API tools faq
paste
Advertisement
Guest User

vpn.sh

a guest
Oct 15th, 2017
928
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.65 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3.  
  4. IPSEC_PSK=<some key>
  5. VPN_USER=root
  6. VPN_PASSWORD=<vpn pass>
  7.  
  8. PUBLIC_IP=<your server ip>
  9.  
  10. apt-get update
  11. apt-get install openswan xl2tpd ppp lsof
  12.  
  13. iptables -t nat -A POSTROUTING -j SNAT --to-source $PUBLIC_IP -o eth+
  14. echo "net.ipv4.ip_forward = 1" |  tee -a /etc/sysctl.conf
  15. echo "net.ipv4.conf.all.accept_redirects = 0" |  tee -a /etc/sysctl.conf
  16. echo "net.ipv4.conf.all.send_redirects = 0" |  tee -a /etc/sysctl.conf
  17. echo "net.ipv4.conf.default.rp_filter = 0" |  tee -a /etc/sysctl.conf
  18. echo "net.ipv4.conf.default.accept_source_route = 0" |  tee -a /etc/sysctl.conf
  19. echo "net.ipv4.conf.default.send_redirects = 0" |  tee -a /etc/sysctl.conf
  20. echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" |  tee -a /etc/sysctl.conf
  21. for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
  22. sysctl -p
  23.  
  24. cat > /etc/rc.local << EOF
  25. iptables -t nat -A POSTROUTING -j SNAT --to-source $PUBLIC_IP -o eth+
  26. for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
  27. exit 0
  28. EOF
  29.  
  30.  
  31. cat > /etc/ipsec.conf <<EOF
  32. version 2.0
  33.  
  34. config setup
  35.   dumpdir=/var/run/pluto/
  36.   nat_traversal=yes
  37.   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
  38.   oe=off
  39.   protostack=netkey
  40.   nhelpers=0
  41.   interfaces=%defaultroute
  42.  
  43. conn vpnpsk
  44.   connaddrfamily=ipv4
  45.   auto=add
  46.   left=$PUBLIC_IP
  47.   leftprotoport=17/1701
  48.   rightprotoport=17/%any
  49.   right=%any
  50.   rightsubnetwithin=0.0.0.0/0
  51.   forceencaps=yes
  52.   authby=secret
  53.   pfs=no
  54.   type=transport
  55.   auth=esp
  56.   ike=3des-sha1,aes-sha1
  57.   phase2alg=3des-sha1,aes-sha1
  58.   rekey=no
  59.   keyingtries=5
  60.   dpddelay=30
  61.   dpdtimeout=120
  62.   dpdaction=clear
  63. EOF
  64.  
  65. cat > /etc/ipsec.secrets <<EOF
  66. $PUBLIC_IP  %any  : PSK "$IPSEC_PSK"
  67. EOF
  68.  
  69. cat > /etc/xl2tpd/xl2tpd.conf <<EOF
  70. [global]
  71. port = 1701
  72.  
  73. ;debug avp = yes
  74. ;debug network = yes
  75. ;debug state = yes
  76. ;debug tunnel = yes
  77.  
  78. [lns default]
  79. ip range = 192.168.42.10-192.168.42.250
  80. local ip = 192.168.42.1
  81. require chap = yes
  82. refuse pap = yes
  83. require authentication = yes
  84. name = l2tpd
  85. ;ppp debug = yes
  86. pppoptfile = /etc/ppp/options.xl2tpd
  87. length bit = yes
  88. EOF
  89.  
  90. cat > /etc/ppp/options.xl2tpd <<EOF
  91. ipcp-accept-local
  92. ipcp-accept-remote
  93. ms-dns 8.8.8.8
  94. ms-dns 8.8.4.4
  95. noccp
  96. auth
  97. crtscts
  98. idle 1800
  99. mtu 1280
  100. mru 1280
  101. lock
  102. lcp-echo-failure 10
  103. lcp-echo-interval 60
  104. connect-delay 5000
  105. EOF
  106.  
  107. cat > /etc/ppp/chap-secrets <<EOF
  108. # Secrets for authentication using CHAP
  109. # client  server  secret  IP addresses
  110.  
  111. $VPN_USER  l2tpd  $VPN_PASSWORD  *
  112. EOF
  113.  
  114. /usr/sbin/service ipsec restart
  115. /usr/sbin/service xl2tpd restart
  116.  
  117. ipsec verify
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!