CentOS6.5 部署VPN管理系统(StrongSwan+iKEv2+Freeradiu+Mysql+Daloradius)
一、环境介绍
Server IP:192.168.30.133 System: CentOS 6.5 Client:Winodows
二、编译安装StrongSwan
1.下载StrongSwan
wget http://download.strongswan.org/strongswan.tar.gz
2.安装相关库
yum install pam-devel openssl-devel make gcc gmp-devel
3.编译安装
tar zxvf strongswan.tar.gz cd strongswan-* ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql \--disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka \--enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap \--enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \--enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls make && make install && echo OK
注:如果出现错误:
configure: WARNING: unrecognized options: --enable-nat-transport checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... configure: error: newly created file is older than distributed files! Check your system clock 解决方法:(原因:时间不对) cp -Rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime cat /etc/sysconfig/clock ntpdate 133.100.11.8(或 s2m.time.edu.cn) sed -i 's#ZONE="America/New_York"#ZONE="Asia/Shanghai"#g' /etc/sysconfig/clock hwclock -w date -R
4、生成证书
ipsec pki --gen --outform pem > ca.pem ipsec pki --self --in ca.pem --dn "C=com, O=myvpn, CN=VPN CA" --ca --outform pem >ca.cert.pem ipsec pki --gen --outform pem > server.pem ipsec pki --pub --in server.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem \--dn "C=com, O=myvpn, CN=192.168.30.133" --san="192.168.30.133" --flag serverAuth --flag ikeIntermediate --outform pem > server.cert.pem ipsec pki --gen --outform pem > client.pem ipsec pki --pub --in client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=com, O=myvpn, CN=VPN Client" --outform pem > client.cert.pem openssl pkcs12 -export -inkey client.pem -in client.cert.pem -name "client" -certfile ca.cert.pem -caname "VPN CA" -out client.cert.p12 注意:CN=192.168.30.133为你的VPS外网地址
5、安装证书
cp -rf ca.cert.pem /etc/ipsec.d/cacerts/ cp -rf server.cert.pem /etc/ipsec.d/certs/ cp -rf server.pem /etc/ipsec.d/private/ cp -rf client.cert.pem /etc/ipsec.d/certs/ cp -rf client.pem /etc/ipsec.d/private/
【卸载证书:非第一次安装时需要此步操作,如果第一次安装不用此步骤】
rm -rf /etc/ipsec.d/cacerts/ca.cert.pem
rm -rf /etc/ipsec.d/certs/server.cert.pem
rm -rf /etc/ipsec.d/private/server.pem
rm -rf /etc/ipsec.d/certs/client.cert.pem
rm -rf /etc/ipsec.d/private/client.pem
6、配置strongswan
a、修改/etc/ipsec.conf;如下:
# vim /etc/ipsec.conf
config setup
strictcrlpolicy=no
uniqueids=no #多台设备同时在线
conn iOS_cert
keyexchange=ikev1
# strongswan version >= , compatible with iOS
fragmentation=yes
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightauth2=xauth
rightsourceip=
rightcert=client.cert.pem
auto=add
#also supports iOS PSK and Shrew on Windows
conn android_xauth_psk
keyexchange=ikev1
left=%defaultroute
leftauth=psk
leftsubnet=
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=
auto=add
# compatible with "strongSwan VPN Client" for Android 4.0+
# and Windows cert mode.
conn networkmanager-strongswan
keyexchange=ikev2
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightsourceip=
rightcert=client.cert.pem
auto=add
conn windows7
keyexchange=ikev2
ike=aes256-sha1-modp1024!
rekey=no
left=%defaultroute
leftauth=pubkey
leftsubnet=
leftcert=server.cert.pem
right=%any
rightauth=eap-mschapv2
rightsourceip=
rightsendcert=never
eap_identity=%any
auto=add
[该配置文件详解请参考:https://zh.opensuse.org/SDB:Setup_Ipsec_VPN_with_Strongswan]
b、修改/etc/strongswan.conf 将内容替换成如下:
vim /etc/strongswan.conf
charon {
load_modular = yes
duplicheck.enable = no
compress = yes
plugins {
include strongswan.d/charon/*.conf
}
dns1 = 8.8.8.8
dns2 = 8.8.4.4
nbns1 = 8.8.8.8
nbns2 = 8.8.4.4
}
include strongswan.d/*.conf
c、修改/etc/ipsec.secrets(没有此文件请自行创建)
vim /etc/ipsec.secrets : RSA server.pem : PSK "myPSKkey" : XAUTH "myXAUTHPass" [用户名] %any : EAP "[密码]" 【解:】 将上面的myPSKkey单词更改为你需要的PSK认证方式的密钥; 将上面的myXAUTHPass单词更改为你需要的XAUTH认证方式的密码,该认证方式的用户名是随意的; 将上面的[用户名]改为自己想要的登录名,[密码]改为自己想要的密码([]符号去掉),可以添加多行,得到多个用户,这即是使用IKEv2的用户名+密码认证方式的登录凭据.
