eternityz · January 31, 2015 10:23
diff --git a/vpn_setup.sh b/vpn_setup.sh
 #!/bin/sh
 # [email protected], 2014

 # USEAGE:
 # LOGIN=your_username PASSWD=your_password sh -x vpn_setup.sh


 set -e
 set -x

 [ $LOGIN ] || exit 1
 [ $PASSWD ] || exit 1


 # racoon uses system account to login in. psk: group = $LOGIN, secret = $PASSWD

 useradd $LOGIN || true
 echo "$LOGIN:$PASSWD" | chpasswd

 apt-get update -y
 apt-get install -y curl iptables lsof

 SERVER_IP=`curl -s http://myip.enix.org/REMOTE_ADDR`

 /sbin/sysctl -w net.ipv4.ip_forward=1

 # racoon

 apt-get install -y racoon

 cat > /etc/racoon/racoon.conf <<END
 log info;
 path include "/etc/racoon";
 path pre_shared_key "/etc/racoon/psk.txt";

 listen {
    isakmp $SERVER_IP [500];
    isakmp_natt $SERVER_IP [4500];
 }

 remote anonymous {
    exchange_mode aggressive, main, base;
    mode_cfg on;
    proposal_check obey;
    nat_traversal on;
    generate_policy unique;
    ike_frag on;
    passive on;
    dpd_delay 30;

    proposal {
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method xauth_psk_server;
        dh_group 2;
    }
 }

 sainfo anonymous {
    encryption_algorithm aes, 3des, blowfish;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
 }

 mode_cfg {
    auth_source system;
    dns4 8.8.8.8;
    banner "";
    save_passwd on;
    network4 10.12.0.100;
    netmask4 255.255.255.0;
    pool_size 100;
    pfs_group 2;
 }

 END

 echo "$LOGIN $PASSWD" > /etc/racoon/psk.txt
 echo "$SERVER_IP connected. " > /etc/racoon/motd

 iptables -A INPUT -p udp --dport 500 -j ACCEPT
 iptables -A INPUT -p udp --dport 4500 -j ACCEPT
 iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE
 iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT
 iptables-save

 /etc/init.d/racoon restart

 # shadowsocks

 echo "deb http://shadowsocks.org/debian wheezy main" >> /etc/apt/sources.list
 apt-get update
 apt-get install -y --force-yes shadowsocks-libev

 mkdir -p /etc/shadowsocks-libev
 cat > /etc/shadowsocks-libev/config.json <<END
 {
    "server":"0.0.0.0",
    "server_port":8388,
    "local_port":1080,
    "password":"$PASSWD",
    "timeout":600,
    "method":"aes-256-cfb"
 }
 END

 /etc/init.d/shadowsocks-libev restart
	#!/bin/sh
	# [email protected], 2014

	# USEAGE:
	# LOGIN=your_username PASSWD=your_password sh -x vpn_setup.sh


	set -e
	set -x

	[ $LOGIN ] \|\| exit 1
	[ $PASSWD ] \|\| exit 1


	# racoon uses system account to login in. psk: group = $LOGIN, secret = $PASSWD

	useradd $LOGIN \|\| true
	echo "$LOGIN:$PASSWD" \| chpasswd

	apt-get update -y
	apt-get install -y curl iptables lsof

	SERVER_IP=`curl -s http://myip.enix.org/REMOTE_ADDR`

	/sbin/sysctl -w net.ipv4.ip_forward=1

	# racoon

	apt-get install -y racoon

	cat > /etc/racoon/racoon.conf <<END
	log info;
	path include "/etc/racoon";
	path pre_shared_key "/etc/racoon/psk.txt";

	listen {
	isakmp $SERVER_IP [500];
	isakmp_natt $SERVER_IP [4500];
	}

	remote anonymous {
	exchange_mode aggressive, main, base;
	mode_cfg on;
	proposal_check obey;
	nat_traversal on;
	generate_policy unique;
	ike_frag on;
	passive on;
	dpd_delay 30;

	proposal {
	lifetime time 28800 sec;
	encryption_algorithm 3des;
	hash_algorithm md5;
	authentication_method xauth_psk_server;
	dh_group 2;
	}
	}

	sainfo anonymous {
	encryption_algorithm aes, 3des, blowfish;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
	}

	mode_cfg {
	auth_source system;
	dns4 8.8.8.8;
	banner "";
	save_passwd on;
	network4 10.12.0.100;
	netmask4 255.255.255.0;
	pool_size 100;
	pfs_group 2;
	}

	END

	echo "$LOGIN $PASSWD" > /etc/racoon/psk.txt
	echo "$SERVER_IP connected. " > /etc/racoon/motd

	iptables -A INPUT -p udp --dport 500 -j ACCEPT
	iptables -A INPUT -p udp --dport 4500 -j ACCEPT
	iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE
	iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT
	iptables-save

	/etc/init.d/racoon restart

	# shadowsocks

	echo "deb http://shadowsocks.org/debian wheezy main" >> /etc/apt/sources.list
	apt-get update
	apt-get install -y --force-yes shadowsocks-libev

	mkdir -p /etc/shadowsocks-libev
	cat > /etc/shadowsocks-libev/config.json <<END
	{
	"server":"0.0.0.0",
	"server_port":8388,
	"local_port":1080,
	"password":"$PASSWD",
	"timeout":600,
	"method":"aes-256-cfb"
	}
	END

	/etc/init.d/shadowsocks-libev restart