centos7安装L2TP服务端

admin

https://blog.csdn.net/kxwinxp/article/details/78764013   #一键脚本  用这个试试 https://github.com/teddysun/across

用这个的一键脚本  

非常简单



至于linux怎么当客户端还在找

admin

WIN10连接方法
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent下新建“AllowL2TPWeakCrypto”，然后把值改成“1”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent 在这个位置新建一个DWORD类型，名为AssumeUDPEncapsulationContextOnSendRule的键，将值修改为2 。

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Paramete新建ProhibitIpSec，然后然后创建DWORD值为1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Paramete下找到“AllowL2TPWeakCrypto”，然后把值改成“1”


安卓和ios都正常使用就行了

admin

iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

admin

1. #!/usr/bin/env bash
   
2. PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
   
3. export PATH
   
4. #=======================================================================#
   
5. #   System Supported:  CentOS 6+ / Debian 7+ / Ubuntu 12+               #
   
6. #   Description: L2TP VPN Auto Installer                                #
   
7. #   Author: Teddysun <i@teddysun.com>                                   #
   
8. #   Intro:  https://teddysun.com/448.html                               #
   
9. #=======================================================================#
   
10. cur_dir=`pwd`
    
11. 
    
12. libreswan_filename="libreswan-3.20"
    
13. download_root_url="http://dl.teddysun.com/files"
    
14. 
    
15. rootness(){
    
16.     if [[ $EUID -ne 0 ]]; then
    
17.        echo "Error:This script must be run as root!" 1>&2
    
18.        exit 1
    
19.     fi
    
20. }
    
21. 
    
22. tunavailable(){
    
23.     if [[ ! -e /dev/net/tun ]]; then
    
24.         echo "Error:TUN/TAP is not available!" 1>&2
    
25.         exit 1
    
26.     fi
    
27. }
    
28. 
    
29. disable_selinux(){
    
30. if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
    
31.     sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    
32.     setenforce 0
    
33. fi
    
34. }
    
35. 
    
36. get_opsy(){
    
37.     [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
    
38.     [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
    
39.     [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
    
40. }
    
41. 
    
42. get_os_info(){
    
43.     IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
    
44.     [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
    
45. 
    
46.     local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
    
47.     local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )
    
48.     local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
    
49.     local tram=$( free -m | awk '/Mem/ {print $2}' )
    
50.     local swap=$( free -m | awk '/Swap/ {print $2}' )
    
51.     local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime )
    
52.     local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' )
    
53.     local opsy=$( get_opsy )
    
54.     local arch=$( uname -m )
    
55.     local lbit=$( getconf LONG_BIT )
    
56.     local host=$( hostname )
    
57.     local kern=$( uname -r )
    
58. 
    
59.     echo "########## System Information ##########"
    
60.     echo
    
61.     echo "CPU model            : ${cname}"
    
62.     echo "Number of cores      : ${cores}"
    
63.     echo "CPU frequency        : ${freq} MHz"
    
64.     echo "Total amount of ram  : ${tram} MB"
    
65.     echo "Total amount of swap : ${swap} MB"
    
66.     echo "System uptime        : ${up}"
    
67.     echo "Load average         : ${load}"
    
68.     echo "OS                   : ${opsy}"
    
69.     echo "Arch                 : ${arch} (${lbit} Bit)"
    
70.     echo "Kernel               : ${kern}"
    
71.     echo "Hostname             : ${host}"
    
72.     echo "IPv4 address         : ${IP}"
    
73.     echo
    
74.     echo "########################################"
    
75. }
    
76. 
    
77. check_sys(){
    
78.     local checkType=$1
    
79.     local value=$2
    
80. 
    
81.     local release=''
    
82.     local systemPackage=''
    
83. 
    
84.     if [[ -f /etc/redhat-release ]]; then
    
85.         release="centos"
    
86.         systemPackage="yum"
    
87.     elif cat /etc/issue | grep -Eqi "debian"; then
    
88.         release="debian"
    
89.         systemPackage="apt"
    
90.     elif cat /etc/issue | grep -Eqi "ubuntu"; then
    
91.         release="ubuntu"
    
92.         systemPackage="apt"
    
93.     elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
    
94.         release="centos"
    
95.         systemPackage="yum"
    
96.     elif cat /proc/version | grep -Eqi "debian"; then
    
97.         release="debian"
    
98.         systemPackage="apt"
    
99.     elif cat /proc/version | grep -Eqi "ubuntu"; then
    
100.         release="ubuntu"
     
101.         systemPackage="apt"
     
102.     elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
     
103.         release="centos"
     
104.         systemPackage="yum"
     
105.     fi
     
106. 
     
