#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH #=======================================================================# # System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ # # Description: Auto Install L2TP VPN # # Author: Teddysun # # Intro: https://teddysun.com/448.html # #=======================================================================# cur_dir=`pwd` libevent2_src_filename="libevent-2.0.22-stable" libevent2_rpm_filename="libevent2-2.0.22-1.el6.x86_64.rpm" libevent2_devel_rpm_filename="libevent2-devel-2.0.22-1.el6.x86_64.rpm" libreswan_filename="libreswan-3.17" rootness(){ if [[ $EUID -ne 0 ]]; then echo "Error:This script must be run as root!" 1>&2 exit 1 fi } tunavailable(){ if [[ ! -e /dev/net/tun ]]; then echo "Error:TUN/TAP is not available!" 1>&2 exit 1 fi } disable_selinux(){ if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi } get_opsy(){ [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return } get_os_info(){ IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) if [ -z ${IP} ]; then IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) fi local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) local tram=$( free -m | awk '/Mem/ {print $2}' ) local swap=$( free -m | awk '/Swap/ {print $2}' ) local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime ) local opsy=$( get_opsy ) local arch=$( uname -m ) local lbit=$( getconf LONG_BIT ) local host=$( hostname ) local kern=$( uname -r ) echo "########## System Information ##########" echo "" echo "CPU model : ${cname}" echo "Number of cores : ${cores}" echo "CPU frequency : ${freq} MHz" echo "Total amount of ram : ${tram} MB" echo "Total amount of swap : ${swap} MB" echo "System uptime : ${up}" echo "OS : ${opsy}" echo "Arch : ${arch} (${lbit} Bit)" echo "Kernel : ${kern}" echo "Hostname : ${host}" echo "IPv4 address : ${IP}" echo "" echo "########################################" } check_sys(){ local checkType=$1 local value=$2 local release='' local systemPackage='' if [[ -f /etc/redhat-release ]];then release="centos" systemPackage="yum" elif cat /etc/issue | grep -q -E -i "debian";then release="debian" systemPackage="apt" elif cat /etc/issue | grep -q -E -i "ubuntu";then release="ubuntu" systemPackage="apt" elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then release="centos" systemPackage="yum" elif cat /proc/version | grep -q -E -i "debian";then release="debian" systemPackage="apt" elif cat /proc/version | grep -q -E -i "ubuntu";then release="ubuntu" systemPackage="apt" elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then release="centos" systemPackage="yum" fi if [[ ${checkType} == "sysRelease" ]]; then if [ "$value" == "$release" ];then return 0 else return 1 fi elif [[ ${checkType} == "packageManager" ]]; then if [ "$value" == "$systemPackage" ];then return 0 else return 1 fi fi } rand() { index=0 str="" for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done echo ${str} } is_64bit(){ if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then return 0 else return 1 fi } download_file(){ local download_root_url="http://lamp.teddysun.com/files" if [ -s ${1} ]; then echo "$1 [found]" else echo "$1 not found!!!download now..." if ! wget -c -t3 -T60 ${download_root_url}/${1};then echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again." exit 1 fi fi } versionget(){ if [[ -s /etc/redhat-release ]];then grep -oE "[0-9.]+" /etc/redhat-release else grep -oE "[0-9.]+" /etc/issue fi } centosversion(){ if check_sys sysRelease centos;then local code=${1} local version="`versionget`" local main_ver=${version%%.*} if [ ${main_ver} == ${code} ];then return 0 else return 1 fi else return 1 fi } debianversion(){ if check_sys sysRelease debian;then local version=$( get_opsy ) local code=${1} local main_ver=$( echo ${version} | sed 's/[^0-9]//g') if [ ${main_ver} == ${code} ];then return 0 else return 1 fi else return 1 fi } version_check(){ if check_sys packageManager yum; then if centosversion 5; then echo "Error:Not support CentOS 5, Please change your OS and try again." exit 1 fi fi } preinstall_l2tp(){ echo echo "Please input IP-Range:" read -p "(Default Range: 192.168.18):" iprange [ -z ${iprange} ] && iprange="192.168.18" echo "Please input PSK:" read -p "(Default PSK: teddysun.com):" mypsk [ -z ${mypsk} ] && mypsk="teddysun.com" echo "Please input Username:" read -p "(Default Username: teddysun):" username [ -z ${username} ] && username="teddysun" password=`rand` echo "Please input ${username}'s password:" read -p "(Default Password: ${password}):" tmppassword [ ! -z ${tmppassword} ] && password=${tmppassword} get_char(){ SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY } echo echo "ServerIP:${IP}" echo "Server Local IP:${iprange}.1" echo "Client Remote IP Range:${iprange}.2-${iprange}.254" echo "PSK:${mypsk}" echo echo "Press any key to start...or Press Ctrl+c to cancel" char=`get_char` } install_l2tp(){ mknod /dev/random c 1 9 if check_sys packageManager apt;then apt-get -y update if debianversion 7;then if is_64bit;then local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb" local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb" local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb" local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb" local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb" local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb" local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb" local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb" local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb" else local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb" local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb" local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb" local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb" local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb" local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb" local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb" local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb" local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb" fi [ ! -d ${cur_dir}/l2tp ] && mkdir -p ${cur_dir}/l2tp && cd ${cur_dir}/l2tp download_file "${libnspr4_filename1}" download_file "${libnspr4_filename2}" download_file "${libnspr4_filename3}" download_file "${libnspr4_filename4}" download_file "${libnss3_filename1}" download_file "${libnss3_filename2}" download_file "${libnss3_filename3}" download_file "${libnss3_filename4}" download_file "${libnss3_filename5}" dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4} dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5} apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev else apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev libnss3-tools libevent-dev libcurl4-nss-dev fi apt-get -y --no-install-recommends install xmlto apt-get -y install xl2tpd compile_install elif check_sys packageManager yum; then if centosversion 7; then yum -y install epel-release yum -y install ppp libreswan xl2tpd yum_install elif centosversion 6; then yum -y install epel-release yum -y install gcc gcc-c++ ppp iptables make gmp-devel xmlto bison flex libpcap-devel lsof yum -y install xl2tpd curl-devel nss-devel nspr-devel pkgconfig pam-devel unbound-devel libcap-ng-devel compile_install fi fi } compile_install(){ [ ! -d ${cur_dir}/l2tp ] && mkdir -p ${cur_dir}/l2tp cd ${cur_dir}/l2tp download_file "${libreswan_filename}.tar.gz" tar -zxf ${libreswan_filename}.tar.gz if centosversion 6; then if is_64bit;then download_file "${libevent2_rpm_filename}" download_file "${libevent2_devel_rpm_filename}" rpm -ivh --force ${libevent2_rpm_filename} ${libevent2_devel_rpm_filename} else download_file "${libevent2_src_filename}.tar.gz" tar -zxf ${libevent2_src_filename}.tar.gz cd ${libevent2_src_filename} ./configure make && make install if [ $? -eq 0 ]; then ln -s /usr/local/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5 ln -s /usr/local/lib/libevent_pthreads-2.0.so.5 /usr/lib/libevent_pthreads-2.0.so.5 else echo "libevent2 install failed..." fi fi fi cd ${cur_dir}/l2tp/${libreswan_filename} echo "WERROR_CFLAGS =" > Makefile.inc.local make programs && make install /usr/local/sbin/ipsec --version >/dev/null 2>&1 if [ $? -ne 0 ];then echo "${libreswan_filename} install failed." exit 1 fi cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets<> /etc/sysctl.conf echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf done sysctl -p if centosversion 6; then [ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d` if [ "`/sbin/iptables-save | grep -c '^\-'`" = "0" ]; then cat > /etc/sysconfig/iptables < /var/tmp/libreswan-nss-pwd certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d rm -f /var/tmp/libreswan-nss-pwd fi chkconfig --add iptables chkconfig iptables on chkconfig --add ipsec chkconfig ipsec on chkconfig --add xl2tpd chkconfig xl2tpd on /etc/init.d/iptables restart /etc/init.d/ipsec start /etc/init.d/xl2tpd start else [ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d` if [ "`/sbin/iptables-save | grep -c '^\-'`" = "0" ]; then cat > /etc/iptables.rules < /etc/iptables.rules fi cat > /etc/network/if-up.d/iptables < /var/tmp/libreswan-nss-pwd certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d rm -f /var/tmp/libreswan-nss-pwd fi update-rc.d -f xl2tpd defaults cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d` sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local cat >> /etc/rc.local < /proc/sys/net/ipv4/ip_forward /usr/sbin/service ipsec start exit 0 EOF chmod +x /etc/rc.local echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables-restore < /etc/iptables.rules /usr/sbin/service ipsec start /usr/sbin/service xl2tpd restart fi } yum_install(){ rm -f /etc/ipsec.conf cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets<> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf for each in `ls /proc/sys/net/ipv4/conf/` do echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf done sysctl -p cat > /usr/lib/firewalld/services/xl2tpd.xml< xl2tpd L2TP IPSec EOF systemctl status firewalld > /dev/null 2>&1 if [ $? -eq 0 ];then firewall-cmd --permanent --add-service=ipsec firewall-cmd --permanent --add-service=xl2tpd firewall-cmd --permanent --add-masquerade firewall-cmd --reload else echo "Firewalld looks like not running, try to start..." systemctl start firewalld if [ $? -eq 0 ];then echo "Firewalld start success..." firewall-cmd --permanent --add-service=ipsec firewall-cmd --permanent --add-service=xl2tpd firewall-cmd --permanent --add-masquerade firewall-cmd --reload else echo "Try to start firewalld failed. please enable port 500 4500 manually if necessary." fi fi systemctl enable ipsec systemctl enable xl2tpd systemctl restart ipsec systemctl restart xl2tpd echo "confirm ipsec status..." systemctl -a | grep ipsec echo "confirm xl2tpd status..." systemctl -a | grep xl2tpd } finally(){ cd ${cur_dir} rm -fr ${cur_dir}/l2tp echo "Please wait a moment..." sleep 5 ipsec verify echo echo "###############################################################" echo "# Auto Install L2TP VPN for your Server #" echo "# System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ #" echo "# Intro: https://teddysun.com/448.html #" echo "# Author: Teddysun #" echo "###############################################################" echo "If there are no [FAILED] above, then you can connect to your" echo "L2TP VPN Server with the default Username/Password is below:" echo echo "ServerIP:${IP}" echo "PSK:${mypsk}" echo "Username:${username}" echo "Password:${password}" echo echo "If you want to add users, please modify" echo "/etc/ppp/chap-secrets and add it." echo "Welcome to visit https://teddysun.com/448.html" echo "Enjoy it!" echo } l2tp(){ clear echo echo "###############################################################" echo "# Auto Install L2TP VPN for your Server #" echo "# System Required: CentOS/RadHat 6+ / Debian 7+ / Ubuntu 12+ #" echo "# Intro: https://teddysun.com/448.html #" echo "# Author: Teddysun #" echo "###############################################################" echo rootness tunavailable disable_selinux version_check get_os_info preinstall_l2tp install_l2tp finally } list_users(){ if [ ! -f /etc/ppp/chap-secrets ];then echo "Error: /etc/ppp/chap-secrets file not found." exit 1 fi echo "========== Users List ==========" grep -v "^#" /etc/ppp/chap-secrets | awk '{print $1}' echo "================================" } add_user(){ while : do read -p "Please input your Username:" user if [ -z ${user} ]; then echo "Username can not be empty" else grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 if [ $? -eq 0 ];then echo "Username (${user}) already exists. Please re-enter your username." else break fi fi done pass=`rand` echo "Please input ${user}'s password:" read -p "(Default Password: ${pass}):" tmppass [ ! -z ${tmppass} ] && pass=${tmppass} echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets echo "Username (${user}) add completed." } del_user(){ while : do read -p "Please input Username you want to delete it:" user if [ -z ${user} ]; then echo "Username can not be empty" else grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 if [ $? -eq 0 ];then break else echo "Username (${user}) is not exists. Please re-enter your username." fi fi done sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets echo "Username (${user}) delete completed." } # Main process action=$1 [ -z ${action} ] && action=install case ${action} in install) rm -f /root/l2tp.log l2tp 2>&1 | tee -a /root/l2tp.log ;; -l|--list) list_users ;; -a|--add) add_user ;; -d|--del) del_user ;; -h|--help) echo "Usage: `basename $0` Install L2TP VPN Server" echo " `basename $0` -l,--list List all users" echo " `basename $0` -a,--add Add a user" echo " `basename $0` -d,--del Delete a user" echo " `basename $0` -h,--help Print this help information" ;; *) echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-h,--help]" && exit ;; esac