Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- IPSEC_PSK=<some key>
- VPN_USER=root
- VPN_PASSWORD=<vpn pass>
- PUBLIC_IP=<your server ip>
- apt-get update
- apt-get install openswan xl2tpd ppp lsof
- iptables -t nat -A POSTROUTING -j SNAT --to-source $PUBLIC_IP -o eth+
- echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
- echo "net.ipv4.conf.all.accept_redirects = 0" | tee -a /etc/sysctl.conf
- echo "net.ipv4.conf.all.send_redirects = 0" | tee -a /etc/sysctl.conf
- echo "net.ipv4.conf.default.rp_filter = 0" | tee -a /etc/sysctl.conf
- echo "net.ipv4.conf.default.accept_source_route = 0" | tee -a /etc/sysctl.conf
- echo "net.ipv4.conf.default.send_redirects = 0" | tee -a /etc/sysctl.conf
- echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | tee -a /etc/sysctl.conf
- for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
- sysctl -p
- cat > /etc/rc.local << EOF
- iptables -t nat -A POSTROUTING -j SNAT --to-source $PUBLIC_IP -o eth+
- for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
- exit 0
- EOF
- cat > /etc/ipsec.conf <<EOF
- version 2.0
- config setup
- dumpdir=/var/run/pluto/
- nat_traversal=yes
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
- oe=off
- protostack=netkey
- nhelpers=0
- interfaces=%defaultroute
- conn vpnpsk
- connaddrfamily=ipv4
- auto=add
- left=$PUBLIC_IP
- leftprotoport=17/1701
- rightprotoport=17/%any
- right=%any
- rightsubnetwithin=0.0.0.0/0
- forceencaps=yes
- authby=secret
- pfs=no
- type=transport
- auth=esp
- ike=3des-sha1,aes-sha1
- phase2alg=3des-sha1,aes-sha1
- rekey=no
- keyingtries=5
- dpddelay=30
- dpdtimeout=120
- dpdaction=clear
- EOF
- cat > /etc/ipsec.secrets <<EOF
- $PUBLIC_IP %any : PSK "$IPSEC_PSK"
- EOF
- cat > /etc/xl2tpd/xl2tpd.conf <<EOF
- [global]
- port = 1701
- ;debug avp = yes
- ;debug network = yes
- ;debug state = yes
- ;debug tunnel = yes
- [lns default]
- ip range = 192.168.42.10-192.168.42.250
- local ip = 192.168.42.1
- require chap = yes
- refuse pap = yes
- require authentication = yes
- name = l2tpd
- ;ppp debug = yes
- pppoptfile = /etc/ppp/options.xl2tpd
- length bit = yes
- EOF
- cat > /etc/ppp/options.xl2tpd <<EOF
- ipcp-accept-local
- ipcp-accept-remote
- ms-dns 8.8.8.8
- ms-dns 8.8.4.4
- noccp
- auth
- crtscts
- idle 1800
- mtu 1280
- mru 1280
- lock
- lcp-echo-failure 10
- lcp-echo-interval 60
- connect-delay 5000
- EOF
- cat > /etc/ppp/chap-secrets <<EOF
- # Secrets for authentication using CHAP
- # client server secret IP addresses
- $VPN_USER l2tpd $VPN_PASSWORD *
- EOF
- /usr/sbin/service ipsec restart
- /usr/sbin/service xl2tpd restart
- ipsec verify
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement