配置vpn
注意,手机连接端需配置转发路线,win7需取消某一网关选项..
1.pptpd 架构 单ip vpn 配置脚本
cp -rf /etc/pptpd.conf /etc/pptpd.conf.bak cat >> /etc/pptpd.conf << EOF localip 192.168.144.1 remoteip 192.168.144.2-254 EOF
cp -rf /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak cat >> /etc/ppp/options.pptpd <<EOF ms-dns 8.8.8.8 ms-dns 8.8.4.4 EOF
cp -rf /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak cat >> /etc/ppp/chap-secrets << EOF vpn pptpd 123456 * EOF
cp -rf /etc/rc.d/rc.local /etc/rc.d/rc.local.bak cat >> /etc/rc.d/rc.local <<EOF iptables -A INPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE iptables -A INPUT -p tcp -m multiport --dport 1723 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward systemctl restart pptpd EOF
chmod +x /etc/rc.d/rc.local
iptables -A INPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j MASQUERADE iptables -A INPUT -p tcp --dport 1723 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward systemctl restart pptpd systemctl enable pptpd
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++" echo "Success! And the VPN account is:" echo "Method:PPTP" echo "User:vpn" echo "Password:123456" echo "If you want modify, with vim tool at /etc/ppp/chap-secrets" echo "Good luck!" |
2.pptpd 架构 多ip vpn 配置脚本(需手动添加,单网卡多ip配置见Linux单网卡多IP配置笔记)
cp -rf /etc/pptpd.conf /etc/pptpd.conf.bak cat >> /etc/pptpd.conf << EOF localip 192.168.144.1 remoteip 192.168.144.2-254 EOF
cp -rf /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak cat >> /etc/ppp/options.pptpd <<EOF ms-dns 8.8.8.8 ms-dns 8.8.4.4 EOF
cp -rf /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak cat >> /etc/ppp/chap-secrets << EOF vpn1 pptpd 123456 192.168.114 vpn2 pptpd 123456 192.168.115 EOF
cp -rf /etc/rc.d/rc.local /etc/rc.d/rc.local.bak cat >> /etc/rc.d/rc.local <<EOF iptables -A INPUT -p gre -j ACCEPT ########### iptables -t nat -A POSTROUTING -s 192.168.144.114 -j SNAT --to-source 10.0.57.114 iptables -t nat -A POSTROUTING -s 192.168.144.115 -j SNAT --to-source 10.0.57.115 ###### iptables -A INPUT -p tcp -m multiport --dport 1723 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward systemctl restart pptpd EOF
chmod +x /etc/rc.d/rc.local
iptables -A INPUT -p gre -j ACCEPT ########### iptables -t nat -A POSTROUTING -s 192.168.144.0/24 -j SNAT --to-source 10.0.57.114 iptables -t nat -A POSTROUTING -s 192.168.145.0/24 -j SNAT --to-source 10.0.57.115 ###### iptables -A INPUT -p tcp --dport 1723 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward systemctl restart pptpd systemctl enable pptpd
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++" echo "Success! And the VPN account is:" echo "Method:PPTP" echo "User:vpn" echo "Password:123456" echo "If you want modify, with vim tool at /etc/ppp/chap-secrets" echo "Good luck!" |
3.ipsec PSK 单ip配置
#VPN 账号 vpn_name="vpn"
#VPN 密码 vpn_password="123456"
#设置 PSK 预共享密钥 psk_password="0000"
#获取公网IP ip=`ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` if [ ! -n "$ip" ]; then ip=`ifconfig | grep 'inet' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $2}'` fi
#备份 /etc/ipsec.conf 文件 ipsec_conf="/etc/ipsec.conf" if [ -f $ipsec_conf ]; then cp $ipsec_conf $ipsec_conf.bak fi echo " version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey
conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=$ip leftprotoport=17/1701 right=%any rightprotoport=17/%any dpddelay=40 dpdtimeout=130 dpdaction=clear " > $ipsec_conf
#备份 /etc/ipsec.secrets 文件 ipsec_secrets="/etc/ipsec.secrets" if [ -f $ipsec_secrets ]; then cp $ipsec_secrets $ipsec_secrets.bak fi echo " $ip %any: PSK \"$psk_password\" " >> $ipsec_secrets
#备份 /etc/sysctl.conf 文件 sysctl_conf="/etc/sysctl.conf" if [ -f $sysctl_conf ]; then cp $sysctl_conf $sysctl_conf.bak fi
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf sysctl -p iptables --table nat --append POSTROUTING --jump MASQUERADE for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done
service ipsec restart xl2tpd="/etc/xl2tpd/xl2tpd.conf" if [ -f $xl2tpd ]; then cp $xl2tpd $xl2tpd.bak fi echo " [global] ipsec saref = yes
[lns default] ip range = 10.1.2.2-10.1.2.255 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes " > $xl2tpd
#设置 ppp options_xl2tpd="/etc/ppp/options.xl2tpd" if [ -f $options_xl2tpd ]; then cp $options_xl2tpd $options_xl2tpd.bak fi echo " require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 " > $options_xl2tpd
#添加 VPN 账号 chap_secrets="/etc/ppp/chap-secrets" if [ -f $chap_secrets ]; then cp $chap_secrets $chap_secrets.bak fi echo " $vpn_name * $vpn_password * " >> $chap_secrets
#设置 iptables 的数据包转发 iptables --table nat --append POSTROUTING --jump MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
screen -dmS xl2tpd xl2tpd -D
ipsec verify
echo "###########################################" echo "## L2TP VPN SETUP COMPLETE!" echo "## VPN IP : $ip" echo "## VPN USER : $vpn_name" echo "## VPN PASSWORD : $vpn_password" echo "## VPN PSK : $psk_password" echo "###########################################" |
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