107.     if [[ ${checkType} == "sysRelease" ]]; then
     
108.         if [ "$value" == "$release" ];then
     
109.             return 0
     
110.         else
     
111.             return 1
     
112.         fi
     
113.     elif [[ ${checkType} == "packageManager" ]]; then
     
114.         if [ "$value" == "$systemPackage" ];then
     
115.             return 0
     
116.         else
     
117.             return 1
     
118.         fi
     
119.     fi
     
120. }
     
121. 
     
122. rand(){
     
123.     index=0
     
124.     str=""
     
125.     for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
     
126.     for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
     
127.     for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done
     
128.     for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done
     
129.     echo ${str}
     
130. }
     
131. 
     
132. is_64bit(){
     
133.     if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then
     
134.         return 0
     
135.     else
     
136.         return 1
     
137.     fi
     
138. }
     
139. 
     
140. download_file(){
     
141.     if [ -s ${1} ]; then
     
142.         echo "$1 [found]"
     
143.     else
     
144.         echo "$1 not found!!!download now..."
     
145.         if ! wget -c -t3 -T60 ${download_root_url}/${1}; then
     
146.             echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again."
     
147.             exit 1
     
148.         fi
     
149.     fi
     
150. }
     
151. 
     
152. versionget(){
     
153.     if [[ -s /etc/redhat-release ]];then
     
154.         grep -oE  "[0-9.]+" /etc/redhat-release
     
155.     else
     
156.         grep -oE  "[0-9.]+" /etc/issue
     
157.     fi
     
158. }
     
159. 
     
160. centosversion(){
     
161.     if check_sys sysRelease centos;then
     
162.         local code=${1}
     
163.         local version="`versionget`"
     
164.         local main_ver=${version%%.*}
     
165.         if [ "${main_ver}" == "${code}" ];then
     
166.             return 0
     
167.         else
     
168.             return 1
     
169.         fi
     
170.     else
     
171.         return 1
     
172.     fi
     
173. }
     
174. 
     
175. debianversion(){
     
176.     if check_sys sysRelease debian;then
     
177.         local version=$( get_opsy )
     
178.         local code=${1}
     
179.         local main_ver=$( echo ${version} | sed 's/[^0-9]//g')
     
180.         if [ "${main_ver}" == "${code}" ];then
     
181.             return 0
     
182.         else
     
183.             return 1
     
184.         fi
     
185.     else
     
186.         return 1
     
187.     fi
     
188. }
     
189. 
     
190. version_check(){
     
191.     if check_sys packageManager yum; then
     
192.         if centosversion 5; then
     
193.             echo "Error: CentOS 5 is not supported, Please re-install OS and try again."
     
194.             exit 1
     
195.         fi
     
196.     fi
     
197. }
     
198. 
     
199. get_char(){
     
200.     SAVEDSTTY=`stty -g`
     
201.     stty -echo
     
202.     stty cbreak
     
203.     dd if=/dev/tty bs=1 count=1 2> /dev/null
     
204.     stty -raw
     
205.     stty echo
     
206.     stty $SAVEDSTTY
     
207. }
     
208. 
     
209. preinstall_l2tp(){
     
210. 
     
211.     echo
     
212.     if [ -d "/proc/vz" ]; then
     
213.         echo -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel."
     
214.         echo "Continue installation? (y/n)"
     
215.         read -p "(Default: n)" agree
     
216.         [ -z ${agree} ] && agree="n"
     
217.         if [ "${agree}" == "n" ]; then
     
218.             echo
     
219.             echo "L2TP installation cancelled."
     
220.             echo
     
221.             exit 0
     
222.         fi
     
223.     fi
     
224.     echo
     
225.     echo "Please enter IP-Range:"
     
226.     read -p "(Default Range: 192.168.18):" iprange
     
227.     [ -z ${iprange} ] && iprange="192.168.18"
     
228. 
     