7、配置网络转发规则转发
a、设置iptables规则
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j MASQUERADE
注意iptables规则的顺序。以下做为参考:
# Generated by iptables-save v1.4.7 on Thu Dec 8 12:51:52 2016
*nat
:PREROUTING ACCEPT [2:156]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.10.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.11.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.12.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.13.0.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Dec 8 12:51:52 2016
# Generated by iptables-save v1.4.7 on Thu Dec 8 12:51:52 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39:3992]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.10.0.0/24 -j ACCEPT
-A FORWARD -s 10.11.0.0/24 -j ACCEPT
-A FORWARD -s 10.12.0.0/24 -j ACCEPT
-A FORWARD -s 10.13.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Dec 8 12:51:52 2016
service iptables restart
b、设置ip_forward转发
vim /etc/sysctl.conf
net.ipv4.ip_forward =
改为:
net.ipv4.ip_forward =
sysctl -p
至此,strongswan就已经配置完成了,以下来测试
Windows 7测试拨号:http://zlyang.blog.51cto.com/1196234/1881212
二、部署Freeradius+mysql+daloradius
1、安装Freeradius和Mysql
yum -y install freeradius freeradius-mysql freeradius-utils mysql-server
2、启动Mysql及设置密码
service mysqld start
chkconfig mysqld on
mysql_secure_installation
3、导入Freeradius库数据
mysql -uroot -p
mysql> CREATE DATABASE radius;
mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@'localhost' IDENTIFIED BY "radpass";
mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@'%' IDENTIFIED BY "radpass";
mysql> flush privileges;
mysql> use radius;
mysql> SOURCE /etc/raddb/sql/mysql/schema.sql
mysql> SOURCE /etc/raddb/sql/mysql/cui.sql
mysql> SOURCE /etc/raddb/sql/mysql/ippool.sql
mysql> SOURCE /etc/raddb/sql/mysql/nas.sql
mysql> SOURCE /etc/raddb/sql/mysql/wimax.sql
4、配置Freeradius连接Mysql
vim /etc/raddb/sql.conf
# Connection info:
server = "localhost"
#port =
login = "radius"
password = "radpass"
# Database table configuration for everything except Oracle
radius_db = "radius"
#第108行 readclients = yes
5、使用sql数据库里的nas表读取客户端信息
vim /etc/raddb/radiusd.conf
#$INCLUDE sql.conf
修改后:
$INCLUDE sql.conf
vim /etc/raddb/sites-available/default
需要修改的行数及修改后的结果:例:#001行 line001
#170行 #files
# sql
# #radutmp
# sradutmp
# sql
# #radutmp
# sql
# sql
# sql
vim /etc/raddb/sites-available/inner-tunnel
# #file
# sql
# #radutmp
# sql
# sql
# sql
修改密钥:
vim /etc/raddb/clients.conf
secret = testing123
6、添加测试用户:
mysql -uroot -p
mysql> use radius;
mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
mysql> flush privileges;
mysql> exit;
测试Freeradius+Mysql
以Debug模式启动Freeradius:
radiusd -X
另启一个窗口测试下:
radtest test test testing123
Sending Access-Request of id 71 to 127.0.0.1 port 1812
User-Name = "yzl"
User-Password = "yzl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=71, length=55
Reply-Message = "Hello yzl !"
