API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 1st, 2016
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.32 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. #usage:
  4. # install_l2tp.sh <L2TP_SERVER> <SHARED_SECRET> <USERNAME> <PASSWORD>
  5. set -e
  6.  
  7. L2TP_SERVER=${1}
  8. SHARED_SECRET=${2}
  9. USERNAME=${3}
  10. PASSWORD=${4}
  11.  
  12. apt-get install openswan xl2tpd
  13.  
  14. echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
  15. echo "net.ipv4.conf.all.accept_redirects = 0" >>/etc/sysctl.conf
  16. echo "net.ipv4.conf.all.send_redirects = 0" >>/etc/sysctl.conf
  17. echo "net.ipv4.conf.default.rp_filter = 0" >>/etc/sysctl.conf
  18. echo "net.ipv4.conf.default.accept_source_route = 0" >>/etc/sysctl.conf
  19. echo "net.ipv4.conf.default.send_redirects = 0" >>/etc/sysctl.conf
  20. echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >>/etc/sysctl.conf
  21.  
  22. for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
  23. sysctl -p
  24.  
  25. cat > /etc/ipsec.conf << EOF
  26. config setup
  27. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  28. nat_traversal=yes
  29. protostack=netkey
  30. oe=off
  31. plutoopts="--interface=eth0"
  32. conn L2TP-PSK
  33. authby=secret
  34. pfs=no
  35. auto=add
  36. keyingtries=3
  37. dpddelay=30
  38. dpdtimeout=120
  39. dpdaction=clear
  40. rekey=yes
  41. ikelifetime=8h
  42. keylife=1h
  43. type=transport
  44. left=%defaultroute
  45. leftnexthop=%defaultroute
  46. leftprotoport=17/1701
  47. right=${L2TP_SERVER}
  48. rightid=10.0.1.11
  49. EOF
  50.  
  51. echo "0.0.0.0 ${L2TP_SERVER}: PSK \"${SHARED_SECRET}\"" >/var/lib/openswan/ipsec.secrets.inc
  52.  
  53. cat >/etc/xl2tpd/xl2tpd.conf << EOF
  54. [lac vpn-connection]
  55. lns = ${L2TP_SERVER}
  56. pppoptfile = /etc/ppp/options.l2tpd.client
  57. length bit = yes
  58. EOF
  59.  
  60. cat >/etc/ppp/options.l2tpd.client << EOF
  61. ipcp-accept-local
  62. ipcp-accept-remote
  63. refuse-eap
  64. require-mschap-v2
  65. noccp
  66. noauth
  67. idle 1800
  68. mtu 1410
  69. mru 1410
  70. defaultroute
  71. connect-delay 5000
  72. name ${USERNAME}
  73. password ${PASSWORD}
  74. EOF
  75.  
  76. mkdir -p /var/run/xl2tpd
  77. touch /var/run/xl2tpd/l2tp-control
  78.  
  79. cat >> /etc/ppp/ip-up <<EOF
  80. route add -net 10.0.1.0/24 dev \${PPP_IFACE}
  81. route add -net 10.0.2.0/24 dev \${PPP_IFACE}
  82. route add -net 10.0.3.0/24 dev \${PPP_IFACE}
  83. route add -net 10.0.4.0/24 dev \${PPP_IFACE}
  84. EOF
  85.  
  86. cat >/etc/rc.vpn.start << EOF
  87. #!/bin/sh
  88. service ipsec restart
  89. service xl2tpd restart
  90. ipsec auto --up L2TP-PSK
  91. echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
  92. EOF
  93.  
  94. cat >/etc/rc.vpn.stop << EOF
  95. #!/bin/sh
  96. service ipsec stop
  97. service xl2tpd stop
  98. EOF
  99.  
  100. chmod +x /etc/rc.vpn.start
  101. chmod +x /etc/rc.vpn.stop
  102.  
  103. /etc/rc.vpn.start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!