CentOS under IPSEC/L2TP VPN One-click installation Script (OPENSWAN+XL2TPD)

The concept of things here no longer repeat, there are too many online, a key installation script also has a lot, but many can not be used, can be used only in the CentOS6 under the use, CentOS7 basically did not see these installation scripts. Then spent some time to toss the test, write this script to facilitate the VPN after the installation of a key to build. The open source package is Openswan and xl2tpd, and there are many problems in the middle, such as compatibility between Openswan and XL2TPD.

Please allow me to do this, the script relies on the "Lnmp one-click installation Package", you can perform this script (vpn_centos.sh) to build your personal VPN after installing LNMP.

CentOS 6, 7 under IPSEC/L2TP VPN One-click installation script, as follows:

The code is as follows

# Check If user is root [$ (id-u)!= "0"] && echo "error:you must is root to run this script" && exit 1 Export Path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin Clear printf " ####################################################################### # Lnmp/lamp/lanmp for Centos/radhat 5+ Debian 6+ and Ubuntu 12+ # ####################################################################### " [!-e ' src '] && mkdir src CD src . .. /functions/download.sh While: Todo Echo Read-p "Please input ip-range (Default range:10.0.2):" IPRange [-Z "$iprange"] && iprange= "10.0.2" If [-Z ' echo $iprange | Grep-o ' [0-9]{1,3}. [0-9] {1,3}. [0-9] {1,3}$ ' "];then Echo-e "33[31minput error! Input format:xxx.xxx.xxx33[0m " Else Break Fi Done Echo Read-p "Please input PSK (Default Psk:psk):" Mypsk [-Z "$MYPSK"] && mypsk= "PSK" While: Todo Echo Read-p "Please input username:" Username [-N ' $Username] && break Done While: Todo Echo Read-p "Please input password:" Password [-N ' $Password] && break Done Clear Public_ip= '.. /functions/get_public_ip.py ' Get_char () { Savedstty= ' Stty-g ' Stty-echo Stty Cbreak DD If=/dev/tty Bs=1 count=1 2>/dev/null Stty-raw Stty Echo Stty $SAVEDSTTY } echo "" echo "ServerIP: $public _ip" echo "" echo "Server local IP: $iprange. 1" echo "" echo "Client Remote IP Range: $iprange. $iprange. 254" echo "" echo "PSK: $MYPSK" echo "" echo "Press any key to start ..." Char= ' Get_char ' Clear If [-N "' grep ' CentOS Linux release 7 '/etc/redhat-release '"];then Centos_rel=7 For Package in wget PPP iptables iptables-services make gcc gmp-devel xmlto Bison flex Xmlto libpcap-devel lsof Vim-enhanc Ed Todo Yum-y Install $Package Done echo ' Net.ipv4.ip_forward = 1 ' >>/etc/sysctl.conf elif [-n] ' grep ' CentOS release 6 '/etc/redhat-release '];then Centos_rel=6 In wget PPP iptables make gcc gmp-devel xmlto Bison flex Xmlto libpcap-devel lsof vim-enhanced Todo Yum-y Install $Package Done Sed-i ' s@net.ipv4.ip_forward.* @net. Ipv4.ip_forward = 1@g '/etc/sysctl.conf Else ECHO-E "33[31mdoes not support this OS, please contact the author! 33[0m " Exit 1 Fi Sysctl-p Mknod/dev/random C 1 9 src_url=https://download.openswan.org/openswan/old/openswan-2.6/openswan-2.6.38.tar.gz && DOWNLOAD_SRC Tar xzf openswan-2.6.38.tar.gz CD openswan-2.6.38 Make programs Install Cd.. Cat >/etc/ipsec.conf<<eof Config setup Nat_traversal=yes Virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 Oe=off Protostack=netkey Plutostderrlog=/var/log/ipsec.log Conn L2tp-psk-nat Rightsubnet=vhost:%priv Also=l2tp-psk-nonat Conn L2tp-psk-nonat Authby=secret Type=tunnel Pfs=no Auto=add Keyingtries=3 Rekey=no ikelifetime=8h keylife=1h left= $public _ip leftprotoport=17/1701 Right=%any Rightprotoport=17/%any rightsubnetwithin=0.0.0.0/0 Dpddelay=30 dpdtimeout=120 Dpdaction=clear Eof Cat >/etc/ipsec.secrets<<eof $public _ip%any:psk "$MYPSK" Eof Cat >/usr/bin/zl2tpset << EOF #!/bin/bash For each in/proc/sys/net/ipv4/conf/* Todo echo 0 > $each/accept_redirects echo 0 > $each/send_redirects Done Eof chmod +x/usr/bin/zl2tpset /usr/bin/zl2tpset [-Z ' grep zl2tpset/etc/rc.local '] && echo '/usr/bin/zl2tpset ' >>/etc/rc.local Service IPSec restart src_url=http://pkgs.fedoraproject.org/repo/pkgs/xl2tpd/xl2tpd-1.3.6.tar.gz/2f526cc0c36cf6d8a74f1fb2e08c18ec/ xl2tpd-1.3.6.tar.gz && DOWNLOAD_SRC Tar xzf xl2tpd-1.3.6.tar.gz CD xl2tpd-1.3.6 Make install [!-e "/var/run/xl2tpd"] && mkdir/var/run/xl2tpd [!-e "/etc/xl2tpd"] && mkdir/etc/xl2tpd Cd.. Cat >/etc/xl2tpd/xl2tpd.conf<<eof [Global] LISTEN-ADDR = $public _ip IPSec Saref = yes [LNS Default] IP range = $iprange. $iprange. 254 Local IP = $iprange. 1 Refuse chap = YES Refuse Pap = yes Require authentication = yes PPP debug = Yes Pppoptfile =/etc/ppp/options.xl2tpd Length bit = yes Eof Cat >/etc/ppp/options.xl2tpd<<eof Require-mschap-v2 Ms-dns 8.8.8.8 Ms-dns 8.8.4.4 Noccp Asyncmap 0 Auth Crtscts Lock Hide-password Modem Debug Name L2TPD Proxyarp Lcp-echo-interval 30 Lcp-echo-failure 4 Idle 1800 MTU 1410 MRU 1410 Nodefaultroute Connect-delay 5000 LOGFD 2 Logfile/var/log/l2tpd.log Eof Cat >>/etc/ppp/chap-secrets<<eof $Username L2TPD $Password * Eof Network_int= ' route | grep default | awk ' {print $NF} ' iptables-t nat-a postrouting-s ${iprange}.0/24-o $NETWOR K_int-j Masquerade Iptables-i forward-s ${iprange}.0/24-j ACCEPT iptables-i forward-d ${iprange}.0/24-j ACC EPT iptables-i input-p UDP--dport 1701-j ACCEPT iptables-i input-p UDP--dport 500-j ACCEPT Iptables-i Input-p UDP--dport 4500-j ACCEPT Service iptables save Service IPSec restart xl2tpd chkconfig IPSec O N Clear IPSec verify printf ServerIP: $public _ip PSK: $MYPSK Username: $Username password:$ Password the