Reply-Message = "Regexp match for PAP"
看到”Access-Accept“说明成功。
7、部署Daloradius
a、安装LAMP环境:
yum -y install php-mysql php php-gd php-pear-DB httpd
b、下载Daloradius
下载地址:http://jaist.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
汉化版地址:http://pan.baidu.com/s/1c2h2h2K
wget http://jaist.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
tar xf daloradius-.tar.gz
c、导入daloradius库文件
mysql -uroot -p
mysql> use radius;
mysql> SOURCE /soft/daloradius-/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
d、修改daloradius连接库文件:
vi /soft/daloradius-/library/daloradius.conf.php
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues[';
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radpass';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_FILE_RADIUS_PROXY'] = '/etc/raddb/proxy.conf';
$configValues['CONFIG_PATH_RADIUS_DICT'] = '/etc/raddb';
$configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/var/www/html/daloradius/var';
$configValues['CONFIG_LOG_FILE'] = '/var/www/html/daloradius/var/daloradius.log';
e、拷备文件至apache工作目录:/var/www/html
mv /tmp/daloradius- /var/www/html/daloradius
f、创建日志文件:
touch /var/www/html/daloradius/var/daloradius.log
g、赋权给apache:
chown -R apache:apache /var/www/html/daloradius
h、修改redius日志文件:
vim /etc/raddb/radiusd.conf
#file = ${logdir}/radius.log
file = /var/log/radius.log
chmod 644 /var/log/messages
vim /var/www/html/daloradius/library/exten-radius_log.php
$logfile_loc = array();
$logfile_loc[] = '/var/log/freeradius/radius.log';
$logfile_loc[] = '/usr/local/var/log/radius/radius.log';
$logfile_loc[] = '/var/log/radius/radius.log';
$logfile_loc[] = '/var/log/radius.log';
i、将用户的同步会话限制为只有一个,新用户必须添加到用户组
vim /etc/raddb/sql/mysql/dialup.conf
查找simul_count_query将290-293行注释去掉
mysql -uroot -p
mysql> use radius;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , ');
j、修改apache配置文件
vi /etc/httpd/conf/httpd.conf
ServerName x.x.x.x:80
注:x.x.x.x为你的本机ip或域名
k、启动apache
service httpd start
chkconfig httpd on
service radiusd start
chkconfig radiusd on
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
chmod /var/log/radius.log
可以使用web登录:
http://ip-address-or-hostname/daloradius Username: administrator Password: radius
三、StrongSwan和Freeradius整合:
a、修改:/etc/strongswan.d/charon/eap-radius.conf
vim /etc/strongswan.d/charon/eap-radius.conf
#开启在线人数查询#第4行accounting = yes#第8行accounting_close_on_timeout = yes#查找server{}在这里添加以下内容
#93行
vpnserver {
secret = testing123
address = 127.0.0.1
}
b、修改/etc/ipsec.conf
#把所有的rightauth=
rightauth=eap-radius
c、重启服务
ipsec stop
ipsec start --nofork
测试下看是否成功拨号;
四、Daloradius优化及设置计费
1、Web汉化
下载Daloradius汉化版:http://pan.baidu.com/s/1c2h2h2K 将其中的main.conf、config-lang.conf做相应的替换;把zh-cn.conf上传到/var/www/html/daloradius/lang/
service httpd restart
然后在daloradius的管理页面中选择:config--language settings----Chinese---apply
2、限制用户的每日总使用时间和登录时间:
vim /etc/raddb/radiusd.conf
#将747行取消注释
$INCLUDE sql/mysql/counter.conf
vim /etc/raddb/sql/mysql/counter.conf
#将60-63行加注释,然后添加以下
# query = "SELECT SUM(acctsessiontime - \
# GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), )) \
# FROM radacct WHERE username = '%{%k}' AND \
# UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
query = "SELECT IFNULL(SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), )),) \
FROM radacct WHERE username = '%{%k}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
vim /etc/raddb/sites-available/default
authorize {
...
#修改192,加上#
#daily
#在193行添加
dailycounter
#在462之后添加
post-auth {
if(control:Auth-Type =~ /.*AP/){
update reply {
Reply-Message := "Hello %{User-Name} !"
Reply-Message := "Regexp match for %{0}"
}
}
vim /etc/raddb/dictionary
#在最后添加以下:
ATTRIBUTE Daily-Session-Time integer
ATTRIBUTE Max-Daily-Session integer
在mysql库创建相应的字段:
mysql -uradius -p
mysql> use radius;
mysql> delete from radacct;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , is seconds = 8h
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , 'users', 'Login-Time', ':=', 'Al0001-2359');
3、限制用户的每日和每月的数据使用和帐户到期
vim /etc/raddb/sql/mysql/counter.conf
#在最后添加以下:
sqlcounter dailytrafficcounter {
counter-name = Daily-Traffic
check-name = Max-Daily-Traffic
reply-name = Daily-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
vim /etc/raddb/dictionary
#在最后添加以下:
ATTRIBUTE Max-Daily-Traffic integer
ATTRIBUTE Daily-Traffic-Limit integer
ATTRIBUTE Max-Monthly-Traffic integer
ATTRIBUTE Monthly-Traffic-Limit integer
vim /etc/raddb/sites-available/default
#在193行之后添加
dailytrafficcounter
monthlytrafficcounter
在mysql库创建相应的字段:
mysql -uroot -p
mysql> use radius;
mysql> delete from radacct;
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , bytes=** bytes= Gbyte, 填写时以byte为单位 每月最大流量1G
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , bytes=**= Mbyte 每天最大流量为100M
mysql> INSERT INTO radgroupcheck ( id , GroupName , Attribute , op , Value ) VALUES (NULL , 'users', 'Expiration', ':=', '1 Oct 2017'); # 设定账号过期
service radiusd restart
到此,所有的都已经部署完毕了!祝你成功!
