:
radiusd -X
另启一个窗口测试下:
radtest test test testing123
Sending Access-Request of id 71 to 127.0.0.1 port 1812
User-Name = "yzl"
User-Password = "yzl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=71, length=55
Reply-Message = "Hello yzl !"
Reply-Message = "Regexp match for PAP"
看到”Access-Accept“说明成功。
7、部署Daloradius
a、安装LAMP环境:
yum -y install php-mysql php php-gd php-pear-DB httpd
b、下载Daloradius
下载地址:http://jaist.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
汉化版地址:http://pan.baidu.com/s/1c2h2h2K
wget http://jaist.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
tar xf daloradius-.tar.gz
c、导入daloradius库文件
mysql -uroot -p
mysql> use radius;
mysql> SOURCE /soft/daloradius-/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
d、修改daloradius连接库文件:
vi /soft/daloradius-/library/daloradius.conf.php
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues[';
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radpass';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_FILE_RADIUS_PROXY'] = '/etc/raddb/proxy.conf';
$configValues['CONFIG_PATH_RADIUS_DICT'] = '/etc/raddb';
$configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/var/www/html/daloradius/var';
$configValues['CONFIG_LOG_FILE'] = '/var/www/html/daloradius/var/daloradius.log';
e、拷备文件至apache工作目录:/var/www/html
mv /tmp/daloradius- /var/www/html/daloradius
f、创建日志文件:
touch /var/www/html/daloradius/var/daloradius.log
g、赋权给apache:
chown -R apache:apache /var/www/html/daloradius
h、修改redius日志文件:
vim /etc/raddb/radiusd.conf
#file = ${logdir}/radius.log
file = /var/log/radius.log
chmod 644 /var/log/messages
vim /var/www/html/daloradius/library/exten-radius_log.php
$logfile_loc = array();
$logfile_loc[] = '/var/log/freeradius/radius.log';
$logfile_loc[] = '/usr/local/var/log/radius/radius.log';
$logfile_loc[] = '/var/log/radius/radius.log';
$logfile_loc[] = '/var/log/radius.log';
i、将用户的同步会话限制为只有一个,新用户必须添加到用户组
vim /etc/raddb/sql/mysql/dialup.conf
查找simul_count_query将290-293行注释去掉
mysql -uroot -p
mysql> use radius;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , ');
j、修改apache配置文件
vi /etc/httpd/conf/httpd.conf
ServerName x.x.x.x:80
注:x.x.x.x为你的本机ip或域名
k、启动apache
service httpd start
chkconfig httpd on
service radiusd start
chkconfig radiusd on
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
chmod /var/log/radius.log
可以使用web登录:
http://ip-address-or-hostname/daloradius Username: administrator Password: radius
三、StrongSwan和Freeradius整合:
a、修改:/etc/strongswan.d/charon/eap-radius.conf
vim /etc/strongswan.d/charon/eap-radius.conf
#开启在线人数查询#第4行accounting = yes#第8行accounting_close_on_timeout = yes#查找server{}在这里添加以下内容
#93行
vpnserver {
secret = testing123
address = 127.0.0.1
}
b、修改/etc/ipsec.conf
#把所有的rightauth=
rightauth=eap-radius
c、重启服务
ipsec stop
ipsec start --nofork
测试下看是否成功拨号;
四、Daloradius优化及设置计费
1、Web汉化
下载Daloradius汉化版:http://pan.baidu.com/s/1c2h2h2K 将其中的main.conf、config-lang.conf做相应的替换;把zh-cn.conf上传到/var/www/html/daloradius/lang/
service httpd restart
然后在daloradius的管理页面中选择:config--language settings----Chinese---apply
2、限制用户的每日总使用时间和登录时间:
vim /etc/raddb/radiusd.conf
#将747行取消注释
$INCLUDE sql/mysql/counter.conf
vim /etc/raddb/sql/mysql/counter.conf
#将60-63行加注释,然后添加以下
# query = "SELECT SUM(acctsessiontime - \
# GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), )) \
# FROM radacct WHERE username = '%{%k}' AND \
# UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
query = "SELECT IFNULL(SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), )),) \
FROM radacct WHERE username = '%{%k}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
vim /etc/raddb/sites-available/default
authorize {
...
#修改192,加上#
#daily
#在193行添加
dailycounter
#在462之后添加
post-auth {
if(control:Auth-Type =~ /.*AP/){
update reply {
Reply-Message := "Hello %{User-Name} !"
Reply-Message := "Regexp match for %{0}"
}
}
vim /etc/raddb/dictionary
#在最后添加以下:
ATTRIBUTE Daily-Session-Time integer
ATTRIBUTE Max-Daily-Session integer
在mysql库创建相应的字段:
mysql -uradius -p
mysql> use radius;
mysql> delete from radacct;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , is seconds = 8h
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , 'users', 'Login-Time', ':=', 'Al0001-2359');
3、限制用户的每日和每月的数据使用和帐户到期
vim /etc/raddb/sql/mysql/counter.conf
#在最后添加以下:
sqlcounter dailytrafficcounter {
counter-name = Daily-Traffic
check-name = Max-Daily-Traffic
reply-name = Daily-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
vim /etc/raddb/dictionary
#在最后添加以下:
ATTRIBUTE Max-Daily-Traffic integer
ATTRIBUTE Daily-Traffic-Limit integer
ATTRIBUTE Max-Monthly-Traffic integer
ATTRIBUTE Monthly-Traffic-Limit integer
vim /etc/raddb/sites-available/default
#在193行之后添加
dailytrafficcounter
monthlytrafficcounter
在mysql库创建相应的字段:
mysql -uroot -p
mysql> use radius;
mysql> delete from radacct;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , bytes=** bytes= Gbyte, 填写时以byte为单位 每月最大流量1G
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , bytes=**= Mbyte 每天最大流量为100M
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , 'users', 'Expiration', ':=', '1 Oct 2017'); # 设定账号过期
service radiusd restart
到此,所有的都已经部署完毕了!祝你成功!
