Skip to content

Instantly share code, notes, and snippets.

@tang3w

tang3w/L2TP-install.sh

Created December 5, 2013 04:58
Show Gist options
  • Save tang3w/7800370 to your computer and use it in GitHub Desktop.
Save tang3w/7800370 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
L2TP-install.sh
#!/bin/bash
# Modified by Tianyong Tang
#
# Original version's Copyright infomation:
#
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.2 #
# Author: Zed Lau #
# Website: http://zeddicus.com #
# #
####################################################
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this tool!\n"
exit 1
fi
clear
vpsip=`hostname -i`
iprange="10.0.99"
echo "Please input IP-Range:"
read -p "(Default Range: 10.0.99):" iprange
if [ "$iprange" = "" ]; then
iprange="10.0.99"
fi
username="test"
echo "Please input username:"
read -p "(Default username: test):" username
if [ "$username" = "" ]; then
username="test"
fi
password="test123"
echo "Please input password:"
read -p "(Default password: test123):" password
if [ "$password" = "" ]; then
password="test123"
fi
mypsk="fuckgfw"
echo "Please input PSK:"
read -p "(Default PSK: fuckgfw):" mypsk
if [ "$mypsk" = "" ]; then
mypsk="fuckgfw"
fi
clear
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "ServerIP:"
echo "$vpsip"
echo ""
echo "Server Local IP:"
echo "$iprange.1"
echo ""
echo "Client Remote IP Range:"
echo "$iprange.2-$iprange.254"
echo ""
echo "Username:"
echo "$username"
echo ""
echo "Password:"
echo "$password"
echo ""
echo "PSK:"
echo "$mypsk"
echo ""
echo "Press any key to start..."
char=`get_char`
clear
apt-get -y update
apt-get -y upgrade
apt-get -y install libgmp3-dev bison flex libpcap-dev ppp iptables make gcc lsof vim
# Install openswan {{{
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
tar zxvf openswan-2.6.24.tar.gz
cd openswan-2.6.24
make programs install
# }}}
# Make ipsec.conf {{{
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
EOF
# }}}
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$mypsk"
EOF
# Enable IP forwarding {{{
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
sysctl -p
# }}}
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart
ipsec verify
# Install l2tp-control {{{
cd /ztmp/l2tp
wget http://superb-dca2.dl.sourceforge.net/project/rp-l2tp/rp-l2tp/0.4/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
# }}}
# Install xl2tpd {{{
cd /ztmp/l2tp
wget http://ftp.openswan.org/xl2tpd/xl2tpd-1.3.1.tar.gz
tar zxvf xl2tpd-1.3.1.tar.gz
cd xl2tpd-1.3.1
make install
# }}}
# Make xl2tpd.conf {{{
mkdir /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $iprange.2-$iprange.254
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
# }}}
# Make options.xl2tpd {{{
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
# }}}
# Set username and password {{{
cat >>/etc/ppp/chap-secrets<<EOF
$username l2tpd $password *
EOF
# }}}
touch /usr/bin/zl2tpset
echo "#/bin/bash" >>/usr/bin/zl2tpset
echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/zl2tpset
echo "do" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/accept_redirects" >>/usr/bin/zl2tpset
echo "echo 0 > \$each/send_redirects" >>/usr/bin/zl2tpset
echo "done" >>/usr/bin/zl2tpset
chmod +x /usr/bin/zl2tpset
iptables --table nat --append POSTROUTING --jump MASQUERADE
zl2tpset
xl2tpd
touch /usr/local/sbin/xl2tpd-start
cat >>/usr/local/sbin/xl2tpd-start<<EOF
#!/bin/sh -e
#
### BEGIN INIT INFO
# Provides: xl2tpd
# Required-Start: $network $syslog $named
# Required-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start L2TP at boot time
# Description: Enable automatic L2TP VPN Service
### END INIT INFO
#
iptables --table nat --append POSTROUTING --jump MASQUERADE
/etc/init.d/ipsec restart
/usr/bin/zl2tpset
/usr/local/sbin/xl2tpd
EOF
chmod a+x /usr/local/sbin/xl2tpd-start
ln -s /usr/local/sbin/xl2tpd-start /etc/init.d/xl2tpd-start
clear
ipsec verify
printf "
+--------------------------------------------------------------------+
+ Now, try to connect to L2TP VPN Server with the information below: +
+--------------------------------------------------------------------+
ServerIP:$vpsip
Username:$username
Password:$password
PSK:$mypsk
"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment