一键同时安装L2TP和PPTP VPN

林继 VPS 知识 15,369 共写了1767个字 (2012-06-12 23:31:12) 没有评论 打印 扫描二维码 百度已收录

脚本下载地址,内容如下:

用这个可以,原来是 #!/bin/bash

  1. #!/bin/sh
  2.  
  3. if [ $(id -u) != "0" ]; then
  4.     printf "Error: You must be root to run this tool!\n"
  5.     exit 1
  6. fi
  7. clear
  8. printf "
  9. ####################################################
  10. #                                                  #
  11. # This is a Shell-Based tool of l2tp&pptp install  #
  12. # Version: 1.0                                     #
  13. # Author: Harry Xu                                 #
  14. # Website: http://harryxu.net                      #
  15. # Based on zeddicus.com's l2tp script              #
  16. ####################################################
  17. "
  18. vpsip=`hostname -i`
  19.  
  20. iprange="10.0.99"
  21. echo "Please input L2TP IP-Range:"
  22. read -p "(Default Range: 10.0.99):" iprange
  23. if [ "$iprange" = "" ]; then
  24.     iprange="10.0.99"
  25. fi
  26.  
  27. pprange="172.16.32"
  28. echo "Please input PPTP IP-Range:"
  29. read -p "(Default Range: 172.16.32):" pprange
  30. if [ "$pprange" = "" ]; then
  31.     pprange="172.16.32"
  32. fi
  33.  
  34. mypsk="harryxu"
  35. echo "Please input PSK:"
  36. read -p "(Default PSK: harryxu):" mypsk
  37. if [ "$mypsk" = "" ]; then
  38.     mypsk="harryxu"
  39. fi
  40.  
  41. clear
  42. get_char()
  43. {
  44. SAVEDSTTY=`stty -g`
  45. stty -echo
  46. stty cbreak
  47. dd if=/dev/tty bs=1 count=1 2> /dev/null
  48. stty -raw
  49. stty echo
  50. stty $SAVEDSTTY
  51. }
  52. echo ""
  53. echo "ServerIP:"
  54. echo "$vpsip"
  55. echo ""
  56. echo "Server Local IP:"
  57. echo "$iprange.1"
  58. echo ""
  59. echo "Client Remote IP Range:"
  60. echo "$iprange.2-$iprange.254"
  61. echo ""
  62. echo "PSK:"
  63. echo "$mypsk"
  64. echo ""
  65. echo "Press any key to start..."
  66. char=`get_char`
  67. clear
  68. mknod /dev/random c 1 9
  69. yum -y update
  70. yum -y upgrade
  71. yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
  72. mkdir /ztmp
  73. mkdir /ztmp/l2tp
  74. cd /ztmp/l2tp
  75. wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
  76. tar zxvf openswan-2.6.24.tar.gz
  77. cd openswan-2.6.24
  78. make programs install
  79. rm -rf /etc/ipsec.conf
  80. touch /etc/ipsec.conf
  81. cat >>/etc/ipsec.conf<<EOF
  82. config setup
  83.     nat_traversal=yes
  84.     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  85.     oe=off
  86.     protostack=netkey
  87.  
  88. conn L2TP-PSK-NAT
  89.     rightsubnet=vhost:%priv
  90.     also=L2TP-PSK-noNAT
  91.  
  92. conn L2TP-PSK-noNAT
  93.     authby=secret
  94.     pfs=no
  95.     auto=add
  96.     keyingtries=3
  97.     rekey=no
  98.     ikelifetime=8h
  99.     keylife=1h
  100.     type=transport
  101.     left=$vpsip
  102.     leftprotoport=17/1701
  103.     right=%any
  104.     rightprotoport=17/%any
  105. EOF
  106. cat >>/etc/ipsec.secrets<<EOF
  107. $vpsip %any: PSK "$mypsk"
  108. EOF
  109. sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
  110. sysctl -p
  111. iptables --table nat --append POSTROUTING --jump MASQUERADE
  112. for each in /proc/sys/net/ipv4/conf/*
  113. do
  114. echo 0 > $each/accept_redirects
  115. echo 0 > $each/send_redirects
  116. done
  117. /etc/init.d/ipsec restart
  118. ipsec verify
  119. cd /ztmp/l2tp
  120. wget http://mirror.zeddicus.com/sources/rp-l2tp-0.4.tar.gz
  121. tar zxvf rp-l2tp-0.4.tar.gz
  122. cd rp-l2tp-0.4
  123. ./configure
  124. make
  125. cp handlers/l2tp-control /usr/local/sbin/
  126. mkdir /var/run/xl2tpd/
