Last active
August 29, 2015 14:13
-
-
Save xjdrew/48c8c994c91a5a0627e4 to your computer and use it in GitHub Desktop.
pptp setup on ubuntu 14.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # 需要预先修改一下变量 | |
| VPN_USER=your_username | |
| VPN_PASSWORD=your_very_secure_password | |
| # 安装必要的程序 | |
| apt-get update | |
| apt-get install pptpd -y | |
| # 配置pptpd | |
| cat > /etc/pptpd.conf <<EOF | |
| option /etc/ppp/pptpd-options | |
| logwtmp | |
| localip 10.0.0.1 | |
| remoteip 10.0.0.10-200 | |
| EOF | |
| cp /etc/ppp/pptpd-options /etc/ppp/pptpd-options.old | |
| cat > /etc/ppp/pptpd-options <<EOF | |
| name pptpd | |
| refuse-pap | |
| refuse-chap | |
| refuse-mschap | |
| require-mschap-v2 | |
| require-mppe-128 | |
| ms-dns 8.8.8.8 | |
| ms-dns 8.8.4.4 | |
| proxyarp | |
| nodefaultroute | |
| lock | |
| nobsdcomp | |
| novj | |
| novjccomp | |
| nologfd | |
| EOF | |
| # 配置vpn用户 | |
| cat > /etc/ppp/chap-secrets <<EOF | |
| # Secrets for authentication using CHAP | |
| # client server secret IP addresses | |
| $VPN_USER pptpd $VPN_PASSWORD * | |
| EOF | |
| /bin/cp -f /etc/rc.local /etc/rc.local.old-$(date +%Y-%m-%d-%H:%M:%S) | |
| cat > /etc/rc.local <<EOF | |
| #!/bin/sh -e | |
| # | |
| # rc.local | |
| # | |
| # This script is executed at the end of each multiuser runlevel. | |
| # Make sure that the script will "exit 0" on success or any other | |
| # value on error. | |
| # | |
| # In order to enable or disable this script just change the execution | |
| # bits. | |
| # | |
| # By default this script does nothing. | |
| /usr/sbin/service pptpd restart | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE | |
| exit 0 | |
| EOF | |
| # 启动pptpd | |
| /usr/sbin/service pptpd restart | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE | |
| # 如果要让pptp clients之间可以直接通信 | |
| # 需添加以下iptables规则 | |
| # 参考: https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp | |
| iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE | |
| iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT | |
| iptables --append FORWARD --in-interface eth0 -j ACCEPT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # 需要预先修改一下变量 | |
| RADIUS_SERVER=127.0.0.1 | |
| RADIUS_SERVER_KEY=testing123 | |
| # 使用freeradius2.0进行验证 | |
| apt-get update | |
| apt-get install -y radiusclient1 | |
| # 设置radius服务器key | |
| cp /etc/radiusclient/servers /etc/radiusclient/servers.old | |
| cat > /etc/radiusclient/servers <<EOF | |
| $RADIUS_SERVER $RADIUS_SERVER_KEY | |
| EOF | |
| # 设置radiusclient | |
| cp /etc/radiusclient/radiusclient.conf /etc/radiusclient/radiusclient.conf.old | |
| cat > /etc/radiusclient/radiusclient.conf <<EOF | |
| auth_order radius,local | |
| login_tries 4 | |
| login_timeout 60 | |
| nologin /etc/nologin | |
| issue /etc/radiusclient/issue | |
| authserver $RADIUS_SERVER:1812 | |
| acctserver $RADIUS_SERVER:1813 | |
| servers /etc/radiusclient/servers | |
| dictionary /etc/radiusclient/dictionary | |
| login_radius /usr/sbin/login.radius | |
| seqfile /var/run/radius.seq | |
| mapfile /etc/radiusclient/port-id-map | |
| default_realm | |
| radius_timeout 10 | |
| radius_retries 3 | |
| login_local /bin/login | |
| nas_identifier 91 | |
| EOF | |
| # 生成dictionary.microsoft | |
| cat > /etc/radiusclient/dictionary.microsoft <<EOF | |
| VENDOR Microsoft 311 Microsoft | |
| BEGIN VENDOR Microsoft | |
| ATTRIBUTE MS-CHAP-Response 1 string Microsoft | |
| ATTRIBUTE MS-CHAP-Error 2 string Microsoft | |
| ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft | |
| ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft | |
| ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft | |
| ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft | |
| ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft | |
| # This is referred to as both singular and plural in the RFC. | |
| # Plural seems to make more sense. | |
| ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft | |
| ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft | |
| ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft | |
| ATTRIBUTE MS-CHAP-Domain 10 string Microsoft | |
| ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft | |
| ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft encrypt=1 | |
| ATTRIBUTE MS-BAP-Usage 13 integer Microsoft | |
| ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft | |
| ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft | |
| ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft | |
| ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft | |
| ATTRIBUTE MS-RAS-Version 18 string Microsoft | |
| ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft | |
| ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft | |
| ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft | |
| ATTRIBUTE MS-Filter 22 string Microsoft | |
| ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft | |
| ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft | |
| ATTRIBUTE MS-CHAP2-Response 25 string Microsoft | |
| ATTRIBUTE MS-CHAP2-Success 26 string Microsoft | |
| ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft | |
| ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr | |
| ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr | |
| ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft | |
| ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft | |
| #ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft | |
| # | |
| # Integer Translations | |
| # | |
| # MS-BAP-Usage Values | |
| VALUE MS-BAP-Usage Not-Allowed 0 | |
| VALUE MS-BAP-Usage Allowed 1 | |
| VALUE MS-BAP-Usage Required 2 | |
| # MS-ARAP-Password-Change-Reason Values | |
| VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1 | |
| VALUE MS-ARAP-PW-Change-Reason Expired-Password 2 | |
| VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3 | |
| VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4 | |
| # MS-Acct-Auth-Type Values | |
| VALUE MS-Acct-Auth-Type PAP 1 | |
| VALUE MS-Acct-Auth-Type CHAP 2 | |
| VALUE MS-Acct-Auth-Type MS-CHAP-1 3 | |
| VALUE MS-Acct-Auth-Type MS-CHAP-2 4 | |
| VALUE MS-Acct-Auth-Type EAP 5 | |
| # MS-Acct-EAP-Type Values | |
| VALUE MS-Acct-EAP-Type MD5 4 | |
| VALUE MS-Acct-EAP-Type OTP 5 | |
| VALUE MS-Acct-EAP-Type Generic-Token-Card 6 | |
| VALUE MS-Acct-EAP-Type TLS 13 | |
| END-VENDOR Microsoft | |
| EOF | |
| # 设置dictionary | |
| cp /etc/radiusclient/dictionary /etc/radiusclient/dictionary.old | |
| grep "INCLUDE /etc/radiusclient/dictionary.microsoft" /etc/radiusclient/dictionary > /dev/null | |
| if [ $? -ne 0 ];then | |
| echo "" >> /etc/radiusclient/dictionary | |
| echo "INCLUDE /etc/radiusclient/dictionary.microsoft" >> /etc/radiusclient/dictionary | |
| echo "INCLUDE /etc/radiusclient/dictionary.merit" >> /etc/radiusclient/dictionary | |
| fi | |
| # 设置pptpd,启用radius | |
| cp /etc/ppp/pptpd-options /etc/ppp/pptpd-options.old.radius | |
| grep "plugin radius.so" /etc/ppp/pptpd-options >> /dev/null | |
| if [ $? -ne 0 ]; then | |
| echo "" >> /etc/ppp/pptpd-options | |
| echo "plugin radius.so" >> /etc/ppp/pptpd-options | |
| echo "plugin radattr.so" >> /etc/ppp/pptpd-options | |
| fi | |
| # 重启pptpd | |
| /usr/sbin/service pptpd restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment