xiaolai-l2tpd-ipsec

by xiaolai
265 deployments · 32 still active · last rev. 2 years ago

IPSEC/L2TP

Compatible with: No distros currently supported
						#!/bin/bash

# <UDF name="vpn_servicename" Label="VPN Service Name" default="l2tp" example="l2tp" />
# <UDF name="vpn_psk" Label="PSK" default="fuckgfw" example="fuckgfw" />
# <UDF name="vpn_iprange" Label="IP Range" default="10.0.100" example="10.0.100" />
# <UDF name="vpn_username" Label="Username" default="xiaolai" example="xiaolai" />
# <UDF name="vpn_password" Label="Password" default="xiaolai" example="xiaolai" />

system_update
goodstuff
serveripaddress=`hostname -i`
apt-get install -y build-essential libgmp3-dev bison flex libpcap-dev ppp lsof
cd /usr/src
wget http://pkgs.fedoraproject.org/repo/pkgs/openswan/openswan-2.6.24.tar.gz/1c76b6982c05392f7c360afb92699661/openswan-2.6.24.tar.gz
tar zxvf openswan-2.6.24.tar.gz
cd openswan-2.6.24
make programs install
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=$serveripaddress
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
EOF
cat >>/etc/ipsec.secrets<<EOF
$serveripaddress	%any:	PSK	"$VPN_PSK"
EOF
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
cd /usr/src
wget http://ncu.dl.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd /usr/src
wget http://ywko.googlecode.com/files/xl2tpd-1.2.4.tar.gz
tar zxvf xl2tpd-1.2.4.tar.gz
cd xl2tpd-1.2.4
make install
mkdir /etc/xl2tpd
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $VPN_IPRANGE.2-$VPN_IPRANGE.254
local ip = $VPN_IPRANGE.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name $VPN_SERVICENAME
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
cat >>/etc/ppp/chap-secrets<<EOF
$VPN_USERNAME	$VPN_SERVICENAME	$VPN_PASSWORD	*
EOF
cat >>/etc/rc.local<<EOF
iptables --table nat --append POSTROUTING --jump MASQUERADE
iptables -A FORWARD -s $VPN_IPRANGE.0/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1320

for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
/usr/local/sbin/xl2tpd 
EOF
clear
iptables --table nat --append POSTROUTING --jump MASQUERADE
xl2tpd
/etc/init.d/ipsec restart
ipsec verify
clear