Skip to content

Instantly share code, notes, and snippets.

@clvrobj

clvrobj/l2tp.sh

Created January 21, 2012 12:58
Show Gist options
  • Save clvrobj/1652709 to your computer and use it in GitHub Desktop.
Save clvrobj/1652709 to your computer and use it in GitHub Desktop.
Download ZIP
l2tp.sh
Raw
l2tp.sh
#!/bin/bash
VPN_SERVICENAME="l2tpd"
VPN_PSK="fuckgfw"
VPN_IPRANGE="10.1.100"
VPN_USERNAME="fill in your username"
VPN_PASSWORD="your password"
#L2TPD/IPSEC
#serveripaddress=`hostname -i`
vpsip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
apt-get update
apt-get upgrade
apt-get install -y build-essential libgmp3-dev bison flex libpcap-dev ppp lsof
cd /usr/src
wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
tar zxvf openswan-2.6.24.tar.gz
cd openswan-2.6.24
make programs install
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
EOF
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$VPN_PSK"
EOF
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
mknod /dev/ppp c 108 0
cd /usr/src
wget http://ncu.dl.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd /usr/src
wget http://ywko.googlecode.com/files/xl2tpd-1.2.4.tar.gz
tar zxvf xl2tpd-1.2.4.tar.gz
cd xl2tpd-1.2.4
make install
mkdir /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $VPN_IPRANGE.2-$VPN_IPRANGE.254
local ip = $VPN_IPRANGE.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name $VPN_SERVICENAME
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
cat >>/etc/ppp/chap-secrets<<EOF
$VPN_USERNAME $VPN_SERVICENAME "$VPN_PASSWORD" *
EOF
cat >>/etc/rc.local<<EOF
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
/usr/local/sbin/xl2tpd
EOF
clear
iptables --table nat --append POSTROUTING --jump MASQUERADE
xl2tpd
/etc/init.d/ipsec restart
ipsec verify
@clvrobj
Copy link
Author

clvrobj commented Jan 21, 2012

基于lixiaolai老师的 http://www.linode.com/stackscripts/view/?StackScriptID=2660 linode stackscript修改。
on Ubuntu 10.04 LTS

没少调整以下两个文件:
/etc/ppp/options.xl2tpd
service xl2tpd restart
/etc/ppp/chap-secrets
service pptpd restart

查看log找问题:
tail -f /var/log/auth.log
tail -f /var/log/syslog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment