Update l2tp.sh
This commit is contained in:
NewName
110
l2tp.sh
110
l2tp.sh
@@ -1,48 +1,51 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# 退出时显示错误
|
||||||
|
set -e
|
||||||
|
|
||||||
# 更新系统包列表
|
# 更新系统包列表
|
||||||
apt update
|
apt update
|
||||||
|
|
||||||
# 安装必要的软件包
|
# 安装必要的软件包
|
||||||
echo "正在安装 StrongSwan 和 xl2tpd..."
|
echo "正在安装 StrongSwan 和 xl2tpd..."
|
||||||
apt install -yq strongswan xl2tpd ppp
|
DEBIAN_FRONTEND=noninteractive apt install -yq strongswan xl2tpd ppp
|
||||||
|
|
||||||
# 随机生成用户名、密码和预共享密钥
|
# 随机生成用户名、密码和预共享密钥
|
||||||
USERNAME="vpnuser_$(tr -dc A-Za-z0-9 </dev/urandom | head -c 6)" # 随机生成用户名
|
USERNAME="vpnuser_$(tr -dc A-Za-z0-9 </dev/urandom | head -c 6)"
|
||||||
PASSWORD="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 10)" # 随机生成密码
|
PASSWORD="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)"
|
||||||
PSK="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)" # 随机生成预共享密钥
|
PSK="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20)"
|
||||||
|
|
||||||
|
# 获取公网 IP
|
||||||
|
PUBLIC_IP=$(curl -s http://ipinfo.io/ip)
|
||||||
|
|
||||||
# 配置 StrongSwan
|
# 配置 StrongSwan
|
||||||
echo "正在配置 StrongSwan..."
|
echo "正在配置 StrongSwan..."
|
||||||
cat <<EOF > /etc/ipsec.conf
|
cat <<EOF > /etc/ipsec.conf
|
||||||
config setup
|
config setup
|
||||||
charondebug="ike 2, knl 2, cfg 2"
|
charondebug="ike 1, knl 1, cfg 0"
|
||||||
uniqueids=no
|
uniqueids=no
|
||||||
|
|
||||||
conn L2TP-PSK
|
conn L2TP-PSK
|
||||||
authby=secret
|
authby=secret
|
||||||
pfs=no
|
pfs=no
|
||||||
auto=add
|
auto=add
|
||||||
keyexchange=ikev1
|
keyingtries=3
|
||||||
type=transport
|
rekey=no
|
||||||
left=%any
|
|
||||||
leftprotoport=17/1701
|
|
||||||
right=%any
|
|
||||||
rightprotoport=17/1701
|
|
||||||
ikelifetime=8h
|
ikelifetime=8h
|
||||||
keylife=1h
|
keylife=1h
|
||||||
rekeymargin=3m
|
type=transport
|
||||||
keyingtries=1
|
left=$PUBLIC_IP
|
||||||
|
leftprotoport=17/1701
|
||||||
|
right=%any
|
||||||
|
rightprotoport=17/%any
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
dpddelay=35s
|
dpddelay=30s
|
||||||
dpdtimeout=200s
|
dpdtimeout=120s
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# 设置预共享密钥
|
# 设置预共享密钥
|
||||||
echo "正在设置预共享密钥..."
|
echo "正在设置预共享密钥..."
|
||||||
cat <<EOF > /etc/ipsec.secrets
|
echo ": PSK \"$PSK\"" > /etc/ipsec.secrets
|
||||||
: PSK "$PSK"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# 配置 xl2tpd
|
# 配置 xl2tpd
|
||||||
echo "正在配置 xl2tpd..."
|
echo "正在配置 xl2tpd..."
|
||||||
@@ -51,52 +54,73 @@ cat <<EOF > /etc/xl2tpd/xl2tpd.conf
|
|||||||
port = 1701
|
port = 1701
|
||||||
|
|
||||||
[lns default]
|
[lns default]
|
||||||
ip range = 192.168.1.10-192.168.1.100 # 为 VPN 客户端分配的 IP 范围
|
ip range = 10.10.10.10-10.10.10.200
|
||||||
local ip = 192.168.1.1 # VPN 服务器的 IP 地址
|
local ip = 10.10.10.1
|
||||||
require chap = yes # 要求使用 CHAP 认证
|
require chap = yes
|
||||||
refuse pap = yes # 拒绝 PAP 认证
|
refuse pap = yes
|
||||||
require authentication = yes # 需要认证
|
require authentication = yes
|
||||||
name = L2TP-VPN-Server # VPN 服务器的名称
|
name = L2TP-VPN-Server
|
||||||
ppp debug = yes # 启用 PPP 调试
|
ppp debug = yes
|
||||||
pppoptfile = /etc/ppp/options.xl2tpd # 指定 PPP 选项文件
|
pppoptfile = /etc/ppp/options.xl2tpd
|
||||||
length bit = yes # 支持长度位
|
length bit = yes
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# 配置 PPP 选项
|
# 配置 PPP 选项
|
||||||
echo "正在配置 PPP 选项..."
|
echo "正在配置 PPP 选项..."
|
||||||
cat <<EOF > /etc/ppp/options.xl2tpd
|
cat <<EOF > /etc/ppp/options.xl2tpd
|
||||||
require-mschap-v2
|
ipcp-accept-local
|
||||||
refuse-mschap
|
ipcp-accept-remote
|
||||||
refuse-chap
|
ms-dns 8.8.8.8
|
||||||
refuse-pap
|
ms-dns 8.8.4.4
|
||||||
ms-dns 8.8.8.8 # DNS 服务器地址
|
noccp
|
||||||
ms-dns 8.8.4.4 # 备用 DNS 服务器地址
|
|
||||||
auth
|
auth
|
||||||
mtu 1200
|
mtu 1280
|
||||||
mru 1200
|
mru 1280
|
||||||
lock
|
|
||||||
proxyarp
|
proxyarp
|
||||||
|
lcp-echo-failure 4
|
||||||
|
lcp-echo-interval 30
|
||||||
connect-delay 5000
|
connect-delay 5000
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# 添加 VPN 用户
|
# 添加 VPN 用户
|
||||||
cat <<EOF > /etc/ppp/chap-secrets
|
echo "$USERNAME * $PASSWORD *" > /etc/ppp/chap-secrets
|
||||||
# Secrets for authentication using CHAP
|
|
||||||
# client server secret IP addresses
|
# 配置 IP 转发
|
||||||
$USERNAME L2TP-VPN-Server "$PASSWORD" * # 随机生成的用户名和密码
|
echo "正在配置 IP 转发..."
|
||||||
|
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/60-vpn-forward.conf
|
||||||
|
sysctl -p /etc/sysctl.d/60-vpn-forward.conf
|
||||||
|
|
||||||
|
# 配置 NAT
|
||||||
|
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
|
||||||
|
iptables-save > /etc/iptables.rules
|
||||||
|
|
||||||
|
# 创建一个服务来在启动时恢复 iptables 规则
|
||||||
|
cat <<EOF > /etc/systemd/system/iptables-restore.service
|
||||||
|
[Unit]
|
||||||
|
Description=Restore iptables rules
|
||||||
|
Before=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/sbin/iptables-restore /etc/iptables.rules
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# 启动服务
|
systemctl enable iptables-restore
|
||||||
echo "正在启动 StrongSwan 和 xl2tpd 服务..."
|
|
||||||
|
# 重启并启用服务
|
||||||
|
echo "正在重启并启用服务..."
|
||||||
systemctl restart strongswan
|
systemctl restart strongswan
|
||||||
systemctl restart xl2tpd
|
systemctl restart xl2tpd
|
||||||
systemctl enable strongswan
|
systemctl enable strongswan
|
||||||
systemctl enable xl2tpd
|
systemctl enable xl2tpd
|
||||||
|
|
||||||
|
|
||||||
# 输出连接信息
|
# 输出连接信息
|
||||||
echo "L2TP/IPSec VPN 安装和配置完成!"
|
echo "L2TP/IPSec VPN 安装和配置完成!"
|
||||||
echo "请使用以下信息进行连接:"
|
echo "请使用以下信息进行连接:"
|
||||||
|
echo "服务器地址: $PUBLIC_IP"
|
||||||
echo "用户名: $USERNAME"
|
echo "用户名: $USERNAME"
|
||||||
echo "密码: $PASSWORD"
|
echo "密码: $PASSWORD"
|
||||||
echo "预共享密钥: $PSK"
|
echo "预共享密钥: $PSK"
|
||||||
|
|||||||
Reference in New Issue
Block a user