CentOS中文网

CentOS7一键VPN脚本

CentOS中文网 https://www.centos.net.cn 2015-05-14 15:34 出处:网络 编辑:@iCMS
安装PPTP脚本 ------------------------------------------------------------------ #!/bin/bash yum-yupdate

安装PPTP脚本

------------------------------------------------------------------

#!/bin/bash

yum -y update

wget -c http://dl.fedoraproject.org/pub/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm

yum -y install pptpd-1.4.0-2.el7.x86_64.rpm

cp -rf /etc/pptpd.conf /etc/pptpd.conf.bak

cat >> /etc/pptpd.conf << EOF

localip 192.168.144.1

remoteip 192.168.144.2-254

EOF

cp -rf /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak

cat >> /etc/ppp/options.pptpd <<EOF

ms-dns 8.8.8.8

ms-dns 8.8.4.4

EOF

yum -y install ppp

cp -rf /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak

cat >> /etc/ppp/chap-secrets << EOF

vpn pptpd 123456 *

EOF

cp -rf /etc/rc.d/rc.local /etc/rc.d/rc.local.bak

cat >> /etc/rc.d/rc.local <<EOF

iptables -A INPUT -p gre -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE

iptables -A INPUT -p tcp -m multiport --dport 1723 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

systemctl restart pptpd

EOF

chmod +x /etc/rc.d/rc.local

iptables -A INPUT -p gre -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

systemctl restart pptpd

systemctl enable pptpd

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo "Success! And the VPN account is:"

echo "Method:PPTP"

echo "User:vpn"

echo "Password:123456"

echo "If you want modify, with vim tool at /etc/ppp/chap-secrets"

echo "Good luck!"

-------------------------------------------------------------

安装L2tp脚本

----------------------------------------------------------

#!/bin/bash

yum -y update

yum -y install openswan net-tools

mv /etc/ipsec.conf /etc/ipsec.conf.bak

cat >> /etc/ipsec.conf << EOF

config setup

protostack=netkey

dumpdir=/var/run/pluto/

nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

conn L2TP-PSK-NAT

rightsubnet=vhost:%priv

also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT

authby=secret

pfs=no

auto=add

keyingtries=3

rekey=no

ikelifetime=8h

keylife=1h

type=transport

left=YOUR_IPADDR

leftprotoport=17/1701

right=%any

rightprotoport=17/%any

EOF

mv /etc/ipsec.secrets /etc/ipsec.secrets.bak

cat >> /etc/ipsec.secrets << EOF

include /etc/ipsec.d/*.secrets

YOUR_IPADDR %any: PSK "www.so-love.com"

EOF

echo "+++++++++++++++++++++++++++"

echo "Shell Test that your ip is:"

echo $(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}..{1,3}..{1,3}..{1,3}/) print $3}')

sed -i "s/YOUR_IPADDR/$(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}..{1,3}..{1,3}..{1,3}/) print $3}')/g" /etc/ipsec.conf

sed -i "s/YOUR_IPADDR/$(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}..{1,3}..{1,3}..{1,3}/) print $3}')/g" /etc/ipsec.secrets

echo "+++++++++++++++++++++++++++"

echo 1 > /proc/sys/net/ipv4/ip_forward

for each in /proc/sys/net/ipv4/conf/*

do

echo 0 > $each/accept_redirects

echo 0 > $each/send_redirects

done

#cp -rf /etc/sysctl.conf /etc/sysctl.conf.bak

#echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf

#sysctl -p

systemctl restart ipsec.service

ipsec verify

# tail -f /var/log/secure

wget -c http://dl.fedoraproject.org/pub/epel/testing/7/x86_64/x/xl2tpd-1.3.6-7.el7.x86_64.rpm

yum install -y xl2tpd-1.3.6-7.el7.x86_64.rpm

mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bak

cat >> /etc/xl2tpd/xl2tpd.conf << EOF

[global]

[lns default]

ip range = 192.168.1.128-192.168.1.254

local ip = 192.168.1.99

require chap = yes

refuse pap = yes

require authentication = yes

name = LinuxVPNserver

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

EOF

yum -y install ppp

mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.bak

cat >> /etc/ppp/options.xl2tpd << EOF

ipcp-accept-local

ipcp-accept-remote

ms-dns 8.8.8.8

ms-dns 8.8.4.4

noccp

auth

crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

EOF

mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak

cat >> /etc/ppp/chap-secrets << EOF

# Secrets for authentication using CHAP

# client server secret IP addresses

vpn l2tpd 123456 *

EOF

cat >> /etc/rc.d/rc.local <<EOF

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

for each in /proc/sys/net/ipv4/conf/*

do

echo 0 > $each/accept_redirects

echo 0 > $each/send_redirects

done

systemctl restart ipsec.service

ps -ef | grep 'xl2tpd' || /usr/sbin/xl2tpd

EOF

chmod +x /etc/rc.d/rc.local

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

/usr/sbin/xl2tpd

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo "Success! And the VPN account is:"

echo "Method:L2TP"

echo "User:vpn"

echo "Password:123456"

echo "PSK:www.so-love.com"

echo "If you want modify, with vim tool at /etc/ppp/chap-secrets"

echo "Good luck!"

0

精彩评论

暂无评论...
验证码 换一张
取 消