2017年4月6日 星期四

Shell script 安裝、設定 PPTP VPN

另一篇 Shell script 安裝、設定 L2TP VPN

#!/bin/bash
# Author:  yeho <lj2007331 AT gmail.com>

# Check if user is root
[ $(id -u) != "0" ] && echo "Error: You must be root to run this script" && exit 1

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear

printf "
#######################################################################
#                                                 For CentOS/RadHat 6+                                                   #
#######################################################################
"

while :
do
echo
read -p "Please input private IP-Range(Default Range: 192.168.40): " iprange
[ -z "$iprange" ] && iprange="192.168.40"
if [ -z "`echo $iprange | grep -E "^10\.|^192\.168\.|^172\." | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'`" ];then
echo -e "\033[31minput error! Input format: xxx.xxx.xxx\033[0m"
else
break
fi
done

while :
do
echo
        read -p "Please input username: " Username
        [ -n "$Username" ] && break
done

while :
do
echo
        read -p "Please input password: " Password
        [ -n "$Password" ] && break
done
clear

get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}

echo ""
echo "Server Local IP:$iprange.1"
echo ""
echo "Client Remote IP Range:$iprange.2-$iprange.254"
echo ""
echo "Press any key to start..."
char=`get_char`
clear

if [ -n "`grep 'CentOS Linux release 7' /etc/redhat-release`" ];then
        CentOS_REL=7
        for Package in wget net-tools ppp iptables iptables-services make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
        do
                yum -y install $Package
        done
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm
rpm -Uvh pptpd-1.4.0-2.el7.x86_64.rpm
        echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
elif [ -n "`grep 'CentOS release 6' /etc/redhat-release`" ];then
        CentOS_REL=6
        for Package in wget net-tools ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
        do
                yum -y install $Package
        done
wget wget http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -Uvh pptpd-1.3.4-2.el6.x86_64.rpm
        sed -i 's@net.ipv4.ip_forward.*@net.ipv4.ip_forward = 1@g' /etc/sysctl.conf
else
        echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
        exit 1
fi

sysctl -p

cat >/etc/ppp/options.pptpd<<EOF
name pptpd
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
EOF

cat >/etc/pptpd.conf<<EOF
connections 100
localip 192.168.40.1
remoteip 192.168.40.100-200
EOF

cat >> /etc/ppp/chap-secrets<<EOF
$Username pptpd $Password *
EOF

if [ -n "`grep 'CentOS Linux release 7' /etc/redhat-release`" ];then
        CentOS_REL=7
        NETWORK_INT=`ip route | grep default | awk '{print $5}'`
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o $NETWORK_INT -j MASQUERADE
#Forwarding rules for VPN
iptables -A FORWARD -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
elif [ -n "`grep 'CentOS release 6' /etc/redhat-release`" ];then
        CentOS_REL=6
NETWORK_INT=`route | grep default | awk '{print $NF}'`
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
        iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT
        iptables -A INPUT -p gre -j ACCEPT
        iptables -A OUTPUT -p gre -j ACCEPT
        iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o $NETWORK_INT -j MASQUERADE
#Forwarding rules for VPN
iptables -A FORWARD -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
else
        echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
        exit 1
fi

service pptpd restart-kill
service pptpd start
chkconfig pptpd on
clear
printf "
Serverip:$public_IP
username:$Username
password:$Password
"



標籤: , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)

ManageEngine EventLog Analyzer版本更新步驟

更新檔下載位址: Upgrade to Latest Version of EventLog Analyzer Build (manageengine.com) 先將下載的更新檔上傳到主機裡,再進行下列動作。 切換到 ManageEngine EventLog Analyzer ...

  • Linux LVM (建立、擴充、移除LVM磁區) 操作筆記
    一、建立新的LVM磁區(建立順序:PV、VG、LV) 使用 LVM 可在分割磁區時不必一次分割大量空間給各個 Partition,等日後哪個磁區空間不足時再分配之前未分配的空間或新增一顆硬碟來配給使用。 確認是否有安裝 LVM 套件: rpm -qa lvm2 ...
  • VMware OVF Tool 指令模式 匯出、匯入 OVA
    指令模式匯出 OVA: 使用指令模式需要到 VMWare 官網下載 VMWare Tool: https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL400&productId=353 下載安裝...
  • MikroTik RouterOS L2TP over IPSec 連線設定
    寫得太麻煩了,直接看圖 L2TP 設定: IP >> Pool 新增一個給 L2TP 使用的 IP 網段(使用的 IP address: 192.168.125.100~192.168.125.200 ) ...