229.     echo "Please enter PSK:"
     
230.     read -p "(Default PSK: teddysun.com):" mypsk
     
231.     [ -z ${mypsk} ] && mypsk="teddysun.com"
     
232. 
     
233.     echo "Please enter Username:"
     
234.     read -p "(Default Username: teddysun):" username
     
235.     [ -z ${username} ] && username="teddysun"
     
236. 
     
237.     password=`rand`
     
238.     echo "Please enter ${username}'s password:"
     
239.     read -p "(Default Password: ${password}):" tmppassword
     
240.     [ ! -z ${tmppassword} ] && password=${tmppassword}
     
241. 
     
242.     echo
     
243.     echo "ServerIP:${IP}"
     
244.     echo "Server Local IP:${iprange}.1"
     
245.     echo "Client Remote IP Range:${iprange}.2-${iprange}.254"
     
246.     echo "PSK:${mypsk}"
     
247.     echo
     
248.     echo "Press any key to start... or press Ctrl + C to cancel."
     
249.     char=`get_char`
     
250. 
     
251. }
     
252. 
     
253. install_l2tp(){
     
254. 
     
255.     mknod /dev/random c 1 9
     
256. 
     
257.     if check_sys packageManager apt; then
     
258.         apt-get -y update
     
259. 
     
260.         if debianversion 7; then
     
261.             if is_64bit; then
     
262.                 local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb"
     
263.                 local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb"
     
264.                 local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb"
     
265.                 local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb"
     
266.                 local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb"
     
267.                 local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb"
     
268.                 local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb"
     
269.                 local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb"
     
270.                 local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb"
     
271.             else
     
272.                 local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb"
     
273.                 local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb"
     
274.                 local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb"
     
275.                 local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb"
     
276.                 local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb"
     
277.                 local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb"
     
278.                 local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb"
     
279.                 local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb"
     
280.                 local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb"
     
281.             fi
     
282.             rm -rf ${cur_dir}/l2tp
     
283.             mkdir -p ${cur_dir}/l2tp
     
284.             cd ${cur_dir}/l2tp
     
285.             download_file "${libnspr4_filename1}"
     
286.             download_file "${libnspr4_filename2}"
     
287.             download_file "${libnspr4_filename3}"
     
288.             download_file "${libnspr4_filename4}"
     
289.             download_file "${libnss3_filename1}"
     
290.             download_file "${libnss3_filename2}"
     
291.             download_file "${libnss3_filename3}"
     
292.             download_file "${libnss3_filename4}"
     
293.             download_file "${libnss3_filename5}"
     
294.             dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4}
     
295.             dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5}
     
296. 
     
297.             apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \
     
298.                                libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev
     
299.         else
     
300.             apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \
     
301.                                libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \
     
302.                                libevent-dev libcurl4-nss-dev libsystemd-dev
     
303.         fi
     
304.         apt-get -y --no-install-recommends install xmlto
     
305.         apt-get -y install xl2tpd
     
306. 
     
307.         compile_install
     
308.     elif check_sys packageManager yum; then
     
309.         echo "Adding the EPEL repository..."
     
310.         yum -y install epel-release yum-utils
     
311.         [ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1
     
312.         yum-config-manager --enable epel
     
313.         echo "Adding the EPEL repository complete..."
     
314. 
     
315.         if centosversion 7; then
     
316.             yum -y install ppp libreswan xl2tpd firewalld
     
317.             yum_install
     
318.         elif centosversion 6; then
     
319.             yum -y remove libevent-devel
     
320.             yum -y install libevent2-devel
     
321.             yum -y install nss-devel nspr-devel pkgconfig pam-devel \
     
322.                            libcap-ng-devel libselinux-devel lsof \
     
323.                            curl-devel flex bison gcc ppp make iptables gmp-devel \
     
324.                            fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd
     
325. 
     
326.             compile_install
     
327.         fi
     
328.     fi
     
329. 
     
330. }
     
331. 
     
332. config_install(){
     
333. 
     
334.     cat > /etc/ipsec.conf<<EOF
     
335. version 2.0
     
336. 
     