如有问题可在下方回复!
CentOS6.5 部署VPN管理系统(StrongSwan+iKEv2+Freeradiu+Mysql+Daloradius)的更多相关文章
- [svc]centos6上部署openvpn+gg二步认证
最近又发现个新的vpn: wireguard 为了满足员工在家办公的需求.需要 openvpn+gg方案 在centos6上部署openvpn 参考 1.安装前准备 wget -O /etc/yum. ...
- strongSwan IKEv2服务器配置
strongSwan IKEv2服务器配置 资料来源 https://www.cl.cam.ac.uk/~mas90/resources/strongswan/ 经过大量的反复试验,我配置了一个str ...
- centos6 Cacti部署文档
centos6 Cacti部署文档 1.安装依赖 yum -y install mysql mysql-server mysql-devel httpd php php-pdo php-snmp ph ...
- CentOS6.6部署OpenStack Havana(Nova-Network版)
CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...
- Centos6.6部署Redis集群
Centos6.6部署Redis集群 1环境准备 1环境安装redis 1安装ruby 2配置redis主从环境 3部署redis sentinel服务器 5集群使用 13当前集群环境说明 13测试功 ...
- 【Linux学习笔记1】-centos6.9部署django
一,centos6.9部署django 部署套件:centos6.9+nginx+mysql+uwsgi+python3+django 首先还是要明白这几个部分之间的关系(自己也是初学者,希望 ...
- CentOS6.9部署Redis3.2.9+FastDFS_4.06+Nginx1.5.0
CentOS6.9部署Redis3.2.9+FastDFS_4.06+Nginx1.5.0 原文链接:https://www.toutiao.com/i6481931577499582990/ 一.上 ...
- centos6.5上安装5.7版本的mysql
centos6.5上安装5.7版本的mysql https://www.cnblogs.com/lzj0218/p/5724446.html 设置root可以在本机以外的机器访问 mysql -uro ...
- 简单一键CENTOS6 安装PPTP VPN方法记录
申明:我们使用PPTP VPN仅仅只能用在查阅资料等正规渠道,不要用在不良用途上.方法收集于网上,这里我用在搬瓦工VPS(VPS方案直达),采用的是CENTOS6 64位系统.我们需要预先将VPS服务 ...
随机推荐
- KMP算法详解-- 转自Matrix67
6 7 8 9 -- A = a b a b 6 7 7 8 9 -- A = a b a b a 5 6 7 8 9 -- A = a b a b a b 6 7 ...
- Indenting source code
Artistic Style 1.15.3 A Free , Fast and Small Automatic Formatterfor C , C++ , C# , Java Source Code ...
- ioc和aop
IOC容器的基本原理 ioc又称为控制反转.或者依赖注入.为什么叫控制反转呢? 可以这样来看.软件开发中会有很多的类,这些类在一起完成复杂的功能.这些类之间存在了耦合的关系.就如同很多的齿轮,啮合 ...
- 软件Scrum
软件海贼团 OnePiece (版权所有) 最近迷上了“海贼王”这部动画片,不仅仅是因为其中的人物个个性格鲜明,剧情跌宕起伏扣人心弦,各种耍宝搞笑,还感觉到这个团队很像理想中的敏捷软件团队. 作为一直 ...
- Windows Socket 组件 HP-Socket v2.2.3
高性能 Windows Socket 组件 HP-Socket v2.2.3 正式发布 HP-Socket 是一套通用的高性能 Windows Socket 组件包,包含服务端组件(IOCP 模型)和 ...
- Excel 自定义函数
浅谈Excel开发:四 Excel 自定义函数 我们知道,Excel中有很多内置的函数,比如求和,求平均,字符串操作函数,金融函数等等.在有些时候,结合业务要求,这些函数可能不能满足我们的需求,比 ...
- ThreadPool&ManualResetEvent
在多线程的程序中,经常会出现两种情况: 一种情况: 应用程序中,线程把大部分的时间花费在等待状态,等待某个事件发生,然后才能给予响应 这一般使用ThreadPool(线程池)来解决: 另一种情况:线程 ...
- .net基础收集
.net基础收集 最近的面试让我知道基础知识的重要性,而我也每天都在网上找一些基础题来看.其实面试无非都是一些理论基础,只有基础过关了,才会被问到技术性的问题,所以第一关一定要打好.下面是我收集的一些 ...
- openssh6.7.deb download packed for debian7/ubuntu12.04 amd64
openssh the openssh-server on debian7/ubuntu12.04 is too old and out of date. so now we replace and ...
- mosquitto awareness when before it's being compiling, and you do settings and testing
Mostly, this clearify the usage of ' mosquitto.conf ' in easy-understanding language. 1. compile ...