Linux && ubuntu 一键安装PPTP VPN
浏览数:177 /
时间:2015年06月20日
一,CentOS 6.x
#!/bin/bash -x
#
# drewsymo/VPN
#
# Installs a PPTP VPN-only system for CentOS
#
# @package VPN 2.0
# @since VPN 1.0
# @author Drew Morris
#
(
VPN_IP=`curl ipv4.icanhazip.com>/dev/null 2>&1`
VPN_USER="USERNAME"
VPN_PASS="USERPASSWD"
VPN_LOCAL="192.168.8.1"
VPN_REMOTE="192.168.8.151-200"
yum -y groupinstall "Development Tools"
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install policycoreutils policycoreutils
yum -y install ppp pptpd
yum -y update
mknod /dev/ppp c 108 0
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "1" > /proc/sys/net/ipv4/ip_forward
sed -i ‘s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g‘ /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo "localip $VPN_LOCAL" >> /etc/pptpd.conf # Local IP address of your VPN server
echo "remoteip $VPN_REMOTE" >> /etc/pptpd.conf # Scope for your home network
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd # Google DNS Primary
echo "ms-dns 209.244.0.3" >> /etc/ppp/options.pptpd # Level3 Primary
echo "ms-dns 208.67.222.222" >> /etc/ppp/options.pptpd # OpenDNS Primary
echo "$VPN_USER pptpd $VPN_PASS *" >> /etc/ppp/chap-secrets
service iptables start
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source `ifconfig | grep ‘inet addr:‘| grep -v ‘127.0.0.1‘ | cut -d: -f2 | awk ‘NR==1 { print $1}‘`
iptables -A FORWARD -p tcp --syn -s 192.168.8.0/24 -j TCPMSS --set-mss 1356
service iptables save
service iptables restart
service pptpd restart
chkconfig pptpd on
echo -e ‘\E[37;44m‘"\033[1m Installation Log: /var/log/vpn-installer.log \033[0m"
echo -e ‘\E[37;44m‘"\033[1m You can now connect to your VPN via your external IP ($VPN_IP)\033[0m"
echo -e ‘\E[37;44m‘"\033[1m Username: $VPN_USER\033[0m"
echo -e ‘\E[37;44m‘"\033[1m Password: $VPN_PASS\033[0m"
) 2>&1 | tee /var/log/vpn-installer.log备注,转发规则,如果你的服务器是云主机,
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source `ifconfig | grep ‘inet addr:‘| grep -v ‘127.0.0.1‘ | cut -d: -f2 | awk ‘NR==1 { print $1}‘`这个取值并不是你的外网ip,请直接填写即可。like this
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source 23.91.98.xx
二,ubuntu 12.xx
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export PATH
clear
CUR_DIR=$(pwd)
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this script!"
exit 1
fi
echo "#############################################################"
echo "# PPTP VPN Auto Install"
echo "# Env: Debian/Ubuntu"
echo "# Created by zombie on 2015.03.23"
echo "# Version: 1.0"
echo "#############################################################"
echo ""
apt-get -y update
apt-get -y install pptpd
cat >>/etc/pptpd.conf<<EOF
localip 10.10.10.1
remoteip 10.10.10.2-254
EOF
cp /etc/ppp/pptpd-options /etc/ppp/pptpd-options.old
cat >/etc/ppp/pptpd-options<<EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
ms-dns 209.244.0.3
ms-dns 208.67.222.222
proxyarp
debug
dump
lock
nobsdcomp
novj
novjccomp
logfile /var/log/pptpd.log
EOF
cat >>/etc/ppp/chap-secrets<<EOF
user * pwd *
EOF
sed -i ‘s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g‘ /etc/sysctl.conf
sysctl -p
iptables-save > /etc/iptables.down.rules
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j SNAT --to-source `ifconfig | grep ‘inet addr:‘| grep -v ‘127.0.0.1‘ | cut -d: -f2 | awk ‘NR==1 { print $1}‘`
#iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
iptables -A FORWARD -s 10.0.0.0/8 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
iptables-save > /etc/iptables.up.rules
cat >>/etc/ppp/pptpd-options<<EOF
pre-up iptables-restore < /etc/iptables.up.rules
post-down iptables-restore < /etc/iptables.down.rules
EOF
/etc/init.d/pptpd restart备注,如果出现619等报错,排除防火墙规则已开启相应端口的情况下,请查看/etc/ppp/pptpd-options
将 pre-up,post-down,开头字样的段落注释掉即可。
本文出自 “静如夜风” 博客,请务必保留此出处http://siliotto.blog.51cto.com/8887165/1623735
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