337. config setup
     
338.     protostack=netkey
     
339.     nhelpers=0
     
340.     uniqueids=no
     
341.     interfaces=%defaultroute
     
342.     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${iprange}.0/24
     
343. 
     
344. conn l2tp-psk
     
345.     rightsubnet=vhost:%priv
     
346.     also=l2tp-psk-nonat
     
347. 
     
348. conn l2tp-psk-nonat
     
349.     authby=secret
     
350.     pfs=no
     
351.     auto=add
     
352.     keyingtries=3
     
353.     rekey=no
     
354.     ikelifetime=8h
     
355.     keylife=1h
     
356.     type=transport
     
357.     left=%defaultroute
     
358.     leftid=${IP}
     
359.     leftprotoport=17/1701
     
360.     right=%any
     
361.     rightprotoport=17/%any
     
362.     dpddelay=40
     
363.     dpdtimeout=130
     
364.     dpdaction=clear
     
365.     sha2-truncbug=yes
     
366. EOF
     
367. 
     
368.     cat > /etc/ipsec.secrets<<EOF
     
369. %any %any : PSK "${mypsk}"
     
370. EOF
     
371. 
     
372.     cat > /etc/xl2tpd/xl2tpd.conf<<EOF
     
373. [global]
     
374. port = 1701
     
375. 
     
376. [lns default]
     
377. ip range = ${iprange}.2-${iprange}.254
     
378. local ip = ${iprange}.1
     
379. require chap = yes
     
380. refuse pap = yes
     
381. require authentication = yes
     
382. name = l2tpd
     
383. ppp debug = yes
     
384. pppoptfile = /etc/ppp/options.xl2tpd
     
385. length bit = yes
     
386. EOF
     
387. 
     
388.     cat > /etc/ppp/options.xl2tpd<<EOF
     
389. ipcp-accept-local
     
390. ipcp-accept-remote
     
391. require-mschap-v2
     
392. ms-dns 8.8.8.8
     
393. ms-dns 8.8.4.4
     
394. noccp
     
395. auth
     
396. hide-password
     
397. idle 1800
     
398. mtu 1410
     
399. mru 1410
     
400. nodefaultroute
     
401. debug
     
402. proxyarp
     
403. connect-delay 5000
     
404. EOF
     
405. 
     
406.     rm -f /etc/ppp/chap-secrets
     
407.     cat > /etc/ppp/chap-secrets<<EOF
     
408. # Secrets for authentication using CHAP
     
409. # client    server    secret    IP addresses
     
410. ${username}    l2tpd    ${password}       *
     
411. EOF
     
412. 
     
413. }
     
414. 
     
415. compile_install(){
     
416. 
     
417.     rm -rf ${cur_dir}/l2tp
     
418.     mkdir -p ${cur_dir}/l2tp
     
419.     cd ${cur_dir}/l2tp
     
420.     download_file "${libreswan_filename}.tar.gz"
     
421.     tar -zxf ${libreswan_filename}.tar.gz
     
422. 
     
423.     cd ${cur_dir}/l2tp/${libreswan_filename}
     
424.     echo "WERROR_CFLAGS =" > Makefile.inc.local
     
425.     make programs && make install
     
426. 
     
427.     /usr/local/sbin/ipsec --version >/dev/null 2>&1
     
428.     if [ $? -ne 0 ]; then
     
429.         echo "${libreswan_filename} install failed."
     
430.         exit 1
     
431.     fi
     
432. 
     
433.     config_install
     
434. 
     
435.     cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
     
436. 
     
437.     sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
     
438. 
     
439.     for each in `ls /proc/sys/net/ipv4/conf/`; do
     
440.         echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
     
441.         echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
     
442.         echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
     
443.         echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
     
444.     done
     
445.     sysctl -p
     
446. 
     
447.     if centosversion 6; then
     
448.         [ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d`
     
449. 
     
450.         if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
     
451.             cat > /etc/sysconfig/iptables <<EOF
     
452. # Added by L2TP VPN script
     
453. *filter
     
454. :INPUT ACCEPT [0:0]
     
455. :FORWARD ACCEPT [0:0]
     
456. :OUTPUT ACCEPT [0:0]
     
457. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
     
458. -A INPUT -p icmp -j ACCEPT
     
459. -A INPUT -i lo -j ACCEPT
     
460. -A INPUT -p tcp --dport 22 -j ACCEPT
     
461. -A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
     
462. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
     
463. -A FORWARD -s ${iprange}.0/24  -j ACCEPT
     
464. COMMIT
     
465. *nat
     
466. :PREROUTING ACCEPT [0:0]
     
467. :OUTPUT ACCEPT [0:0]
     
468. :POSTROUTING ACCEPT [0:0]
     
469. -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
     
470. COMMIT
     
471. EOF
     
472.         else
     
473.             iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
     
474.             iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
     
475.             iptables -I FORWARD -s ${iprange}.0/24  -j ACCEPT
     
476.             iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
     
477.             /etc/init.d/iptables save
     
478.         fi
     
479. 
     
480.         if [ ! -f /etc/ipsec.d/cert9.db ]; then
     
481.            echo > /var/tmp/libreswan-nss-pwd
     
482.            certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
     
483.            rm -f /var/tmp/libreswan-nss-pwd
     
484.         fi
     
485. 
     
486.         chkconfig --add iptables
     
487.         chkconfig iptables on
     
488.         chkconfig --add ipsec
     
489.         chkconfig ipsec on
     
490.         chkconfig --add xl2tpd
     
491.         chkconfig xl2tpd on
     
492. 
     
493.         /etc/init.d/iptables restart
     
494.         /etc/init.d/ipsec start
     
495.         /etc/init.d/xl2tpd start
     
496. 
     
497.     else
     
498.         [ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d`
     
499. 
     
500.         if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
     
501.             cat > /etc/iptables.rules <<EOF
     
502. # Added by L2TP VPN script
     
503. *filter
     
504. :INPUT ACCEPT [0:0]
     
505. :FORWARD ACCEPT [0:0]
     
506. :OUTPUT ACCEPT [0:0]
     
507. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
     
508. -A INPUT -p icmp -j ACCEPT
     
509. -A INPUT -i lo -j ACCEPT
     
510. -A INPUT -p tcp --dport 22 -j ACCEPT
     
511. -A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
     
512. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
     
513. -A FORWARD -s ${iprange}.0/24  -j ACCEPT
     
514. COMMIT
     
515. *nat
     
516. :PREROUTING ACCEPT [0:0]
     
517. :OUTPUT ACCEPT [0:0]
     
518. :POSTROUTING ACCEPT [0:0]
     
519. -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
     
520. COMMIT
     
521. EOF
     
522.         else
     
523.             iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
     
524.             iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
     
525.             iptables -I FORWARD -s ${iprange}.0/24  -j ACCEPT
     
526.             iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
     
527.             /sbin/iptables-save > /etc/iptables.rules
     
528.         fi
     
529. 
     
530.         cat > /etc/network/if-up.d/iptables <<EOF
     
531. #!/bin/sh
     
532. /sbin/iptables-restore < /etc/iptables.rules
     
533. EOF
     
534.         chmod +x /etc/network/if-up.d/iptables
     
535. 
     
536.         if [ ! -f /etc/ipsec.d/cert9.db ]; then
     
537.            echo > /var/tmp/libreswan-nss-pwd
     
538.            certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
     
539.            rm -f /var/tmp/libreswan-nss-pwd
     
540.         fi
     
541. 
     
542.         update-rc.d -f xl2tpd defaults
     
543. 
     
544.         cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d`
     
545.         sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
     
546.         cat >> /etc/rc.local <<EOF
     
547. 
     
548. # Added by L2TP VPN script
     
549. echo 1 > /proc/sys/net/ipv4/ip_forward
     
550. /usr/sbin/service ipsec start
     
551. exit 0
     
552. EOF
     
553.         chmod +x /etc/rc.local
     
554.         echo 1 > /proc/sys/net/ipv4/ip_forward
     
555. 
     
556.         /sbin/iptables-restore < /etc/iptables.rules
     
557.         /usr/sbin/service ipsec start
     
558.         /usr/sbin/service xl2tpd restart
     
559. 
     
560.     fi
     
561. 
     
562. }
     
563. 
     
564. yum_install(){
     
565. 
     
566.     config_install
     
567. 
     
568.     cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
     
569. 
     
