redhat6.3一键安装L2TP脚本

Tips:
1.灵活设置自己的公网IP
tmpip=`ifconfig |grep ‘inet’ | grep -Evi ‘(inet6|127.0.0.1)’ | awk ‘{print $2}’ | cut -d: -f2 | head -1`
这行代码是检测网卡IP的,使用head或tail合理选择自己的公网IP
2.如果是SSH非root登录的系统,首先要 su root,然后进入/root或者注释掉程序开头对root身份的认证.
3.最后ipsec verify的结果如果出现下述情况:
<1>Two or more interfaces found, checking IP forwarding [FAILED]
那么请运行如下命令:
cat /proc/sys/net/ipv4/ip_forward
如果结果是1,请忽略这个FAILED.

<2>Checking for IPsec support in kernel [FAILED]
SAref kernel support [N/A]
Checking that pluto is running [FAILED]

如果出现上述情况,请执行下述命令:

ipsec setup start

再次执行ipsec verify查看.

 

——————————CODE BEGIN————————————–

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#===============================================================================================
# SYSTEM REQUIRED: CentOS 6 (32bit/64bit)
# DESCRIPTION: Auto install L2TP for CentOS 6
# Author: Teddysun <i@teddysun.com>
#===============================================================================================

if [[ “$USER” != ‘root’ ]]; then
echo “Sorry, you need to run this as root”
echo $USER
exit 1
fi

if [[ ! -e /dev/net/tun ]]; then
echo “TUN/TAP is not available”
exit 1
fi

clear
echo “”
echo “#############################################################”
echo “# Auto install L2TP for CentOS 6/RedHat 6 #”
echo “# System Required: CentOS/RedHat(32bit/64bit) #”
echo “# Intro: ~~~ #”
echo “# Author: ~~~ #”
echo “#############################################################”
echo “”

tmpip=`ifconfig |grep ‘inet’ | grep -Evi ‘(inet6|127.0.0.1)’ | awk ‘{print $2}’ | cut -d: -f2 | head -1`
if [[ “$tmpip” = “” ]]; then
tmpip=$(curl -4 icanhazip.com)
fi

echo “Please input IP-Range:”
read -p “(Default Range: 10.1.2):” iprange
if [ “$iprange” = “” ]; then
iprange=”10.1.2″
fi

echo “Please input PSK:”
read -p “(Default PSK: vpn):” mypsk
if [ “$mypsk” = “” ]; then
mypsk=”vpn”
fi

clear
get_char(){
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo “”
echo “ServerIP:”
echo “$tmpip”
echo “”
echo “Server Local IP:”
echo “$iprange.1”
echo “”
echo “Client Remote IP Range:”
echo “$iprange.2-$iprange.254”
echo “”
echo “PSK:”
echo “$mypsk”
echo “”
echo “Press any key to start…or Press Ctrl+c to cancel”
char=`get_char`
clear

mknod /dev/random c 1 9
# Install some necessary tools
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enhanced
#
cur_dir=`pwd`
mkdir -p $cur_dir/l2tp
cd $cur_dir/l2tp
# Download openswan-2.6.38.tar.gz
if [ -s openswan-2.6.38.tar.gz ]; then
echo “openswan-2.6.38.tar.gz [found]”
else
echo “openswan-2.6.38.tar.gz not found!!!download now……”
if ! wget http://lamp.teddysun.com/files/openswan-2.6.38.tar.gz;then
echo “Failed to download openswan-2.6.38.tar.gz, please download it to $cur_dir directory manually and retry.”
exit 1
fi
fi
# Download rp-l2tp-0.4.tar.gz
if [ -s rp-l2tp-0.4.tar.gz ]; then
echo “rp-l2tp-0.4.tar.gz [found]”
else
echo “rp-l2tp-0.4.tar.gz not found!!!download now……”
if ! wget http://lamp.teddysun.com/files/rp-l2tp-0.4.tar.gz;then
echo “Failed to download rp-l2tp-0.4.tar.gz, please download it to $cur_dir directory manually and retry.”
exit 1
fi
fi
# Download xl2tpd-1.2.4.tar.gz
if [ -s xl2tpd-1.2.4.tar.gz ]; then
echo “xl2tpd-1.2.4.tar.gz [found]”
else
echo “xl2tpd-1.2.4.tar.gz not found!!!download now……”
if ! wget http://lamp.teddysun.com/files/xl2tpd-1.2.4.tar.gz;then
echo “Failed to download xl2tpd-1.2.4.tar.gz, please download it to $cur_dir directory manually and retry.”
exit 1
fi
fi

# untar all files
rm -rf $cur_dir/l2tp/untar
mkdir -p $cur_dir/l2tp/untar
echo “======untar all files,please wait a moment=====”
tar -zxf openswan-2.6.38.tar.gz -C $cur_dir/l2tp/untar
tar -zxf rp-l2tp-0.4.tar.gz -C $cur_dir/l2tp/untar
tar -zxf xl2tpd-1.2.4.tar.gz -C $cur_dir/l2tp/untar
echo “=====untar all files completed!=====”
# Install openswan-2.6.38
cd $cur_dir/l2tp/untar/openswan-2.6.38
make programs install

# Configuation ipsec
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<>/etc/ipsec.secrets< $each/accept_redirects
echo 0 > $each/send_redirects
done

# Install rp-l2tp-0.4
cd $cur_dir/l2tp/untar/rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir -p /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
# Install xl2tpd-1.2.4.tar.gz
cd $cur_dir/l2tp/untar/xl2tpd-1.2.4
make install
mkdir -p /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<>/etc/ppp/options.xl2tpd<> /etc/ppp/chap-secrets

touch /usr/bin/l2tpset
echo “#/bin/bash” >>/usr/bin/l2tpset
echo “for each in /proc/sys/net/ipv4/conf/*” >>/usr/bin/l2tpset
echo “do” >>/usr/bin/l2tpset
echo “echo 0 > \$each/accept_redirects” >>/usr/bin/l2tpset
echo “echo 0 > \$each/send_redirects” >>/usr/bin/l2tpset
echo “done” >>/usr/bin/l2tpset
chmod +x /usr/bin/l2tpset
iptables –table nat –append POSTROUTING –jump MASQUERADE
l2tpset
xl2tpd
cat >>/etc/rc.local< #
#############################################################
if there are no [FAILED] above, then you can connect to your
L2TP VPN Server with the default user/password below:

ServerIP:$tmpip
username:vpn
password:${pass}
PSK:$mypsk

exit 0