  127. ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
  128. cd /ztmp/l2tp
  129. wget http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz
  130. tar zxvf xl2tpd-1.2.4.tar.gz
  131. cd xl2tpd-1.2.4
  132. make install
  133. mkdir /etc/xl2tpd
  134. rm -rf /etc/xl2tpd/xl2tpd.conf
  135. touch /etc/xl2tpd/xl2tpd.conf
  136. cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
  137. [global]
  138. ipsec saref = yes
  139. [lns default]
  140. ip range = $iprange.2-$iprange.254
  141. local ip = $iprange.1
  142. refuse chap = yes
  143. refuse pap = yes
  144. require authentication = yes
  145. ppp debug = yes
  146. pppoptfile = /etc/ppp/options.xl2tpd
  147. length bit = yes
  148. EOF
  149. rm -rf /etc/ppp/options.xl2tpd
  150. touch /etc/ppp/options.xl2tpd
  151. cat >>/etc/ppp/options.xl2tpd<<EOF
  152. require-mschap-v2
  153. ms-dns 8.8.8.8
  154. ms-dns 8.8.4.4
  155. asyncmap 0
  156. auth
  157. crtscts
  158. lock
  159. hide-password
  160. modem
  161. debug
  162. name l2tpd
  163. proxyarp
  164. lcp-echo-interval 30
  165. lcp-echo-failure 4
  166. EOF
  167. cat >>/etc/ppp/chap-secrets<<EOF
  168. test l2tpd test123 *
  169. test pptpd test123 *
  170. EOF
  171. touch /usr/bin/zl2tpset
  172. echo "#/bin/bash" >>/usr/bin/zl2tpset
  173. echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/zl2tpset
  174. echo "do" >>/usr/bin/zl2tpset
  175. echo "echo 0 > \$each/accept_redirects" >>/usr/bin/zl2tpset
  176. echo "echo 0 > \$each/send_redirects" >>/usr/bin/zl2tpset
  177. echo "done" >>/usr/bin/zl2tpset
  178. chmod +x /usr/bin/zl2tpset
  179.  
  180. wget http://poptop.sourceforge.net/yum/stable/fc16/i386/pptpd-1.3.4-2.fc16.i686.rpm
  181. rpm -ivh pptpd-1.3.4-2.fc16.i686.rpm
  182. rm -rf /etc/pptpd.conf
  183. touch /etc/pptpd.conf
  184. cat >>/etc/pptpd.conf<<EOF
  185. localip $pprange.1
  186. remoteip $pprange.2-254
  187. option /etc/ppp/options.pptpd
  188. debug
  189. stimeout 30
  190. EOF
  191. iptables --table nat --append POSTROUTING --jump MASQUERADE
  192. zl2tpset
  193. xl2tpd
  194. cat >>/etc/rc.local<<EOF
  195. iptables --table nat --append POSTROUTING --jump MASQUERADE
  196. /etc/init.d/ipsec restart
  197. /usr/bin/zl2tpset
  198. /usr/local/sbin/xl2tpd
  199. EOF
  200. clear
  201. ipsec verify
  202. printf "
  203. ####################################################
  204. #                                                  #
  205. # This is a Shell-Based tool of l2tp&pptp install  #
  206. # Version: 1.0                                     #
  207. # Author: Harry Xu                                 #
  208. # Website: http://harryxu.net                      #
  209. # Based on zeddicus.com's l2tp script              #
  210. ####################################################
  211. if there are no [FAILED] above, then you can
  212. connect to your VPN Server with the default
  213. user/pass below:
  214.  
  215. ServerIP:$vpsip
  216. username:test
  217. password:test123
  218. PSK:$mypsk
  219.  
  220. "

⑴ L2TP 一键安装包

⑵ 一行命令安装PPTPD VPN,一键安装VPN(在xen或linux服务器上安装VPN服务)

⑶ Centos5下安装PPTPD(含一键包)

使用PPTP模式连接的话,需要开启TCP47和TCP1723这两个端口,也就是说路由器不能封这两个端口。

使用L2TP模式时需要开启的是UDP 500、UDP 1701、UDP 4500这几个端口,同理路由器防火墙或者您安装的防火墙软件也不能屏蔽这些端口。如果路由器支持DMZ,请将路由器的DMZ设置成您的主机内网IP。

删除之前已安装的相关软件:

yum remove -y pptpd ppp
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp

删除iptables规则:

iptables –flush POSTROUTING –table nat

服务器DNS、本机DNS、VPN修改成一样
google的免费dns解析服务器
8.8.8.8
8.8.4.4

也可以使用OpenDNS为:
208.67.222.222
208.67.220.220

分页阅读: 1 2 3 下一页

如果觉得我的文章对您有用,请随意赞赏。您的支持将鼓励我继续创作!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

< >