570.     echo "# Added by L2TP VPN" >> /etc/sysctl.conf
     
571.     echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
     
572.     echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
     
573.     echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf
     
574.     echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf
     
575. 
     
576.     for each in `ls /proc/sys/net/ipv4/conf/`; do
     
577.         echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
     
578.         echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
     
579.         echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
     
580.         echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
     
581.     done
     
582.     sysctl -p
     
583. 
     
584.     cat > /etc/firewalld/services/xl2tpd.xml<<EOF
     
585. <?xml version="1.0" encoding="utf-8"?>
     
586. <service>
     
587.   <short>xl2tpd</short>
     
588.   <description>L2TP IPSec</description>
     
589.   <port protocol="udp" port="4500"/>
     
590.   <port protocol="udp" port="1701"/>
     
591. </service>
     
592. EOF
     
593.     chmod 640 /etc/firewalld/services/xl2tpd.xml
     
594. 
     
595.     systemctl enable ipsec
     
596.     systemctl enable xl2tpd
     
597.     systemctl enable firewalld
     
598. 
     
599.     systemctl status firewalld > /dev/null 2>&1
     
600.     if [ $? -eq 0 ]; then
     
601.         firewall-cmd --reload
     
602.         echo "Checking firewalld status..."
     
603.         firewall-cmd --list-all
     
604.         echo "add firewalld rules..."
     
605.         firewall-cmd --permanent --add-service=ipsec
     
606.         firewall-cmd --permanent --add-service=xl2tpd
     
607.         firewall-cmd --permanent --add-masquerade
     
608.         firewall-cmd --reload
     
609.     else
     
610.         echo "Firewalld looks like not running, trying to start..."
     
611.         systemctl start firewalld
     
612.         if [ $? -eq 0 ]; then
     
613.             echo "Firewalld start successfully..."
     
614.             firewall-cmd --reload
     
615.             echo "Checking firewalld status..."
     
616.             firewall-cmd --list-all
     
617.             echo "adding firewalld rules..."
     
618.             firewall-cmd --permanent --add-service=ipsec
     
619.             firewall-cmd --permanent --add-service=xl2tpd
     
620.             firewall-cmd --permanent --add-masquerade
     
621.             firewall-cmd --reload
     
622.         else
     
623.             echo "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary."
     
624.         fi
     
625.     fi
     
626. 
     
627.     systemctl restart ipsec
     
628.     systemctl restart xl2tpd
     
629.     echo "Checking ipsec status..."
     
630.     systemctl -a | grep ipsec
     
631.     echo "Checking xl2tpd status..."
     
632.     systemctl -a | grep xl2tpd
     
633.     echo "Checking firewalld status..."
     
634.     firewall-cmd --list-all
     
635. 
     
636. }
     
637. 
     
638. finally(){
     
639. 
     
640.     cd ${cur_dir}
     
641.     rm -fr ${cur_dir}/l2tp
     
642.     # create l2tp command
     
643.     cp -f ${cur_dir}/`basename $0` /usr/bin/l2tp
     
644. 
     
645.     echo "Please wait a moment..."
     
646.     sleep 5
     
647.     ipsec verify
     
648.     echo
     
649.     echo "###############################################################"
     
650.     echo "# L2TP VPN Auto Installer                                     #"
     
651.     echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+        #"
     
652.     echo "# Intro: https://teddysun.com/448.html                        #"
     
653.     echo "# Author: Teddysun <i@teddysun.com>                           #"
     
654.     echo "###############################################################"
     
655.     echo "If there is no [FAILED] above, you can connect to your L2TP "
     
656.     echo "VPN Server with the default Username/Password is below:"
     
657.     echo
     
658.     echo "Server IP: ${IP}"
     
659.     echo "PSK      : ${mypsk}"
     
660.     echo "Username : ${username}"
     
661.     echo "Password : ${password}"
     
662.     echo
     
663.     echo "If you want to modify user settings, please use below command(s):"
     
664.     echo "l2tp -a (Add a user)"
     
665.     echo "l2tp -d (Delete a user)"
     
666.     echo "l2tp -l (List all users)"
     
667.     echo "l2tp -m (Modify a user password)"
     
668.     echo
     
669.     echo "Welcome to visit our website: https://teddysun.com/448.html"
     
670.     echo "Enjoy it!"
     
