当前位置: > CentOS > CentOS服务器 > 环境配置 >

CentOS7一键VPN脚本

时间:2015-05-15 12:16来源:linux.it.net.cn 作者:IT
安装PPTP脚本
------------------------------------------------------------------ 
#!/bin/bash
 
yum -y update
 
wget -c http://dl.fedoraproject.org/pub/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm
yum -y install pptpd-1.4.0-2.el7.x86_64.rpm
 
cp -rf /etc/pptpd.conf /etc/pptpd.conf.bak
cat >> /etc/pptpd.conf << EOF
localip 192.168.144.1
remoteip 192.168.144.2-254
EOF
 
cp -rf /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak
cat >> /etc/ppp/options.pptpd <<EOF
ms-dns 8.8.8.8
ms-dns 8.8.4.4
EOF
 
yum -y install ppp
 
cp -rf /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
cat >> /etc/ppp/chap-secrets << EOF
vpn pptpd 123456 *
EOF
 
cp -rf /etc/rc.d/rc.local /etc/rc.d/rc.local.bak
cat >> /etc/rc.d/rc.local <<EOF
iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE
iptables -A INPUT -p tcp -m multiport --dport 1723 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
systemctl restart pptpd
EOF
 
chmod +x /etc/rc.d/rc.local
 
iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
systemctl restart pptpd
systemctl enable pptpd
 
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Success! And the VPN account is:"
echo "Method:PPTP"
echo "User:vpn"
echo "Password:123456"
echo "If you want modify, with vim tool at /etc/ppp/chap-secrets"
echo "Good luck!"
-------------------------------------------------------------
安装L2tp脚本
----------------------------------------------------------
#!/bin/bash
 
yum -y update
yum -y install openswan net-tools
 
mv /etc/ipsec.conf /etc/ipsec.conf.bak
cat >> /etc/ipsec.conf << EOF
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
       virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
 
conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT
 
conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=YOUR_IPADDR
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
EOF
 
mv /etc/ipsec.secrets /etc/ipsec.secrets.bak
cat >> /etc/ipsec.secrets << EOF
include /etc/ipsec.d/*.secrets
YOUR_IPADDR   %any:  PSK "www.so-love.com"
EOF
 
echo "+++++++++++++++++++++++++++"
echo "Shell Test that your ip is:"
echo $(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}\..{1,3}\..{1,3}\..{1,3}/) print $3}')
sed -i "s/YOUR_IPADDR/$(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}\..{1,3}\..{1,3}\..{1,3}/) print $3}')/g" /etc/ipsec.conf
sed -i "s/YOUR_IPADDR/$(ifconfig | awk -F'[ ]+|:' '/inet/{if($3!~/^192.168|^172.16|^10|^127|^0/&&$3~/.{1,3}\..{1,3}\..{1,3}\..{1,3}/) print $3}')/g" /etc/ipsec.secrets
echo "+++++++++++++++++++++++++++"
 
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done
 
#cp -rf /etc/sysctl.conf /etc/sysctl.conf.bak
#echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
#sysctl -p
 
systemctl restart ipsec.service
ipsec verify
 
# tail -f /var/log/secure
 
wget -c http://dl.fedoraproject.org/pub/epel/testing/7/x86_64/x/xl2tpd-1.3.6-7.el7.x86_64.rpm
yum install -y xl2tpd-1.3.6-7.el7.x86_64.rpm
 
mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bak
cat >> /etc/xl2tpd/xl2tpd.conf << EOF
[global]
 
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
 
yum -y install ppp
mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.bak
cat >> /etc/ppp/options.xl2tpd << EOF
ipcp-accept-local
ipcp-accept-remote
ms-dns  8.8.8.8
ms-dns  8.8.4.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
EOF
 
mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
cat >> /etc/ppp/chap-secrets << EOF
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vpn l2tpd 123456 *
EOF
 
cat >> /etc/rc.d/rc.local <<EOF
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done
systemctl restart ipsec.service
ps -ef | grep 'xl2tpd' || /usr/sbin/xl2tpd
EOF
 
chmod +x /etc/rc.d/rc.local
 
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
/usr/sbin/xl2tpd
 
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Success! And the VPN account is:"
echo "Method:L2TP"
echo "User:vpn"
echo "Password:123456"
echo "PSK:www.so-love.com"
echo "If you want modify, with vim tool at /etc/ppp/chap-secrets"
echo "Good luck!"


(责任编辑:IT)
------分隔线----------------------------