#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH #=======================================================================# # System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ # # Description: Auto Install L2TP VPN # # Author: Teddysun # # Intro: https://teddysun.com/448.html # #=======================================================================# cur_dir=`pwd` libevent2_rpm_filename="libevent2-2.0.22-1.el6.x86_64.rpm" libevent2_devel_rpm_filename="libevent2-devel-2.0.22-1.el6.x86_64.rpm" libreswan_filename="libreswan-3.17" rootness(){ if [[ $EUID -ne 0 ]]; then echo "Error:This script must be run as root!" 1>&2 exit 1 fi } tunavailable(){ if [[ ! -e /dev/net/tun ]]; then echo "Error:TUN/TAP is not available!" 1>&2 exit 1 fi } disable_selinux(){ if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi } get_opsy(){ [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return } get_os_info(){ IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) if [ -z ${IP} ]; then IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) fi local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local tram=$( free -m | awk '/Mem/ {print $2}' ) local swap=$( free -m | awk '/Swap/ {print $2}' ) local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime ) local opsy=$( get_opsy ) local arch=$( uname -m ) local lbit=$( getconf LONG_BIT ) local host=$( hostname ) local kern=$( uname -r ) echo "########## System Information ##########" echo "" echo "CPU model : ${cname}" echo "Number of cores : ${cores}" echo "CPU frequency : ${freq} MHz" echo "Total amount of ram : ${tram} MB" echo "Total amount of swap : ${swap} MB" echo "System uptime : ${up}" echo "OS : ${opsy}" echo "Arch : ${arch} (${lbit} Bit)" echo "Kernel : ${kern}" echo "Hostname : ${host}" echo "IPv4 address : ${IP}" echo "" echo "########################################" } check_sys(){ local checkType=$1 local value=$2 local release='' local systemPackage='' if [[ -f /etc/redhat-release ]];then release="centos" systemPackage="yum" elif cat /etc/issue | grep -q -E -i "debian";then release="debian" systemPackage="apt" elif cat /etc/issue | grep -q -E -i "ubuntu";then release="ubuntu" systemPackage="apt" elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then release="centos" systemPackage="yum" elif cat /proc/version | grep -q -E -i "debian";then release="debian" systemPackage="apt" elif cat /proc/version | grep -q -E -i "ubuntu";then release="ubuntu" systemPackage="apt" elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then release="centos" systemPackage="yum" fi if [[ ${checkType} == "sysRelease" ]]; then if [ "$value" == "$release" ];then return 0 else return 1 fi elif [[ ${checkType} == "packageManager" ]]; then if [ "$value" == "$systemPackage" ];then return 0 else return 1 fi fi } rand() { index=0 str="" for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done echo ${str} } download_file(){ local download_root_url="http://lamp.teddysun.com/files" if [ -s ${1} ]; then echo "$1 [found]" else echo "$1 not found!!!download now..." if ! wget -c -t3 -T60 ${download_root_url}/${1};then echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again." exit 1 fi fi } versionget(){ if [[ -s /etc/redhat-release ]];then grep -oE "[0-9.]+" /etc/redhat-release else grep -oE "[0-9.]+" /etc/issue fi } centosversion(){ if check_sys sysRelease centos;then local code=${1} local version="`versionget`" local main_ver=${version%%.*} if [ ${main_ver} == ${code} ];then return 0 else return 1 fi else return 1 fi } version_check(){ if check_sys packageManager yum; then if centosversion 5; then echo "Error:Not support CentOS 5, Please change your OS and try again." exit 1 fi fi } preinstall_l2tp(){ echo echo "Please input IP-Range:" read -p "(Default Range: 192.168.18):" iprange [ -z ${iprange} ] && iprange="192.168.18" echo "Please input PSK:" read -p "(Default PSK: teddysun.com):" mypsk [ -z ${mypsk} ] && mypsk="teddysun.com" echo "Please input Username:" read -p "(Default Username: teddysun):" username [ -z ${username} ] && username="teddysun" password=`rand` echo "Please input ${username}'s password:" read -p "(Default Password: ${password}):" tmppassword [ ! -z ${tmppassword} ] && password=${tmppassword} get_char(){ SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY } echo echo "ServerIP:${IP}" echo "Server Local IP:${iprange}.1" echo "Client Remote IP Range:${iprange}.2-${iprange}.254" echo "PSK:${mypsk}" echo echo "Press any key to start...or Press Ctrl+c to cancel" char=`get_char` } install_l2tp(){ mknod /dev/random c 1 9 if check_sys packageManager apt;then apt-get -y update apt-get -y install gcc ppp flex bison make libnss3-dev libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev libnss3-tools libevent-dev libcurl4-nss-dev apt-get -y --no-install-recommends install xmlto apt-get -y install xl2tpd compile_install elif check_sys packageManager