CentOS under IPSEC/L2TP VPN One-click installation Script (OPENSWAN+XL2TPD)

Source: Internet
Author: User
Tags gmp mkdir centos iptables


The concept of things here no longer repeat, there are too many online, a key installation script also has a lot, but many can not be used, can be used only in the CentOS6 under the use, CentOS7 basically did not see these installation scripts. Then spent some time to toss the test, write this script to facilitate the VPN after the installation of a key to build. The open source package is Openswan and xl2tpd, and there are many problems in the middle, such as compatibility between Openswan and XL2TPD.



Please allow me to do this, the script relies on the "Lnmp one-click installation Package", you can perform this script (vpn_centos.sh) to build your personal VPN after installing LNMP.



CentOS 6, 7 under IPSEC/L2TP VPN One-click installation script, as follows:


The code is as follows


# Check If user is root
[$ (id-u)!= "0"] && echo "error:you must is root to run this script" && exit 1



Export Path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Clear
printf "
#######################################################################
# Lnmp/lamp/lanmp for Centos/radhat 5+ Debian 6+ and Ubuntu 12+ #
#######################################################################
"
[!-e ' src '] && mkdir src
CD src
. .. /functions/download.sh



While:
Todo
Echo
Read-p "Please input ip-range (Default range:10.0.2):" IPRange
[-Z "$iprange"] && iprange= "10.0.2"
If [-Z ' echo $iprange | Grep-o ' [0-9]{1,3}. [0-9] {1,3}. [0-9] {1,3}$ ' "];then
Echo-e "33[31minput error! Input format:xxx.xxx.xxx33[0m "
Else
Break
Fi
Done



Echo
Read-p "Please input PSK (Default Psk:psk):" Mypsk
[-Z "$MYPSK"] && mypsk= "PSK"



While:
Todo
Echo
Read-p "Please input username:" Username
[-N ' $Username] && break
Done



While:
Todo
Echo
Read-p "Please input password:" Password
[-N ' $Password] && break
Done
Clear



Public_ip= '.. /functions/get_public_ip.py '



Get_char ()
{
Savedstty= ' Stty-g '
Stty-echo
Stty Cbreak
DD If=/dev/tty Bs=1 count=1 2>/dev/null
Stty-raw
Stty Echo
Stty $SAVEDSTTY
}



echo ""
echo "ServerIP: $public _ip"
echo ""
echo "Server local IP: $iprange. 1"
echo ""
echo "Client Remote IP Range: $iprange. $iprange. 254"
echo ""
echo "PSK: $MYPSK"
echo ""
echo "Press any key to start ..."
Char= ' Get_char '
Clear


If [-N "' grep ' CentOS Linux release 7 '/etc/redhat-release '"];then
Centos_rel=7
For Package in wget PPP iptables iptables-services make gcc gmp-devel xmlto Bison flex Xmlto libpcap-devel lsof Vim-enhanc Ed
Todo
Yum-y Install $Package
Done
echo ' Net.ipv4.ip_forward = 1 ' >>/etc/sysctl.conf
elif [-n] ' grep ' CentOS release 6 '/etc/redhat-release '];then
Centos_rel=6
In wget PPP iptables make gcc gmp-devel xmlto Bison flex Xmlto libpcap-devel lsof vim-enhanced
Todo
Yum-y Install $Package
Done
Sed-i ' s@net.ipv4.ip_forward.* @net. Ipv4.ip_forward = 1@g '/etc/sysctl.conf
Else
ECHO-E "33[31mdoes not support this OS, please contact the author! 33[0m "
Exit 1
Fi


Sysctl-p
Mknod/dev/random C 1 9
src_url=https://download.openswan.org/openswan/old/openswan-2.6/openswan-2.6.38.tar.gz && DOWNLOAD_SRC
Tar xzf openswan-2.6.38.tar.gz
CD openswan-2.6.38
Make programs Install
Cd..



Cat >/etc/ipsec.conf<<eof
Config setup
Nat_traversal=yes
Virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
Oe=off
Protostack=netkey
Plutostderrlog=/var/log/ipsec.log



Conn L2tp-psk-nat
Rightsubnet=vhost:%priv
Also=l2tp-psk-nonat



Conn L2tp-psk-nonat
Authby=secret
Type=tunnel
Pfs=no
Auto=add
Keyingtries=3
Rekey=no
ikelifetime=8h
keylife=1h
left= $public _ip
leftprotoport=17/1701
Right=%any
Rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
Dpddelay=30
dpdtimeout=120
Dpdaction=clear
Eof



Cat >/etc/ipsec.secrets<<eof
$public _ip%any:psk "$MYPSK"
Eof



Cat >/usr/bin/zl2tpset << EOF
#!/bin/bash
For each in/proc/sys/net/ipv4/conf/*
Todo
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
Done
Eof



chmod +x/usr/bin/zl2tpset
/usr/bin/zl2tpset
[-Z ' grep zl2tpset/etc/rc.local '] && echo '/usr/bin/zl2tpset ' >>/etc/rc.local
Service IPSec restart
src_url=http://pkgs.fedoraproject.org/repo/pkgs/xl2tpd/xl2tpd-1.3.6.tar.gz/2f526cc0c36cf6d8a74f1fb2e08c18ec/ xl2tpd-1.3.6.tar.gz && DOWNLOAD_SRC
Tar xzf xl2tpd-1.3.6.tar.gz
CD xl2tpd-1.3.6
Make install



[!-e "/var/run/xl2tpd"] && mkdir/var/run/xl2tpd
[!-e "/etc/xl2tpd"] && mkdir/etc/xl2tpd
Cd..



Cat >/etc/xl2tpd/xl2tpd.conf<<eof
[Global]
LISTEN-ADDR = $public _ip
IPSec Saref = yes
[LNS Default]
IP range = $iprange. $iprange. 254
Local IP = $iprange. 1
Refuse chap = YES
Refuse Pap = yes
Require authentication = yes
PPP debug = Yes
Pppoptfile =/etc/ppp/options.xl2tpd
Length bit = yes
Eof



Cat >/etc/ppp/options.xl2tpd<<eof
Require-mschap-v2
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
Noccp
Asyncmap 0
Auth
Crtscts
Lock
Hide-password
Modem
Debug
Name L2TPD
Proxyarp
Lcp-echo-interval 30
Lcp-echo-failure 4
Idle 1800
MTU 1410
MRU 1410
Nodefaultroute
Connect-delay 5000
LOGFD 2
Logfile/var/log/l2tpd.log
Eof



Cat >>/etc/ppp/chap-secrets<<eof
$Username L2TPD $Password *
Eof



Network_int= ' route | grep default | awk ' {print $NF} '
iptables-t nat-a postrouting-s ${iprange}.0/24-o $NETWOR K_int-j Masquerade
Iptables-i forward-s ${iprange}.0/24-j ACCEPT
iptables-i forward-d ${iprange}.0/24-j ACC EPT
iptables-i input-p UDP--dport 1701-j ACCEPT
iptables-i input-p UDP--dport 500-j ACCEPT
Iptables-i Input-p UDP--dport 4500-j ACCEPT
Service iptables save
Service IPSec restart
xl2tpd
chkconfig IPSec O N
Clear
IPSec verify
printf
ServerIP: $public _ip
PSK: $MYPSK
Username: $Username
password:$ Password the


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.