如有问题可在下方回复!
CentOS6.5 部署VPN管理系统(StrongSwan+iKEv2+Freeradiu+Mysql+Daloradius)的更多相关文章
- [svc]centos6上部署openvpn+gg二步认证
最近又发现个新的vpn: wireguard 为了满足员工在家办公的需求.需要 openvpn+gg方案 在centos6上部署openvpn 参考 1.安装前准备 wget -O /etc/yum. ...
- strongSwan IKEv2服务器配置
strongSwan IKEv2服务器配置 资料来源 https://www.cl.cam.ac.uk/~mas90/resources/strongswan/ 经过大量的反复试验,我配置了一个str ...
- centos6 Cacti部署文档
centos6 Cacti部署文档 1.安装依赖 yum -y install mysql mysql-server mysql-devel httpd php php-pdo php-snmp ph ...
- CentOS6.6部署OpenStack Havana(Nova-Network版)
CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...
- Centos6.6部署Redis集群
Centos6.6部署Redis集群 1环境准备 1环境安装redis 1安装ruby 2配置redis主从环境 3部署redis sentinel服务器 5集群使用 13当前集群环境说明 13测试功 ...
- 【Linux学习笔记1】-centos6.9部署django
一,centos6.9部署django 部署套件:centos6.9+nginx+mysql+uwsgi+python3+django 首先还是要明白这几个部分之间的关系(自己也是初学者,希望 ...
- CentOS6.9部署Redis3.2.9+FastDFS_4.06+Nginx1.5.0
CentOS6.9部署Redis3.2.9+FastDFS_4.06+Nginx1.5.0 原文链接:https://www.toutiao.com/i6481931577499582990/ 一.上 ...
- centos6.5上安装5.7版本的mysql
centos6.5上安装5.7版本的mysql https://www.cnblogs.com/lzj0218/p/5724446.html 设置root可以在本机以外的机器访问 mysql -uro ...
- 简单一键CENTOS6 安装PPTP VPN方法记录
申明:我们使用PPTP VPN仅仅只能用在查阅资料等正规渠道,不要用在不良用途上.方法收集于网上,这里我用在搬瓦工VPS(VPS方案直达),采用的是CENTOS6 64位系统.我们需要预先将VPS服务 ...
随机推荐
- 浅谈DevExpress<二>:设计一个完整界面(1)
昨天谈了界面的换肤问题,今天拿一个简单的界面来介绍一下怎么设计一个五脏俱全的界面,总体效果如下图(种类的图片随便找的^^):
- memcpy的实现
memcpy的实现看起来貌似比较简单,但是也是有注意的地方! void *memcpy(void *dst, const void *src, size_t size) { //check argum ...
- 实现栈最小元素的min函数
#include<iostream> #include<stack> using namespace std; class min_stack { public: void p ...
- 活动图activity diagram
活动图activity diagram 系列文章 [UML]UML系列——用例图Use Case [UML]UML系列——用例图中的各种关系(include.extend) [UML]UML系列——类 ...
- formValidator
formValidator输入验证.异步验证实例 + licenseImage验证码插件实例应用 实例技术:springmvc 实现功能:完整用户登录流程.输入信息规则校验.验证码异步校验. 功能 ...
- 目标HttpController在ASP.NET Web API中是如何被激活的:目标HttpController的创建
目标HttpController在ASP.NET Web API中是如何被激活的:目标HttpController的创建 通过上面的介绍我们知道利用HttpControllerSelector可以根据 ...
- Ruby编码
目录 背景字符串可以使用不同的编码编码转换编码强制不同编码的字符串相加后是啥结果?一直没使用过的\u和\x使用Sublime开发Ruby时,输出到控制台的字符串为啥不能使用多种编码?备注 背景返回目录 ...
- SQL Server 如何读写数据
01. SQL Server 如何读写数据 一. 数据读写流程简要SQL Server作为一个关系型数据库,自然也维持了事务的ACID特性,数据库的读写冲突由事务隔离级别控制.无论有没有显示开启事 ...
- Winform程序
故事的开端是这样的,小白是一个程序员,他确实也是一个小白,目前还在程序员发展的道路上,兢兢业业的小心求学. 有一天,小白接到一个任务,完成一个Winform程序,附加一个功能就是可以读IC卡. 小白终 ...
- 一步一步深入spring(7)-- 整合spring和JDBC的环境
1.配置数据源 (1).添加支持数据源的jar包commons-dbcp.jar .commons-pool.jar 当然也要添加其他的spring用到的jar以及这里用到的数据库mysql的jar ...