yum; then if centosversion 7; then yum -y install epel-release yum -y install ppp libreswan xl2tpd yum_install elif centosversion 6; then yum -y install epel-release yum -y install gcc gcc-c++ ppp iptables make gmp-devel xmlto bison flex libpcap-devel lsof yum -y install xl2tpd curl-devel nss-devel nspr-devel pkgconfig pam-devel unbound-devel libcap-ng-devel compile_install fi fi } compile_install(){ [ ! -d ${cur_dir}/l2tp ] && mkdir -p ${cur_dir}/l2tp cd ${cur_dir}/l2tp download_file "${libreswan_filename}.tar.gz" tar -zxf ${libreswan_filename}.tar.gz if centosversion 6; then download_file "${libevent2_rpm_filename}" download_file "${libevent2_devel_rpm_filename}" rpm -ivh --force ${libevent2_rpm_filename} ${libevent2_devel_rpm_filename} fi cd ${cur_dir}/l2tp/${libreswan_filename} echo "WERROR_CFLAGS =" > Makefile.inc.local make programs && make install /usr/local/sbin/ipsec --version >/dev/null 2>&1 if [ $? -ne 0 ];then echo "${libreswan_filename} install failed." exit 1 fi cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets<> /etc/sysctl.conf echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf done sysctl -p if centosversion 6; then [ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d` if [ "`/sbin/iptables-save | grep -c '^\-'`" = "0" ]; then cat > /etc/sysconfig/iptables < /var/tmp/libreswan-nss-pwd certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d rm -f /var/tmp/libreswan-nss-pwd fi chkconfig --add iptables chkconfig iptables on chkconfig --add ipsec chkconfig ipsec on chkconfig --add xl2tpd chkconfig xl2tpd on /etc/init.d/iptables restart /etc/init.d/ipsec start /etc/init.d/xl2tpd start else [ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d` if [ "`/sbin/iptables-save | grep -c '^\-'`" = "0" ]; then cat > /etc/iptables.rules < /etc/iptables.rules fi cat > /etc/network/if-up.d/iptables < /var/tmp/libreswan-nss-pwd certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d rm -f /var/tmp/libreswan-nss-pwd fi update-rc.d xl2tpd defaults cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d` sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local cat >> /etc/rc.local < /proc/sys/net/ipv4/ip_forward exit 0 EOF echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables-restore < /etc/iptables.rules /usr/sbin/service ipsec restart /usr/sbin/service xl2tpd restart fi } yum_install(){ rm -f /etc/ipsec.conf cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets<> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf for each in `ls /proc/sys/net/ipv4/conf/` do echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf done sysctl -p cat > /usr/lib/firewalld/services/xl2tpd.xml< xl2tpd L2TP IPSec EOF systemctl status firewalld > /dev/null 2>&1 if [ $? -eq 0 ];then firewall-cmd --permanent --add-service=ipsec firewall-cmd --permanent --add-service=xl2tpd firewall-cmd --permanent --add-masquerade firewall-cmd --reload else echo "Firewalld looks like not running, try to start..." systemctl start firewalld if [ $? -eq 0 ];then echo "Firewalld start success..." firewall-cmd --permanent --add-service=ipsec firewall-cmd --permanent --add-service=xl2tpd firewall-cmd --permanent --add-masquerade firewall-cmd --reload else echo "Try to start firewalld failed. please enable port 500 4500 manually if necessary." fi fi systemctl enable ipsec systemctl enable xl2tpd systemctl restart ipsec systemctl restart xl2tpd echo "confirm ipsec status..." systemctl -a | grep ipsec echo "confirm xl2tpd status..." systemctl -a | grep xl2tpd } finally(){ cd ${cur_dir} rm -fr ${cur_dir}/l2tp echo "Please wait a moment..." sleep 5 ipsec verify echo echo "###############################################################" echo "# Auto Install L2TP VPN for your Server #" echo "# System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ #" echo "# Intro: https://teddysun.com/448.html #" echo "# Author: Teddysun #" echo "###############################################################" echo "If there are no [FAILED] above, then you can connect to your" echo "L2TP VPN Server with the default Username/Password is below:" echo echo "ServerIP:${IP}" echo "PSK:${mypsk}" echo "Username:${username}" echo "Password:${password}" echo echo "If you want to add users, please modify" echo "/etc/ppp/chap-secrets and add it." echo "Welcome to visit https://teddysun.com/448.html" echo "Enjoy it!" echo } l2tp(){ clear echo echo "###############################################################" echo "# Auto Install L2TP VPN for your Server #" echo "# System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ #" echo "# Intro: https://teddysun.com/448.html #" echo "# Author: Teddysun #" echo "###############################################################" echo rootness tunavailable disable_selinux version_check get_os_info preinstall_l2tp install_l2tp finally } #Run it rm -f /root/l2tp.log l2tp 2>&1 | tee -a /root/l2tp.log