Centos l2tp vpnのインストール
実行環境:
centos5 32bit & centos5 64bit
ファイル名:l2tp_centos.sh
サンプルコード:
#!/bin/bash
if [ $(id -u) != “0" ]; then
printf “エラー: このツールを実行するにはroot権限が必要!\n"
exit 1
fi
clear
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Website: https://arkgame.com #
# For CentOS 32bit and 64bit #
# #
####################################################
"
vpsip=`hostname -i`
username="tension"
echo “ユーザ名を入力してください:"
read -p “(ディフォルト名: tension):" username
if [ “$username" = “" ]; then
username="elinkhost"
fi
password="startnews24″
echo “パスワードを入力してください:"
read -p “(ディフォルトパスワード: startnews24):" password
if [ “$password" = “" ]; then
password="startnews24″
fi
mypsk="elinkhost"
echo “セキュリティコードを入力してください:"
read -p “(ディフォルト: startnews24):" mypsk
if [ “$mypsk" = “" ]; then
mypsk="elinkhost"
fi
iprange="10.0.0″
echo “リモートクライアントのIP範囲を入力してください:"
read -p “(ディフォルト範囲: 10.0.0):" iprange
if [ “$iprange" = “" ]; then
iprange="10.0.0″
fi
clear
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo “"
echo “サーバーIP:"
echo “$vpsip"
echo “"
echo “サーバーローカル IP:"
echo “$iprange.1"
echo “"
echo “ユーザ名:"
echo “$username"
echo “"
echo “パスワード:"
echo “$password"
echo “"
echo “認証コード:"
echo “$mypsk"
echo “"
echo “リモートクライアントのIP範囲:"
echo “$iprange.2-$iprange.254"
echo “"
echo “任意キーを押し開始…"
char=`get_char`
clear
mknod /dev/random c 1 9
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
# install openswan ipsec
if [ ! -f “./openswan.tar.gz" ]; then
wget -c -O openswan.tar.gz –secure-protocol=auto –no-check-certificate https://download.openswan.org/openswan/openswan-2.6.33.tar.gz
fi
tar -zxvf openswan.tar.gz
cd ./openswan*/
make programs install
if [ -f “/etc/ipsec.conf" ]; then
mv /etc/ipsec.conf /etc/ipsec_bak_`date “+%Y%m%d-%H%M%S"`.conf
fi
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<
sysctl -p
cd –
# install rp-l2tp ctl
if [ ! -f “rp-l2tp.tar.gz" ]; then
wget -c -O rp-l2tp.tar.gz –secure-protocol=auto –no-check-certificate http://mirror.zeddicus.com/sources/rp-l2tp-0.4.tar.gz
fi
tar zxvf rp-l2tp.tar.gz
cd ./rp-l2tp*/
./configure
make
if [ -f “/usr/local/sbin/l2tp-control" ]; then
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
fi
# end install rp-l2tp ctl
cd –
# install xl2tpd
if [ ! -f “xl2tpd.tar.gz" ]; then
wget -c -O xl2tpd.tar.gz –secure-protocol=auto –no-check-certificate http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz
fi
tar zxvf xl2tpd.tar.gz
cd ./xl2tpd*/
make install
# end install xl2tpd
mkdir /etc/xl2tpd
if [ -f “/etc/xl2tpd/xl2tpd.conf" ]; then
mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd_bak_`date “+%Y%m%d-%H%M%S"`.conf
fi
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<
echo 0 > \$each/send_redirects
done
#echo 1 > /proc/sys/net/core/xfrm_larval_drop
EOF
chmod +x /usr/bin/zl2tpset
# setting iptables policies and save policies
service iptables start
iptables –table nat –append POSTROUTING –jump MASQUERADE
iptables -I RH-Firewall-1-INPUT -p udp -m multiport –dport 53,1701,4500,500 -j ACCEPT
service iptables save
service iptables reload
# end setting iptables policies and save policies
service ipsec restart
zl2tpset
xl2tpd
service ipsec restart
cat >>/etc/rc.local<