Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #usage:
- # install_l2tp.sh <L2TP_SERVER> <SHARED_SECRET> <USERNAME> <PASSWORD>
- set -e
- L2TP_SERVER=${1}
- SHARED_SECRET=${2}
- USERNAME=${3}
- PASSWORD=${4}
- apt-get install openswan xl2tpd
- echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
- echo "net.ipv4.conf.all.accept_redirects = 0" >>/etc/sysctl.conf
- echo "net.ipv4.conf.all.send_redirects = 0" >>/etc/sysctl.conf
- echo "net.ipv4.conf.default.rp_filter = 0" >>/etc/sysctl.conf
- echo "net.ipv4.conf.default.accept_source_route = 0" >>/etc/sysctl.conf
- echo "net.ipv4.conf.default.send_redirects = 0" >>/etc/sysctl.conf
- echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >>/etc/sysctl.conf
- for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
- sysctl -p
- cat > /etc/ipsec.conf << EOF
- config setup
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
- nat_traversal=yes
- protostack=netkey
- oe=off
- plutoopts="--interface=eth0"
- conn L2TP-PSK
- authby=secret
- pfs=no
- auto=add
- keyingtries=3
- dpddelay=30
- dpdtimeout=120
- dpdaction=clear
- rekey=yes
- ikelifetime=8h
- keylife=1h
- type=transport
- left=%defaultroute
- leftnexthop=%defaultroute
- leftprotoport=17/1701
- right=${L2TP_SERVER}
- rightid=10.0.1.11
- EOF
- echo "0.0.0.0 ${L2TP_SERVER}: PSK \"${SHARED_SECRET}\"" >/var/lib/openswan/ipsec.secrets.inc
- cat >/etc/xl2tpd/xl2tpd.conf << EOF
- [lac vpn-connection]
- lns = ${L2TP_SERVER}
- pppoptfile = /etc/ppp/options.l2tpd.client
- length bit = yes
- EOF
- cat >/etc/ppp/options.l2tpd.client << EOF
- ipcp-accept-local
- ipcp-accept-remote
- refuse-eap
- require-mschap-v2
- noccp
- noauth
- idle 1800
- mtu 1410
- mru 1410
- defaultroute
- connect-delay 5000
- name ${USERNAME}
- password ${PASSWORD}
- EOF
- mkdir -p /var/run/xl2tpd
- touch /var/run/xl2tpd/l2tp-control
- cat >> /etc/ppp/ip-up <<EOF
- route add -net 10.0.1.0/24 dev \${PPP_IFACE}
- route add -net 10.0.2.0/24 dev \${PPP_IFACE}
- route add -net 10.0.3.0/24 dev \${PPP_IFACE}
- route add -net 10.0.4.0/24 dev \${PPP_IFACE}
- EOF
- cat >/etc/rc.vpn.start << EOF
- #!/bin/sh
- service ipsec restart
- service xl2tpd restart
- ipsec auto --up L2TP-PSK
- echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
- EOF
- cat >/etc/rc.vpn.stop << EOF
- #!/bin/sh
- service ipsec stop
- service xl2tpd stop
- EOF
- chmod +x /etc/rc.vpn.start
- chmod +x /etc/rc.vpn.stop
- /etc/rc.vpn.start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement