• Home
    • Cool Knowledge base
    • Light Knowledge base
    • Help Desk
    • OnePage Documentation
  • Services
    • Main Services
    • PPC Services
    • SEO Services
    • SMM Services
  • Docs
  • Blog
    • Affiliate
    • Ecommerce
    • Frontend
    • linux
      • nginx
    • PHP
      • Magento
      • wordpress
    • Python
    • SEO
    • Web
  • Forum
    • Forums
    • Forum Topics
    • Topic Details
    • Ask Question
  • Pages
  • Contact

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

VideoJS – multiple source demo

2022-03-08

Add custom field to Woocommerce tab

2022-03-07

Surror Product Tabs for WooCommerce

2022-03-07
Facebook Twitter Instagram
  • 中文
  • English
Facebook Twitter Instagram Pinterest VKontakte
SEO & Website build tips SEO & Website build tips
  • Home
    • Cool Knowledge base
    • Light Knowledge base
    • Help Desk
    • OnePage Documentation
  • Services
    • Main Services
    • PPC Services
    • SEO Services
    • SMM Services
  • Docs
  • Blog
    • Affiliate
    • Ecommerce
    • Frontend
    • linux
      • nginx
    • PHP
      • Magento
      • wordpress
    • Python
    • SEO
    • Web
  • Forum
    • Forums
    • Forum Topics
    • Topic Details
    • Ask Question
  • Pages
  • Contact
SEO & Website build tips SEO & Website build tips
Home»linux»Centos»BoizZ/PPTP-L2TP-IPSec-VPN-auto-installation-script-for-CentOS-7
Centos

BoizZ/PPTP-L2TP-IPSec-VPN-auto-installation-script-for-CentOS-7

OxfordBy Oxford2018-02-07Updated:2019-01-15No Comments8 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

https://github.com/BoizZ/PPTP-L2TP-IPSec-VPN-auto-installation-script-for-CentOS-7

#!/bin/bash
#############################################################
# #
# This is a PPTP and L2TP VPN installation for CentOS 7 #
# Version: 1.1.1 20160507 #
# Author: Bon Hoo #
# Website: http://www.ccwebsite.com #
# #
#############################################################
#检测是否是root用户
if [[ $(id -u) != “0“ ]]; then
printf “e[42me[31mError: You must be root to run this install script.e[0mn“
exit 1
fi
#检测是否是CentOS 7或者RHEL 7
if [[ $(grep “release 7.“ /etc/redhat-release 2>/dev/null | wc -l) -eq 0 ]]; then
printf “e[42me[31mError: Your OS is NOT CentOS 7 or RHEL 7.e[0mn“
printf “e[42me[31mThis install script is ONLY for CentOS 7 and RHEL 7.e[0mn“
exit 1
fi
clear
printf “
#############################################################
# #
# This is a PPTP and L2TP VPN installation for CentOS 7 #
# Version: 1.1.1 20160507 #
# Author: Bon Hoo #
# Website: http://www.ccwebsite.com #
# #
#############################################################
“
#获取服务器IP
serverip=$(ifconfig -a |grep -w “inet“| grep -v “127.0.0.1“ |awk ‘{print $2;}‘)
printf “e[33m$serveripe[0m is the server IP?“
printf “If e[33m$serveripe[0m is e[33mcorrecte[0m, press enter directly.“
printf “If e[33m$serveripe[0m is e[33mincorrecte[0m, please input your server IP.“
printf “(Default server IP: e[33m$serveripe[0m):“
read serveriptmp
if [[ -n “$serveriptmp“ ]]; then
serverip=$serveriptmp
fi
#获取网卡接口名称
ethlist=$(ifconfig | grep “: flags“ | cut -d “:“ -f1)
eth=$(printf “$ethlistn“ | head -n 1)
if [[ $(printf “$ethlistn“ | wc -l) -gt 2 ]]; then
echo ======================================
echo “Network Interface list:“
printf “e[33m$ethliste[0mn“
echo ======================================
echo “Which network interface you want to listen for ocserv?“
printf “Default network interface is e[33m$ethe[0m, let it blank to use default network interface: “
read ethtmp
if [ -n “$ethtmp“ ]; then
eth=$ethtmp
fi
fi
#设置VPN拨号后分配的IP段
iprange=“10.0.1“
echo “Please input IP-Range:“
printf “(Default IP-Range: e[33m$iprangee[0m): “
read iprangetmp
if [[ -n “$iprangetmp“ ]]; then
iprange=$iprangetmp
fi
#设置预共享密钥
mypsk=“ueibo.cn“
echo “Please input PSK:“
printf “(Default PSK: e[33mueibo.cne[0m): “
read mypsktmp
if [[ -n “$mypsktmp“ ]]; then
mypsk=$mypsktmp
fi
#设置VPN用户名
username=“ueibo.com“
echo “Please input VPN username:“
printf “(Default VPN username: e[33mueibo.come[0m): “
read usernametmp
if [[ -n “$usernametmp“ ]]; then
username=$usernametmp
fi
#随机密码
randstr() {
index=0
str=““
for i in {a..z}; do arr[index]=$i; index=$(expr ${index} + 1); done
for i in {A..Z}; do arr[index]=$i; index=$(expr ${index} + 1); done
for i in {0..9}; do arr[index]=$i; index=$(expr ${index} + 1); done
for i in {1..10}; do str=“$str${arr[$RANDOM%$index]}“; done
echo $str
}
#设置VPN用户密码
password=$(randstr)
printf “Please input e[33m$usernamee[0m’s password:n“
printf “Default password is e[33m$passworde[0m, let it blank to use default password: “
read passwordtmp
if [[ -n “$passwordtmp“ ]]; then
password=$passwordtmp
fi
clear
#打印配置参数
clear
echo “Server IP:“
echo “$serverip“
echo
echo “Server Local IP:“
echo “$iprange.1“
echo
echo “Client Remote IP Range:“
echo “$iprange.10-$iprange.254“
echo
echo “PSK:“
echo “$mypsk“
echo
echo “Press any key to start…“
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
char=$(get_char)
clear
mknod /dev/random c 1 9
#更新组件
yum update -y
#安装epel源
yum install epel-release -y
#安装依赖的组件
yum install -y openswan ppp pptpd xl2tpd wget
#创建ipsec.conf配置文件
rm -f /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
# /etc/ipsec.conf – Libreswan IPsec configuration file
# This file: /etc/ipsec.conf
#
# Enable when using this configuration file with openswan instead of libreswan
#version 2
#
# Manual: ipsec.conf.5
# basic configuration
config setup
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=netkey
force_keepalive=yes
keep_alive=1800
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$serverip
leftid=$serverip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
leftnexthop=%defaultroute
rightnexthop=%defaultroute
ike=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
phase2alg=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
sha2-truncbug=yes
# For example connections, see your distribution’s documentation directory,
# or the documentation which could be located at
# /usr/share/docs/libreswan-3.*/ or look at https://www.libreswan.org/
#
# There is also a lot of information in the manual page, “man ipsec.conf”
# You may put your configuration (.conf) file in the “/etc/ipsec.d/” directory
# by uncommenting this line
#include /etc/ipsec.d/*.conf
EOF
#设置预共享密钥配置文件
rm -f /etc/ipsec.secrets
cat >>/etc/ipsec.secrets<<EOF
#include /etc/ipsec.d/*.secrets
$serverip %any: PSK “$mypsk”
EOF
#创建pptpd.conf配置文件
rm -f /etc/pptpd.conf
cat >>/etc/pptpd.conf<<EOF
#ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
#debug
# stimeout 10
#noipparam
logwtmp
#vrf test
#bcrelay eth1
#delegate
#connections 100
localip $iprange.2
remoteip $iprange.200-254
EOF
#创建xl2tpd.conf配置文件
mkdir -p /etc/xl2tpd
rm -f /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
;
; This is a minimal sample xl2tpd configuration file for use
; with L2TP over IPsec.
;
; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec
; clients connect. In this example, the internal (protected) network
; is 192.168.1.0/24. A special IP range within this network is reserved
; for the remote clients: 192.168.1.128/25
; (i.e. 192.168.1.128 … 192.168.1.254)
;
; The listen-addr parameter can be used if you want to bind the L2TP daemon
; to a specific IP address instead of to all interfaces. For instance,
; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98
; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
; will be used by xl2tpd as its address on pppX interfaces.
[global]
; ipsec saref = yes
listen-addr = $serverip
auth file = /etc/ppp/chap-secrets
port = 1701
[lns default]
ip range = $iprange.10-$iprange.199
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
name = L2TPVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
#创建options.pptpd配置文件
mkdir -p /etc/ppp
rm -f /etc/ppp/options.pptpd
cat >>/etc/ppp/options.pptpd<<EOF
# Authentication
name pptpd
#chapms-strip-domain
# Encryption
# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}
# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#+chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40 # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}
ms-dns 8.8.4.4
ms-dns 8.8.8.8
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4
proxyarp
#10.8.0.100
# Logging
#debug
#dump
lock
nobsdcomp
novj
novjccomp
nologfd
EOF
#创建options.xl2tpd配置文件
rm -f /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
#require-pap
#require-chap
#require-mschap
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
mtu 1400
noccp
connect-delay 5000
# To allow authentication against a Windows domain EXAMPLE, and require the
# user to be in a group “VPN Users”. Requires the samba-winbind package
# require-mschap-v2
# plugin winbind.so
# ntlm_auth-helper ‘/usr/bin/ntlm_auth –helper-protocol=ntlm-server-1 –require-membership-of=”EXAMPLEVPN Users”‘
# You need to join the domain on the server, for example using samba:
# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
EOF
#创建chap-secrets配置文件,即用户列表及密码
rm -f /etc/ppp/chap-secrets
cat >>/etc/ppp/chap-secrets<<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
$username pptpd $password *
$username l2tpd $password *
EOF
#修改系统配置,允许IP转发
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.conf.default.rp_filter=0
sysctl -w net.ipv4.conf.$eth.rp_filter=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv4.conf.default.send_redirects=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_redirects=0
cat >>/etc/sysctl.conf<<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.$eth.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
EOF
#允许防火墙端口
cat >>/usr/lib/firewalld/services/pptpd.xml<<EOF
<?xml version=”1.0″ encoding=”utf-8″?>
<service>
<short>pptpd</short>
<description>PPTP and Fuck the GFW</description>
<port protocol=”tcp” port=”1723″/>
</service>
EOF
cat >>/usr/lib/firewalld/services/l2tpd.xml<<EOF
<?xml version=”1.0″ encoding=”utf-8″?>
<service>
<short>l2tpd</short>
<description>L2TP IPSec</description>
<port protocol=”udp” port=”500″/>
<port protocol=”udp” port=”4500″/>
<port protocol=”udp” port=”1701″/>
</service>
EOF
firewall-cmd –reload
firewall-cmd –permanent –add-service=pptpd
firewall-cmd –permanent –add-service=l2tpd
firewall-cmd –permanent –add-service=ipsec
firewall-cmd –permanent –add-masquerade
firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -p tcp -i ppp+ -j TCPMSS –syn –set-mss 1356
firewall-cmd –reload
#iptables –table nat –append POSTROUTING –jump MASQUERADE
#iptables -t nat -A POSTROUTING -s $iprange.0/24 -o $eth -j MASQUERADE
#iptables -t nat -A POSTROUTING -s $iprange.0/24 -j SNAT –to-source $serverip
#iptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356
#service iptables save
#允许开机启动
systemctl enable pptpd ipsec xl2tpd
systemctl restart pptpd ipsec xl2tpd
clear
#测试ipsec
ipsec verify
printf “
#############################################################
# #
# This is a PPTP and L2TP VPN installation for CentOS 7 #
# Version: 1.1.1 20160507 #
# Author: Bon Hoo #
# Website: http://www.ccwebsite.com #
# #
#############################################################
if there are no [FAILED] above, then you can
connect to your L2TP VPN Server with the default
user/password below:
ServerIP: $serverip
username: $username
password: $password

PSK: $mypsk

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Avatar photo
Oxford

Related Posts

Keep Your SSH Session Running when You Disconnect

2020-11-25

centos push jekyll to github

2020-11-13

Solved:Could not resolve host: mirrors.iuscommunity.org

2020-06-01

Install: Quick Install Magento 2 on litespeed

2019-11-25
Recent Posts
  • VideoJS – multiple source demo
  • Add custom field to Woocommerce tab
  • Surror Product Tabs for WooCommerce
  • How To Scrape Amazon at Scale With Python Scrapy, And Never Get Banned
  • Compile a Jekyll project without installing Jekyll or Ruby by using Docker
February 2018
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728  
« Dec   Apr »
Tags
app branding culture design digital Docly docs etc faq fashion featured fitness fix github Helpdesk Image issue leisure lifestyle magento Manual marketing memecached Photography picks planing seo sequrity tips Travel trending ui/ux web WordPress 爬虫
Editors Picks

Fujifilm’s 102-Megapixel Camera is the Size of a Typical DSLR

2021-01-05
Top Reviews
8.9

Which LED Lights for Nail Salon Safe? Comparison of Major Brands

By Oxford
8.9

Review: Xiaomi’s New Loudspeakers for Hi-fi and Home Cinema Systems

By Oxford
70

CES 2021 Highlights: 79 Top Photos, Products, and Much More

By Oxford
Advertisement
Demo
  • Facebook
  • Twitter
  • Instagram
  • Pinterest
About Us
About Us

Your source for the lifestyle news. This demo is crafted specifically to exhibit the use of the theme as a lifestyle site. Visit our main page for more demos.

We're accepting new partnerships right now.

Email Us: [email protected]
Contact: +1-320-0123-451

Facebook Twitter Instagram Pinterest YouTube LinkedIn
Recent Posts
  • VideoJS – multiple source demo
  • Add custom field to Woocommerce tab
  • Surror Product Tabs for WooCommerce
  • How To Scrape Amazon at Scale With Python Scrapy, And Never Get Banned
  • Compile a Jekyll project without installing Jekyll or Ruby by using Docker
From Flickr
Ascend
terns
casual
riders on the storm
chairman
mood
monument
liquid cancer
blue
basement
ditch
stars
© 2025 Designed by 九号资源网.

Type above and press Enter to search. Press Esc to cancel.