2017年4月6日 星期四

Shell script 安裝、設定 PPTP VPN

另一篇 Shell script 安裝、設定 L2TP VPN

#!/bin/bash
# Author:  yeho <lj2007331 AT gmail.com>

# Check if user is root
[ $(id -u) != "0" ] && echo "Error: You must be root to run this script" && exit 1

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear

printf "
#######################################################################
#                                                 For CentOS/RadHat 6+                                                   #
#######################################################################
"

while :
do
echo
read -p "Please input private IP-Range(Default Range: 192.168.40): " iprange
[ -z "$iprange" ] && iprange="192.168.40"
if [ -z "`echo $iprange | grep -E "^10\.|^192\.168\.|^172\." | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'`" ];then
echo -e "\033[31minput error! Input format: xxx.xxx.xxx\033[0m"
else
break
fi
done

while :
do
echo
        read -p "Please input username: " Username
        [ -n "$Username" ] && break
done

while :
do
echo
        read -p "Please input password: " Password
        [ -n "$Password" ] && break
done
clear

get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}

echo ""
echo "Server Local IP:$iprange.1"
echo ""
echo "Client Remote IP Range:$iprange.2-$iprange.254"
echo ""
echo "Press any key to start..."
char=`get_char`
clear

if [ -n "`grep 'CentOS Linux release 7' /etc/redhat-release`" ];then
        CentOS_REL=7
        for Package in wget net-tools ppp iptables iptables-services make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
        do
                yum -y install $Package
        done
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm
rpm -Uvh pptpd-1.4.0-2.el7.x86_64.rpm
        echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
elif [ -n "`grep 'CentOS release 6' /etc/redhat-release`" ];then
        CentOS_REL=6
        for Package in wget net-tools ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
        do
                yum -y install $Package
        done
wget wget http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -Uvh pptpd-1.3.4-2.el6.x86_64.rpm
        sed -i 's@net.ipv4.ip_forward.*@net.ipv4.ip_forward = 1@g' /etc/sysctl.conf
else
        echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
        exit 1
fi

sysctl -p

cat >/etc/ppp/options.pptpd<<EOF
name pptpd
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
EOF

cat >/etc/pptpd.conf<<EOF
connections 100
localip 192.168.40.1
remoteip 192.168.40.100-200
EOF

cat >> /etc/ppp/chap-secrets<<EOF
$Username pptpd $Password *
EOF

if [ -n "`grep 'CentOS Linux release 7' /etc/redhat-release`" ];then
        CentOS_REL=7
        NETWORK_INT=`ip route | grep default | awk '{print $5}'`
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o $NETWORK_INT -j MASQUERADE
#Forwarding rules for VPN
iptables -A FORWARD -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
elif [ -n "`grep 'CentOS release 6' /etc/redhat-release`" ];then
        CentOS_REL=6
NETWORK_INT=`route | grep default | awk '{print $NF}'`
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
        iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT
        iptables -A INPUT -p gre -j ACCEPT
        iptables -A OUTPUT -p gre -j ACCEPT
        iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o $NETWORK_INT -j MASQUERADE
#Forwarding rules for VPN
iptables -A FORWARD -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
else
        echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
        exit 1
fi

service pptpd restart-kill
service pptpd start
chkconfig pptpd on
clear
printf "
Serverip:$public_IP
username:$Username
password:$Password
"



沒有留言:

張貼留言

OCS Inventory 匯出資料到 Google 試算表(依電腦設備類型)

OCS Inventory 匯出到 Google 試算表的程式是從網路上其他高手分享出來( 參考資料出處 ),並依個人需求調整。 如要取用請注意,因程式是用 python 寫的,程式段落可能會移位導致無法正常運作。 下列程式調整SELECT電腦 設備類型 為Noteboo...