求个pptp/l2tp二合一一键安装脚本

VPSCAT

这个可以有，有个3in1的

哈P哥

没有，楼下肯定有

堕落kiss

1. #!/bin/bash
   
2. ETH=外网IP
   
3. IPSEC_SECRETS=l2tp密钥
   
4. #--------apt-get install ---------------------
   
5. apt-get -y install pptpd openswan xl2tpd bzip2 autoconf gcc make iptables rcconf libgmp3-dev flex bison
   
6. wget http://www.openswan.org/download/openswan-2.6.34.tar.gz
   
7. tar -xvzf openswan-2.6.34.tar.gz -C /usr/local/src/
   
8. #-------------install openswan-2.6.34--------
   
9. cd /usr/local/src/openswan-2.6.34/
   
10. make programs
    
11. make install
    
12. #--------------config openswan--------------
    
13. sed -i '30s/auto/netkey/' /etc/ipsec.conf
    
14. echo 'include /etc/ipsec.d/l2tp-psk.conf' >> /etc/ipsec.conf
    
15. cp /etc/ipsec.d/examples/l2tp-psk.conf /etc/ipsec.d/l2tp-psk.conf
    
16. sed -i "28s/YourGatewayIP/$ETH/" /etc/ipsec.d/l2tp-psk.conf
    
17. sed -i '50,60s/^/#/' /etc/ipsec.d/l2tp-psk.conf
    
18. #cat /etc/ipsec.d/l2tp-psk.conf >> /etc/ipsec.conf
    
19. echo "$ETH %any: PSK "$IPSEC_SECRETS"" >>/etc/ipsec.secrets
    
20. #--------------config system--------------
    
21. echo 1 >/proc/sys/net/ipv4/ip_forward
    
22. echo 1 >/proc/sys/net/core/xfrm_larval_drop
    
23. for each in /proc/sys/net/ipv4/conf/*   
    
24. do   
    
25. echo 0 > $each/accept_redirects   
    
26. echo 0 > $each/send_redirects   
    
27. done
    
28. sed -i '19s/#//' /etc/sysctl.conf
    
29. sed -i '19s/1/0/' /etc/sysctl.conf
    
30. sed -i '28s/#//' /etc/sysctl.conf
    
31. sed -i '44s/#//' /etc/sysctl.conf
    
32. sed -i '52s/#//' /etc/sysctl.conf
    
33. sed -i "s/127.0.1.1/$ETH/" /etc/hosts
    
34. echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
    
35. #------------config pptpd-options-----------------
    
36. sed -i '55s/#ms-dns 10.0.0.1/ms-dns 8.8.8.8/' /etc/ppp/pptpd-options
    
37. sed -i '56s/#ms-dns 10.0.0.2/ms-dns 8.8.4.4/' /etc/ppp/pptpd-options
    
38. echo "#mtu 1496"
    
39. echo "#mru 1500"
    
40. #------------config options.l2tpd-----------------
    
41. cat >>/etc/ppp/options.l2tpd<<EOF
    
42. require-mschap-v2
    
43. name l2tpd
    
44. ms-dns 8.8.8.8
    
45. ms-dns 8.8.4.4
    
46. asyncmap 0
    
47. auth
    
48. crtscts
    
49. lock
    
50. hide-password
    
51. modem
    
52. #debug
    
53. proxyarp
    
54. lcp-echo-interval 30
    
55. lcp-echo-failure 4
    
56. EOF
    
57. #------------config xl2tpd.conf-----------------
    
58. mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.back
    
59. cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
    
60. [global]
    
61. ipsec saref = yes
    
62. listen-addr = $ETH
    
63. [lns default]
    
64. ip range = 192.168.100.102-192.168.100.201
    
65. local ip = 192.168.100.1
    
66. length bit = yes
    
67. ;require chap = yes
    
68. refuse chap = yes
    
69. refuse pap = yes
    
70. require authentication = yes
    
71. ppp debug = yes
    
72. pppoptfile = /etc/ppp/options.l2tpd
    
73. EOF
    
74. #------------config pptpd.conf-----------------
    
75. echo "localip 192.168.100.1" >>/etc/pptpd.conf
    
76. echo "remoteip 192.168.100.2-101" >>/etc/pptpd.conf
    
77. sed -i 's:logwtmp:#logwtmp:g' /etc/pptpd.conf
    
78. #------config iptables-------------------
    
79. cat >>/root/iptables.test.rules<<EOF
    
80. *filter
    
81. 
    
82. -P INPUT DROP
    
83. -P OUTPUT ACCEPT
    
84. -P FORWARD ACCEPT
    
85. -A INPUT -i lo -p all -j ACCEPT
    
86. -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
    
87. -A INPUT -p icmp -j ACCEPT
    
88. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
89. -A INPUT -p gre -j ACCEPT
    
90. -A INPUT -p tcp --dport 22 -j ACCEPT
    
91. -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
    
92. #-A INPUT -p tcp -m tcp --dport 47 -j ACCEPT
    
93. -A INPUT -p udp -m udp --dport 500 -j ACCEPT
    
94. -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
    
95. -A INPUT -p udp -m udp --dport 1701 -j ACCEPT
    
96. #-I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
    
97. 
    
98. 
    
99. COMMIT
    
100. EOF
     
101. cat >>/root/iptables.save<<EOF
     
102. #!/bin/bash
     
103. iptables-restore < /root/iptables.test.rules
     
104. iptables -L
     
105. iptables-save > /etc/iptables.up.rules
     
106. EOF
     
107. 
     
108. cat >>/etc/network/if-pre-up.d/iptables <<EOF
     
109. #!/bin/bash
     
110. /sbin/iptables-restore < /etc/iptables.up.rules
     
111. EOF
     
112. chmod +x /etc/network/if-pre-up.d/iptables
     
113. iptables-restore < /root/iptables.test.rules
     
114. iptables -L
     
115. iptables-save > /etc/iptables.up.rules
     
116. #------------kvm_xen--------------------------
     
117. sed -i '12a iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 8.8.8.8' /etc/rc.local
     
118. sed -i '12a iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE ' /etc/rc.local
     
119. #sed -i '12a iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source $ETH' /etc/rc.local
     
120. #--------------start---------
     
121. sed -i '14a /etc/init.d/ipsec restart' /etc/rc.local
     
122. sed -i '14a sleep 10' /etc/rc.local
     
123. apt-get -y remove openswan
     

复制代码

debian 系统下的,SSH默认是22端口,装完之后重启下,我在DEBIAN 6.0下没有问题.......

堕落kiss

cdm 发表于 2011-12-26 21:52
谢谢提供。刚也装过哦，在windows下面改了ip地址和psk，然后上传。。

debian 貌似装不了。 ...

debian 装不了?应该不是会把 我在 BUYVM 和那个3刀的都测试过,没有问题呀,如果是OPENVZ是用不了L2TP的

kwx

呃。。同求