#!/bin/bash if [ $(id -u) != "0" ]; then printf "Error: You must be root to run this tool!\n" exit 1 fi clear printf " #################################################### # # # This is a Shell-Based tool of l2tp installation # # Version: 1.3 # # Author: Zed Lau # # Modify: tension # # Modify: K 20140120 # # Website: http://zeddicus.com # # For CentOS 32bit and 64bit # # # #################################################### " vpsip=`hostname -i` username="tension" echo "请输入用户名:" read -p "(默认用户名: tension):" username if [ "$username" = "" ]; then username="elinkhost" fi password="elinkhost" echo "请输入密码:" read -p "(默认密码: elinkhost):" password if [ "$password" = "" ]; then password="elinkhost" fi mypsk="elinkhost" echo "请输入安全码:" read -p "(默认安全码: elinkhost):" mypsk if [ "$mypsk" = "" ]; then mypsk="elinkhost" fi iprange="10.0.0" echo "请输入远程客户端IP范围:" read -p "(默认范围: 10.0.0):" iprange if [ "$iprange" = "" ]; then iprange="10.0.0" fi clear get_char() { SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY } echo "" echo "服务器IP:" echo "$vpsip" echo "" echo "服务器本地 IP:" echo "$iprange.1" echo "" echo "用户名:" echo "$username" echo "" echo "密码:" echo "$password" echo "" echo "安全码:" echo "$mypsk" echo "" echo "远程客户端IP范围:" echo "$iprange.2-$iprange.254" echo "" echo "请按任意键开始..." char=`get_char` clear mknod /dev/random c 1 9 yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced mkdir /ztmp mkdir /ztmp/l2tp cd /ztmp/l2tp # install openswan ipsec if [ ! -f "./openswan.tar.gz" ]; then wget -c -O openswan.tar.gz --secure-protocol=auto --no-check-certificate https://download.openswan.org/openswan/openswan-2.6.33.tar.gz fi tar -zxvf openswan.tar.gz cd ./openswan*/ make programs install if [ -f "/etc/ipsec.conf" ]; then mv /etc/ipsec.conf /etc/ipsec_bak_`date "+%Y%m%d-%H%M%S"`.conf fi touch /etc/ipsec.conf cat >>/etc/ipsec.conf<<EOF config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=$vpsip leftprotoport=17/1701 right=%any rightprotoport=17/%any dpddelay=30 dpdtimeout=110 dpdaction=clear leftnexthop=%defaultroute rightnexthop=%defaultroute EOF if [ -f "/etc/ipsec.secrets" ]; then mv /etc/ipsec.secrets /etc/ipsec_bak_`date "+%Y%m%d-%H%M%S"`.secrets fi cat >>/etc/ipsec.secrets<<EOF $vpsip %any: PSK "$mypsk" EOF # end install openswan ipsec sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf echo "net.core.xfrm_larval_drop=1">>/etc/sysctl.conf sysctl -p cd - # install rp-l2tp ctl if [ ! -f "rp-l2tp.tar.gz" ]; then wget -c -O rp-l2tp.tar.gz --secure-protocol=auto --no-check-certificate http://mirror.zeddicus.com/sources/rp-l2tp-0.4.tar.gz fi tar zxvf rp-l2tp.tar.gz cd ./rp-l2tp*/ ./configure make if [ -f "/usr/local/sbin/l2tp-control" ]; then cp handlers/l2tp-control /usr/local/sbin/ mkdir /var/run/xl2tpd/ ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control fi # end install rp-l2tp ctl cd - # install xl2tpd if [ ! -f "xl2tpd.tar.gz" ]; then wget -c -O xl2tpd.tar.gz --secure-protocol=auto --no-check-certificate http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz fi tar zxvf xl2tpd.tar.gz cd ./xl2tpd*/ make install # end install xl2tpd mkdir /etc/xl2tpd if [ -f "/etc/xl2tpd/xl2tpd.conf" ]; then mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd_bak_`date "+%Y%m%d-%H%M%S"`.conf fi touch /etc/xl2tpd/xl2tpd.conf cat >>/etc/xl2tpd/xl2tpd.conf<<EOF [global] ipsec saref = no [lns default] name = myVPNserver ip range = $iprange.2-$iprange.254 local ip = $iprange.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes EOF if [ -f "/etc/ppp/options.xl2tpd" ]; then mv /etc/ppp/options.xl2tpd /etc/ppp/options_bak_`date "+%Y%m%d-%H%M%S"`.xl2tpd fi touch /etc/ppp/options.xl2tpd cat >>/etc/ppp/options.xl2tpd<<EOF require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem nodefaultroute debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 EOF cat >>/etc/ppp/chap-secrets<<EOF $username l2tpd $password * EOF touch /usr/bin/zl2tpset cat >/usr/bin/zl2tpset<<EOF #/bin/bash for each in /proc/sys/net/ipv4/conf/* do echo 0 > \$each/accept_redirects echo 0 > \$each/send_redirects done #echo 1 > /proc/sys/net/core/xfrm_larval_drop EOF chmod +x /usr/bin/zl2tpset # setting iptables policies and save policies service iptables start iptables --table nat --append POSTROUTING --jump MASQUERADE iptables -I RH-Firewall-1-INPUT -p udp -m multiport --dport 53,1701,4500,500 -j ACCEPT service iptables save service iptables reload # end setting iptables policies and save policies service ipsec restart zl2tpset xl2tpd service ipsec restart cat >>/etc/rc.local<<EOF /usr/bin/zl2tpset /usr/local/sbin/xl2tpd service ipsec restart EOF clear ipsec verify printf " #################################################### # # # This is a Shell-Based tool of l2tp installation # # Version: 1.3 # # Author: Zed Lau # # Modify: tension # # Modify: K 20140120 # # Website: http://zeddicus.com # # For CentOS 32bit and 64bit # # # #################################################### 如果上面没有出现 [FAILED],那么你就可以 连接您的L2TP VPN服务器 用户/密码: ServerIP:$vpsip 用户名:$username 密码:$password 安全码:$mypsk "