671.     echo
     
672. }
     
673. 
     
674. 
     
675. l2tp(){
     
676.     clear
     
677.     echo
     
678.     echo "###############################################################"
     
679.     echo "# L2TP VPN Auto Installer                                     #"
     
680.     echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+        #"
     
681.     echo "# Intro: https://teddysun.com/448.html                        #"
     
682.     echo "# Author: Teddysun <i@teddysun.com>                           #"
     
683.     echo "###############################################################"
     
684.     echo
     
685.     rootness
     
686.     tunavailable
     
687.     disable_selinux
     
688.     version_check
     
689.     get_os_info
     
690.     preinstall_l2tp
     
691.     install_l2tp
     
692.     finally
     
693. }
     
694. 
     
695. list_users(){
     
696.     if [ ! -f /etc/ppp/chap-secrets ];then
     
697.         echo "Error: /etc/ppp/chap-secrets file not found."
     
698.         exit 1
     
699.     fi
     
700.     local line="+-------------------------------------------+\n"
     
701.     local string=%20s
     
702.     printf "${line}|${string} |${string} |\n${line}" Username Password
     
703.     grep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}'
     
704.     printf ${line}
     
705. }
     
706. 
     
707. add_user(){
     
708.     while :
     
709.     do
     
710.         read -p "Please input your Username:" user
     
711.         if [ -z ${user} ]; then
     
712.             echo "Username can not be empty"
     
713.         else
     
714.             grep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1
     
715.             if [ $? -eq 0 ];then
     
716.                 echo "Username (${user}) already exists. Please re-enter your username."
     
717.             else
     
718.                 break
     
719.             fi
     
720.         fi
     
721.     done
     
722.     pass=`rand`
     
723.     echo "Please input ${user}'s password:"
     
724.     read -p "(Default Password: ${pass}):" tmppass
     
725.     [ ! -z ${tmppass} ] && pass=${tmppass}
     
726.     echo "${user}    l2tpd    ${pass}       *" >> /etc/ppp/chap-secrets
     
727.     echo "Username (${user}) add completed."
     
728. }
     
729. 
     
730. del_user(){
     
731.     while :
     
732.     do
     
733.         read -p "Please input Username you want to delete it:" user
     
734.         if [ -z ${user} ]; then
     
735.             echo "Username can not be empty"
     
736.         else
     
737.             grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
     
738.             if [ $? -eq 0 ];then
     
739.                 break
     
740.             else
     
741.                 echo "Username (${user}) is not exists. Please re-enter your username."
     
742.             fi
     
743.         fi
     
744.     done
     
745.     sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
     
746.     echo "Username (${user}) delete completed."
     
747. }
     
748. 
     
749. mod_user(){
     
750.     while :
     
751.     do
     
752.         read -p "Please input Username you want to change password:" user
     
753.         if [ -z ${user} ]; then
     
754.             echo "Username can not be empty"
     
755.         else
     
756.             grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
     
757.             if [ $? -eq 0 ];then
     
758.                 break
     
759.             else
     
760.                 echo "Username (${user}) is not exists. Please re-enter your username."
     
761.             fi
     
762.         fi
     
763.     done
     
764.     pass=`rand`
     
765.     echo "Please input ${user}'s new password:"
     
766.     read -p "(Default Password: ${pass}):" tmppass
     
767.     [ ! -z ${tmppass} ] && pass=${tmppass}
     
768.     sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
     
769.     echo "${user}    l2tpd    ${pass}       *" >> /etc/ppp/chap-secrets
     
770.     echo "Username ${user}'s password has been changed."
     
771. }
     
772. 
     
773. # Main process
     
774. action=$1
     
775. if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; then
     
776.     action=install
     
777. fi
     
778. 
     
779. case ${action} in
     
780.     install)
     
781.         l2tp 2>&1 | tee ${cur_dir}/l2tp.log
     
782.         ;;
     
783.     -l|--list)
     
784.         list_users
     
785.         ;;
     
786.     -a|--add)
     
787.         add_user
     
788.         ;;
     
789.     -d|--del)
     
790.         del_user
     
791.         ;;
     
792.     -m|--mod)
     
793.         mod_user
     
794.         ;;
     
795.     -h|--help)
     
796.         echo "Usage: `basename $0` -l,--list   List all users"
     
797.         echo "       `basename $0` -a,--add    Add a user"
     
798.         echo "       `basename $0` -d,--del    Delete a user"
     
799.         echo "       `basename $0` -m,--mod    Modify a user password"
     
800.         echo "       `basename $0` -h,--help   Print this help information"
     
801.         ;;
     
802.     *)
     
803.         echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit
     
804.         ;;
     
805. esac
     

复制代码

admin

Server IP: ----
PSK      : ----
Username : w----
Password : 6----

If you want to modify user settings, please use below command(s):
l2tp -a (Add a user)
l2tp -d (Delete a user)
l2tp -l (List all users)
l2tp -m (Modify a user password)

admin

设置固定IP
vi /etc/ppp/chap-secrets

admin

1. 
   
2. 刚刚重新研究纯L2TP模式的XL2TP
   
3. 过程如下 最下面的是一些结论
   
4. 
   
5. 
   
6. 
   
7. linux 下建立 纯L2TP 服务端和客户端
   
8. https://blog.csdn.net/lfw19891101/article/details/7206217
   
9. 
   
10. 
    
11. 参考资料
    
12. 
    
13. http://www.jacco2.dds.nl/networking/linux-l2tp.html
    
14. 
    
15. http://www.cublog.cn/u/8057/showart_83292.html
    
16. 
    
17. http://strongvpn.com/forum/viewtopic.php?id=788
    
18. 
    
19. 
    
20. ###
    
21. echo 'c myvpn' > /var/run/xl2tpd/l2tp-control
    
22. 
    
23. ################还有另外一个教程
    
24. https://help.ubuntu.com/community/L2TPServer#:~:text=refuse%20pap%20%3D%20refure%20pap%20authentication%20ppp%20debug,should%20probably%20be%20longer%20to%20ensure%20sufficient%20security.
    
25. 
    
26. ################还有另外一个教程  这个可以看看
    
27. https://blog.csdn.net/u013485792/article/details/51740776
    
28. 
    
29. 这里比较详细
    
30. https://manpages.debian.org/bullseye/xl2tpd/index.html
    
31. 
    
32. 这里是这个人的其他文档
    
33. https://manpages.debian.org/contents-bullseye.html
    
34. 
    
35. pppd的配置（用于/etc/ppp/options.xl2tpd）
    
36. https://manpages.debian.org/bullseye/ppp/pppd.8.en.html
    
37. ##################
    
38. xl2tpd源码分析
    
39. https://blog.csdn.net/eydwyz/article/details/66973988
    
40. 
    
41. 
    
42. 
    
43. 
    
44. 
    
45. 我终于摸得差不多了
    
46. 首先xl2tpd安装好以后 默认什么都不用改，就可以直接输入命令 xl2tpd启动 如果要观察可以加一个-D参数
    
47. 
    
48. 服务端的配置文件里面 global可以修改端口，客户端连接可以指定用什么端口
    
49. 
    
50. 
    
51. 
    
52. 然后客户端的配置，客户端需要删除lns 然后添加配置lac  
    
53. [lac l2tpvpn]
    
54. lns = 172.17.0.2:1701
    
55. ppp debug = yes
    
56. pppoptfile = /etc/ppp/options.xl2tpd
    
57. 如果不要ipsec 在global里面配置 ipsec saref = no  可以修改端口号
    
58. 
    
59. 然后配置ppp文件
    
60. /etc/ppp/options.xl2tpd
    
61. ipcp-accept-local
    
62. ipcp-accept-remote
    
63. refuse-eap
    
64. noccp
    
65. auth
    
66. idle 1800
    
67. mtu 1410
    
68. mru 1410
    
69. defaultroute
    
70. usepeerdns
    
71. debug
    
72. lock
    
73. connect-delay 5000
    
74. 
    
75. 最后服务端也要先启动服务 xl2tpd -D
    
76. 然后用xl2tpd-control命令来连接和查看 -d参数是必须的
    
77. 
    
78. xl2tpd-control -d available #查看服务的信息
    
79. xl2tpd-control -d connect-lac lacname #连接这个lac 外面的教程里面都是 echo "c lacname">/var/    太不专业了
    

复制代码