github/across
1
0
Fork 0
mirror of https://github.com/teddysun/across.git synced 2025-01-19 06:19:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed xl2tpd issues

Browse Source 
Removed listen-addr from xl2tpd.conf;
yum install libevent2-devel in CentOS 6;
Updated ipsec.conf;

Signed-off-by: Teddysun <i@teddysun.com>
This commit is contained in:
Teddysun 2017-05-28 14:17:58 +09:00
parent bc7720d15b
commit 628eb57dc4
No known key found for this signature in database
GPG Key ID: 09BD4C080AD6C46D
1 changed files with 57 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
l2tp.sh
View File

@ -9,8 +9,7 @@ export PATH
#=======================================================================# #=======================================================================#
cur_dir=`pwd` cur_dir=`pwd`
libevent2_src_filename="libevent-2.0.22-stable" libreswan_filename="libreswan-3.20"
libreswan_filename="libreswan-3.19"
rootness(){ rootness(){
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
@ -42,6 +41,7 @@ get_opsy(){
get_os_info(){ get_os_info(){
IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )
local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
@ -80,25 +80,25 @@ check_sys(){
local release='' local release=''
local systemPackage='' local systemPackage=''
if [[ -f /etc/redhat-release ]];then if [[ -f /etc/redhat-release ]]; then
release="centos" release="centos"
systemPackage="yum" systemPackage="yum"
elif cat /etc/issue | grep -q -E -i "debian";then elif cat /etc/issue | grep -Eqi "debian"; then
release="debian" release="debian"
systemPackage="apt" systemPackage="apt"
elif cat /etc/issue | grep -q -E -i "ubuntu";then elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu" release="ubuntu"
systemPackage="apt" systemPackage="apt"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos" release="centos"
systemPackage="yum" systemPackage="yum"
elif cat /proc/version | grep -q -E -i "debian";then elif cat /proc/version | grep -Eqi "debian"; then
release="debian" release="debian"
systemPackage="apt" systemPackage="apt"
elif cat /proc/version | grep -q -E -i "ubuntu";then elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu" release="ubuntu"
systemPackage="apt" systemPackage="apt"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos" release="centos"
systemPackage="yum" systemPackage="yum"
fi fi
@ -143,7 +143,7 @@ download_file(){
echo "$1 [found]" echo "$1 [found]"
else else
echo "$1 not found!!!download now..." echo "$1 not found!!!download now..."
if ! wget -c -t3 -T60 ${download_root_url}/${1};then if ! wget -c -t3 -T60 ${download_root_url}/${1}; then
echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again." echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again."
exit 1 exit 1
fi fi
@ -302,13 +302,15 @@ install_l2tp(){
apt-get -y install xl2tpd apt-get -y install xl2tpd
compile_install compile_install
elif check_sys packageManager yum; then elif check_sys packageManager yum; then
echo "Adding the EPEL repository..."
yum -y install epel-release
if centosversion 7; then if centosversion 7; then
yum -y install epel-release
yum -y install ppp libreswan xl2tpd firewalld yum -y install ppp libreswan xl2tpd firewalld
yum_install yum_install
elif centosversion 6; then elif centosversion 6; then
yum -y install epel-release yum -y remove libevent-devel
yum -y install gcc gcc-c++ ppp iptables make gmp-devel xmlto bison flex libpcap-devel lsof yum -y install libevent2-devel
yum -y install gcc ppp iptables make gmp-devel xmlto bison flex libpcap-devel lsof
yum -y install xl2tpd curl-devel nss-devel nspr-devel pkgconfig pam-devel unbound-devel libcap-ng-devel yum -y install xl2tpd curl-devel nss-devel nspr-devel pkgconfig pam-devel unbound-devel libcap-ng-devel
compile_install compile_install
fi fi
@ -316,60 +318,23 @@ install_l2tp(){
} }
compile_install(){ config_install(){
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libreswan_filename}.tar.gz"
tar -zxf ${libreswan_filename}.tar.gz
if centosversion 6; then
download_file "${libevent2_src_filename}.tar.gz"
tar -zxf ${libevent2_src_filename}.tar.gz
cd ${libevent2_src_filename}
./configure
make && make install
if [ $? -eq 0 ]; then
if is_64bit;then
ln -sf /usr/local/lib/libevent-2.0.so.5 /usr/lib64/libevent-2.0.so.5
ln -sf /usr/local/lib/libevent_pthreads-2.0.so.5 /usr/lib64/libevent_pthreads-2.0.so.5
else
ln -sf /usr/local/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5
ln -sf /usr/local/lib/libevent_pthreads-2.0.so.5 /usr/lib/libevent_pthreads-2.0.so.5
fi
echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf
ldconfig
else
echo "libevent2 install failed..."
exit 1
fi
fi
cd ${cur_dir}/l2tp/${libreswan_filename}
echo "WERROR_CFLAGS =" > Makefile.inc.local
make programs && make install
/usr/local/sbin/ipsec --version >/dev/null 2>&1
if [ $? -ne 0 ];then
echo "${libreswan_filename} install failed."
exit 1
fi
cat > /etc/ipsec.conf<<EOF cat > /etc/ipsec.conf<<EOF
version 2.0
config setup config setup
nat_traversal=yes
protostack=netkey protostack=netkey
oe=off nhelpers=0
interfaces="%defaultroute" uniqueids=no
dumpdir=/var/run/pluto/ interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${iprange}.0/24
conn L2TP-PSK-NAT conn l2tp-psk
rightsubnet=vhost:%priv rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT also=l2tp-psk-nonat
conn L2TP-PSK-noNAT conn l2tp-psk-nonat
authby=secret authby=secret
pfs=no pfs=no
auto=add auto=add
@ -378,7 +343,7 @@ conn L2TP-PSK-noNAT
ikelifetime=8h ikelifetime=8h
keylife=1h keylife=1h
type=transport type=transport
left=${IP} left=%defaultroute
leftid=${IP} leftid=${IP}
leftprotoport=17/1701 leftprotoport=17/1701
right=%any right=%any
@ -389,19 +354,20 @@ conn L2TP-PSK-noNAT
EOF EOF
cat > /etc/ipsec.secrets<<EOF cat > /etc/ipsec.secrets<<EOF
${IP} %any: PSK "${mypsk}" %any %any : PSK "${mypsk}"
EOF EOF
cat > /etc/xl2tpd/xl2tpd.conf<<EOF cat > /etc/xl2tpd/xl2tpd.conf<<EOF
[global] [global]
listen-addr = ${IP} port = 1701
[lns default] [lns default]
ip range = ${iprange}.2-${iprange}.254 ip range = ${iprange}.2-${iprange}.254
local ip = ${iprange}.1 local ip = ${iprange}.1
require chap = yes require chap = yes
refuse pap = yes refuse pap = yes
require authentication = yes require authentication = yes
name = LinuxVPNserver name = l2tpd
ppp debug = yes ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes length bit = yes
@ -420,7 +386,6 @@ idle 1800
mtu 1410 mtu 1410
mru 1410 mru 1410
nodefaultroute nodefaultroute
name l2tpd
debug debug
proxyarp proxyarp
connect-delay 5000 connect-delay 5000
@ -433,6 +398,28 @@ EOF
${username} l2tpd ${password} * ${username} l2tpd ${password} *
EOF EOF
}
compile_install(){
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libreswan_filename}.tar.gz"
tar -zxf ${libreswan_filename}.tar.gz
cd ${cur_dir}/l2tp/${libreswan_filename}
echo "WERROR_CFLAGS =" > Makefile.inc.local
make programs && make install
/usr/local/sbin/ipsec --version >/dev/null 2>&1
if [ $? -ne 0 ];then
echo "${libreswan_filename} install failed."
exit 1
fi
config_install
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
@ -565,82 +552,7 @@ EOF
yum_install(){ yum_install(){
rm -f /etc/ipsec.conf config_install
cat > /etc/ipsec.conf<<EOF
config setup
nat_traversal=yes
protostack=netkey
oe=off
interfaces="%defaultroute"
dumpdir=/var/run/pluto/
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=${IP}
leftid=${IP}
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
EOF
rm -f /etc/ipsec.secrets
cat > /etc/ipsec.secrets<<EOF
${IP} %any: PSK "${mypsk}"
EOF
rm -f /etc/xl2tpd/xl2tpd.conf
cat > /etc/xl2tpd/xl2tpd.conf<<EOF
[global]
listen-addr = ${IP}
[lns default]
ip range = ${iprange}.2-${iprange}.254
local ip = ${iprange}.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -f /etc/ppp/options.xl2tpd
cat > /etc/ppp/options.xl2tpd<<EOF
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
name l2tpd
debug
proxyarp
connect-delay 5000
EOF
rm -f /etc/ppp/chap-secrets
cat > /etc/ppp/chap-secrets<<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
${username} l2tpd ${password} *
EOF
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
@ -659,7 +571,7 @@ EOF
done done
sysctl -p sysctl -p
cat > /usr/lib/firewalld/services/xl2tpd.xml<<EOF cat > /etc/firewalld/services/xl2tpd.xml<<EOF
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<service> <service>
<short>xl2tpd</short> <short>xl2tpd</short>
@ -668,7 +580,7 @@ EOF
<port protocol="udp" port="1701"/> <port protocol="udp" port="1701"/>
</service> </service>
EOF EOF
chmod 640 /usr/lib/firewalld/services/xl2tpd.xml chmod 640 /etc/firewalld/services/xl2tpd.xml
systemctl enable ipsec systemctl enable ipsec
systemctl enable xl2tpd systemctl enable xl2tpd
@ -676,6 +588,7 @@ EOF
systemctl status firewalld > /dev/null 2>&1 systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ];then if [ $? -eq 0 ];then
firewall-cmd --reload
echo "Checking firewalld status..." echo "Checking firewalld status..."
firewall-cmd --list-all firewall-cmd --list-all
echo "add firewalld rules..." echo "add firewalld rules..."
@ -688,6 +601,7 @@ EOF
systemctl start firewalld systemctl start firewalld
if [ $? -eq 0 ];then if [ $? -eq 0 ];then
echo "Firewalld start successfully..." echo "Firewalld start successfully..."
firewall-cmd --reload
echo "Checking firewalld status..." echo "Checking firewalld status..."
firewall-cmd --list-all firewall-cmd --list-all
echo "adding firewalld rules..." echo "adding firewalld rules..."
@ -708,11 +622,6 @@ EOF
systemctl -a | grep xl2tpd systemctl -a | grep xl2tpd
echo "Checking firewalld status..." echo "Checking firewalld status..."
firewall-cmd --list-all firewall-cmd --list-all
firewall-cmd --list-all | grep xl2tpd > /dev/null 2>&1
if [ $? -ne 0 ];then
firewall-cmd --permanent --add-service=xl2tpd
firewall-cmd --reload
fi
} }