syuraj · May 12, 2025 03:58
diff --git a/setup-l2tp-vpn.sh b/setup-l2tp-vpn.sh
 #!/bin/bash

 # Enable IP forwarding
 echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
 sudo sysctl -p

 # Install required packages
 sudo apt update
 sudo apt install -y strongswan xl2tpd ppp ufw iptables-persistent

 # strongSwan IPsec config
 sudo tee /etc/ipsec.conf > /dev/null <<EOF
 config setup
  charondebug="ike 1, knl 1, cfg 0"

 conn L2TP-PSK
  keyexchange=ikev1
  authby=secret
  type=transport
  left=%any
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/%any
  auto=add
 EOF

 # IPsec shared secret
 sudo tee /etc/ipsec.secrets > /dev/null <<EOF
 : PSK "your_shared_secret"
 EOF

 # xl2tpd config
 sudo tee /etc/xl2tpd/xl2tpd.conf > /dev/null <<EOF
 [global]
 port = 1701

 [lns default]
 ip range = 10.10.10.10-10.10.10.100
 local ip = 10.10.10.1
 require chap = yes
 refuse pap = yes
 ppp debug = yes
 pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF

 # PPP options
 sudo tee /etc/ppp/options.xl2tpd > /dev/null <<EOF
 require-mschap-v2
 ms-dns 8.8.8.8
 ms-dns 1.1.1.1
 asyncmap 0
 auth
 crtscts
 lock
 hide-password
 modem
 debug
 proxyarp
 EOF

 # VPN user credentials
 sudo tee /etc/ppp/chap-secrets > /dev/null <<EOF
 yourvpnuser l2tpd yourpassword *
 EOF

 # Firewall and NAT setup
 sudo iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o enp0s6 -j MASQUERADE
 sudo iptables -A FORWARD -s 10.10.10.0/24 -j ACCEPT
 sudo iptables -A FORWARD -d 10.10.10.0/24 -j ACCEPT
 sudo netfilter-persistent save

 # UFW rules
 sudo ufw allow OpenSSH
 sudo ufw allow 500,4500,1701/udp
 sudo ufw route allow in on ppp+ out on enp0s6 from 10.10.10.0/24 to any
 sudo ufw route allow in on enp0s6 out on ppp+ to 10.10.10.0/24
 sudo ufw --force enable

 # Restart services
 sudo systemctl restart strongswan-starter
 sudo systemctl restart xl2tpd

 echo "✅ VPN setup complete. Configure your macOS VPN client and connect."
	#!/bin/bash

	# Enable IP forwarding
	echo "net.ipv4.ip_forward=1" \| sudo tee -a /etc/sysctl.conf
	sudo sysctl -p

	# Install required packages
	sudo apt update
	sudo apt install -y strongswan xl2tpd ppp ufw iptables-persistent

	# strongSwan IPsec config
	sudo tee /etc/ipsec.conf > /dev/null <<EOF
	config setup
	charondebug="ike 1, knl 1, cfg 0"

	conn L2TP-PSK
	keyexchange=ikev1
	authby=secret
	type=transport
	left=%any
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/%any
	auto=add
	EOF

	# IPsec shared secret
	sudo tee /etc/ipsec.secrets > /dev/null <<EOF
	: PSK "your_shared_secret"
	EOF

	# xl2tpd config
	sudo tee /etc/xl2tpd/xl2tpd.conf > /dev/null <<EOF
	[global]
	port = 1701

	[lns default]
	ip range = 10.10.10.10-10.10.10.100
	local ip = 10.10.10.1
	require chap = yes
	refuse pap = yes
	ppp debug = yes
	pppoptfile = /etc/ppp/options.xl2tpd
	length bit = yes
	EOF

	# PPP options
	sudo tee /etc/ppp/options.xl2tpd > /dev/null <<EOF
	require-mschap-v2
	ms-dns 8.8.8.8
	ms-dns 1.1.1.1
	asyncmap 0
	auth
	crtscts
	lock
	hide-password
	modem
	debug
	proxyarp
	EOF

	# VPN user credentials
	sudo tee /etc/ppp/chap-secrets > /dev/null <<EOF
	yourvpnuser l2tpd yourpassword *
	EOF

	# Firewall and NAT setup
	sudo iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o enp0s6 -j MASQUERADE
	sudo iptables -A FORWARD -s 10.10.10.0/24 -j ACCEPT
	sudo iptables -A FORWARD -d 10.10.10.0/24 -j ACCEPT
	sudo netfilter-persistent save

	# UFW rules
	sudo ufw allow OpenSSH
	sudo ufw allow 500,4500,1701/udp
	sudo ufw route allow in on ppp+ out on enp0s6 from 10.10.10.0/24 to any
	sudo ufw route allow in on enp0s6 out on ppp+ to 10.10.10.0/24
	sudo ufw --force enable

	# Restart services
	sudo systemctl restart strongswan-starter
	sudo systemctl restart xl2tpd

	echo "✅ VPN setup complete. Configure your macOS VPN client and connect."