一键 l2tp for centos5
发布时间:2020-12-15 07:15:29 所属栏目:安全 来源:网络整理
导读:今天PHP站长网 52php.cn把收集自互联网的代码分享给大家,仅供参考。 #!/bin/bashif [ $(id -u) != "0" ]; then printf "Error: You must be root to run this tool!n" exit 1ficlearprintf "##########################
|
以下代码由PHP站长网 52php.cn收集自互联网 现在PHP站长网小编把它分享给大家,仅供参考 #!/bin/bash
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this tool!n"
exit 1
fi
clear
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.3 #
# Author: Zed Lau #
# Modify: tension #
# Modify: K 20140120 #
# Website: http://zeddicus.com #
# For CentOS 32bit and 64bit #
# #
####################################################
"
vpsip=`hostname -i`
username="tension"
echo "请输入用户名:"
read -p "(默认用户名: tension):" username
if [ "$username" = "" ]; then
username="elinkhost"
fi
password="elinkhost"
echo "请输入密码:"
read -p "(默认密码: elinkhost):" password
if [ "$password" = "" ]; then
password="elinkhost"
fi
mypsk="elinkhost"
echo "请输入安全码:"
read -p "(默认安全码: elinkhost):" mypsk
if [ "$mypsk" = "" ]; then
mypsk="elinkhost"
fi
iprange="10.0.0"
echo "请输入远程客户端IP范围:"
read -p "(默认范围: 10.0.0):" iprange
if [ "$iprange" = "" ]; then
iprange="10.0.0"
fi
clear
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "服务器IP:"
echo "$vpsip"
echo ""
echo "服务器本地 IP:"
echo "$iprange.1"
echo ""
echo "用户名:"
echo "$username"
echo ""
echo "密码:"
echo "$password"
echo ""
echo "安全码:"
echo "$mypsk"
echo ""
echo "远程客户端IP范围:"
echo "$iprange.2-$iprange.254"
echo ""
echo "请按任意键开始..."
char=`get_char`
clear
mknod /dev/random c 1 9
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
# install openswan ipsec
if [ ! -f "./openswan.tar.gz" ]; then
wget -c -O openswan.tar.gz --secure-protocol=auto --no-check-certificate https://download.openswan.org/openswan/openswan-2.6.33.tar.gz
fi
tar -zxvf openswan.tar.gz
cd ./openswan*/
make programs install
if [ -f "/etc/ipsec.conf" ]; then
mv /etc/ipsec.conf /etc/ipsec_bak_`date "+%Y%m%d-%H%M%S"`.conf
fi
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=30
dpdtimeout=110
dpdaction=clear
leftnexthop=%defaultroute
rightnexthop=%defaultroute
EOF
if [ -f "/etc/ipsec.secrets" ]; then
mv /etc/ipsec.secrets /etc/ipsec_bak_`date "+%Y%m%d-%H%M%S"`.secrets
fi
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$mypsk"
EOF
# end install openswan ipsec
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
echo "net.core.xfrm_larval_drop=1">>/etc/sysctl.conf
sysctl -p
cd -
# install rp-l2tp ctl
if [ ! -f "rp-l2tp.tar.gz" ]; then
wget -c -O rp-l2tp.tar.gz --secure-protocol=auto --no-check-certificate http://mirror.zeddicus.com/sources/rp-l2tp-0.4.tar.gz
fi
tar zxvf rp-l2tp.tar.gz
cd ./rp-l2tp*/
./configure
make
if [ -f "/usr/local/sbin/l2tp-control" ]; then
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
fi
# end install rp-l2tp ctl
cd -
# install xl2tpd
if [ ! -f "xl2tpd.tar.gz" ]; then
wget -c -O xl2tpd.tar.gz --secure-protocol=auto --no-check-certificate http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz
fi
tar zxvf xl2tpd.tar.gz
cd ./xl2tpd*/
make install
# end install xl2tpd
mkdir /etc/xl2tpd
if [ -f "/etc/xl2tpd/xl2tpd.conf" ]; then
mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd_bak_`date "+%Y%m%d-%H%M%S"`.conf
fi
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = no
[lns default]
name = myVPNserver
ip range = $iprange.2-$iprange.254
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
if [ -f "/etc/ppp/options.xl2tpd" ]; then
mv /etc/ppp/options.xl2tpd /etc/ppp/options_bak_`date "+%Y%m%d-%H%M%S"`.xl2tpd
fi
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
nodefaultroute
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
cat >>/etc/ppp/chap-secrets<<EOF
$username l2tpd $password *
EOF
touch /usr/bin/zl2tpset
cat >/usr/bin/zl2tpset<<EOF
#/bin/bash
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
#echo 1 > /proc/sys/net/core/xfrm_larval_drop
EOF
chmod +x /usr/bin/zl2tpset
# setting iptables policies and save policies
service iptables start
iptables --table nat --append POSTROUTING --jump MASQUERADE
iptables -I RH-Firewall-1-INPUT -p udp -m multiport --dport 53,1701,4500,500 -j ACCEPT
service iptables save
service iptables reload
# end setting iptables policies and save policies
service ipsec restart
zl2tpset
xl2tpd
service ipsec restart
cat >>/etc/rc.local<<EOF
/usr/bin/zl2tpset
/usr/local/sbin/xl2tpd
service ipsec restart
EOF
clear
ipsec verify
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.3 #
# Author: Zed Lau #
# Modify: tension #
# Modify: K 20140120 #
# Website: http://zeddicus.com #
# For CentOS 32bit and 64bit #
# #
####################################################
如果上面没有出现 [FAILED],那么你就可以
连接您的L2TP VPN服务器
用户/密码:
ServerIP:$vpsip
用户名:$username
密码:$password
安全码:$mypsk
"
以上内容由PHP站长网【52php.cn】收集整理供大家参考研究 如果以上内容对您有帮助,欢迎收藏、点赞、推荐、分享。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |