mix3/L2TP_IPSec_vpn_setup_for_centos7.sh

## L2TP_IPSec_vpn_setup_for_centos7.sh
#!/bin/bash -x
# Description:L2TP/IPsec for CentOS7 64bit
# 2015/05/09 @mix3

(
## setting

cat << _SECRETS_ > /tmp/SECRETS_TMP.txt
#==============================================
# username auth_server password auth_ipaddress
"hoge001" "xl2tpd" "hoge##123" *
"hoge002" "xl2tpd" "hoge##456" *
#==============================================
_SECRETS_

PSK_SECRETS='HOGESECRETS'

COLOR_LIGHT_GREEN='\033[1;32m'
COLOR_LIGHT_BLUE='\033[1;34m'
COLOR_YELLOW='\033[1;33m'
COLOR_RED='\033[0;31m'
COLOR_WHITE='\033[1;37m'
COLOR_DEFAULT='\033[0m'

IPADDR_GLOBAL=$(/sbin/ip addr show eth0 2>/dev/null | /bin/grep 'inet ' | /bin/sed -e 's/.*inet \([^ ]*\)\/.*/\1/')

VPN_LOCAL_IPADDRESS='192.168.0.1'
VPN_REMOTE_IPADDRESS='192.168.0.151-200'

## リポジトリ追加：EPEL
yum install -y epel-release

## パッケージ追加
yum install -y xl2tpd libreswan lsof
yum update -y

## L2TP セットアップ
sed -i.org -e "s/; listen-addr.*/listen-addr = ${IPADDR_GLOBAL}/g" -e "s/ip range.*/ip range = ${VPN_REMOTE_IPADDRESS}/g" -e "s/local ip.*/local ip = ${VPN_LOCAL_IPADDRESS}/g" /etc/xl2tpd/xl2tpd.conf

sed -i.org -e "s/^ms-dns/# ms-dns/g" -e "s/^noccp/# noccp/g" /etc/ppp/options.xl2tpd

cat << _XL2TPDCONF_ >> /etc/ppp/options.xl2tpd
ms-dns 8.8.8.8
ms-dns 209.244.0.3
ms-dns 208.67.222.222
name xl2tpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
persist
logfile /var/log/xl2tpd.log
_XL2TPDCONF_

## IPsec セットアップ
sed -i.org -e "s/^#include/include/g" /etc/ipsec.conf
cat << _IPSECCONF_ > /etc/ipsec.d/l2tp-ipsec.conf
conn L2TP-PSK-NAT
    rightsubnet=0.0.0.0/0
    dpddelay=10
    dpdtimeout=20
    dpdaction=clear
    forceencaps=yes
    also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=${IPADDR_GLOBAL}
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
_IPSECCONF_

cat /tmp/SECRETS_TMP.txt >> /etc/ppp/chap-secrets
rm /tmp/SECRETS_TMP.txt
echo -e ": PSK \"${PSK_SECRETS}\"" > /etc/ipsec.d/default.secrets

## firewalld セットアップ
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-port=1701/udp
firewall-cmd --permanent --add-port=4500/udp
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload

## IP_FORWARD 設定
cat << _SYSCTLCONF_ > /etc/sysctl.d/60-sysctl_ipsec.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth1.accept_redirects = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.send_redirects = 0
net.ipv4.conf.eth2.accept_redirects = 0
net.ipv4.conf.eth2.rp_filter = 0
net.ipv4.conf.eth2.send_redirects = 0
net.ipv4.conf.ip_vti0.accept_redirects = 0
net.ipv4.conf.ip_vti0.rp_filter = 0
net.ipv4.conf.ip_vti0.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.ppp0.accept_redirects = 0
net.ipv4.conf.ppp0.rp_filter = 0
net.ipv4.conf.ppp0.send_redirects = 0
_SYSCTLCONF_
systemctl restart network

## プロセス起動
systemctl enable ipsec
systemctl enable xl2tpd
systemctl restart ipsec
systemctl restart xl2tpd

## Finish
echo -e "${COLOR_WHITE}L2TP/IPsec SERVER IP     : ${COLOR_LIGHT_GREEN}${IPADDR_GLOBAL}${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}L2TP/IPsec USER/PASSWORD : \n${COLOR_LIGHT_GREEN}$(/bin/cat /etc/ppp/chap-secrets)${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}L2TP/IPsec PSK SECRETS   : ${COLOR_LIGHT_GREEN}${PSK_SECRETS}${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}Install log              : ${COLOR_LIGHT_GREEN}/var/log/L2TP_IPsec-installer.log${COLOR_DEFAULT}"

) 2>&1 | tee /var/log/L2TP_IPsec-installer.log
	#!/bin/bash -x
	# Description:L2TP/IPsec for CentOS7 64bit
	# 2015/05/09 @mix3

	(
	## setting

	cat << _SECRETS_ > /tmp/SECRETS_TMP.txt
	#==============================================
	# username auth_server password auth_ipaddress
	"hoge001" "xl2tpd" "hoge##123" *
	"hoge002" "xl2tpd" "hoge##456" *
	#==============================================
	_SECRETS_

	PSK_SECRETS='HOGESECRETS'

	COLOR_LIGHT_GREEN='\033[1;32m'
	COLOR_LIGHT_BLUE='\033[1;34m'
	COLOR_YELLOW='\033[1;33m'
	COLOR_RED='\033[0;31m'
	COLOR_WHITE='\033[1;37m'
	COLOR_DEFAULT='\033[0m'

	IPADDR_GLOBAL=$(/sbin/ip addr show eth0 2>/dev/null \| /bin/grep 'inet ' \| /bin/sed -e 's/.inet \([^ ]\)\/.*/\1/')

	VPN_LOCAL_IPADDRESS='192.168.0.1'
	VPN_REMOTE_IPADDRESS='192.168.0.151-200'

	## リポジトリ追加：EPEL
	yum install -y epel-release

	## パッケージ追加
	yum install -y xl2tpd libreswan lsof
	yum update -y

	## L2TP セットアップ
	sed -i.org -e "s/; listen-addr./listen-addr = ${IPADDR_GLOBAL}/g" -e "s/ip range./ip range = ${VPN_REMOTE_IPADDRESS}/g" -e "s/local ip.*/local ip = ${VPN_LOCAL_IPADDRESS}/g" /etc/xl2tpd/xl2tpd.conf

	sed -i.org -e "s/^ms-dns/# ms-dns/g" -e "s/^noccp/# noccp/g" /etc/ppp/options.xl2tpd

	cat << _XL2TPDCONF_ >> /etc/ppp/options.xl2tpd
	ms-dns 8.8.8.8
	ms-dns 209.244.0.3
	ms-dns 208.67.222.222
	name xl2tpd
	refuse-pap
	refuse-chap
	refuse-mschap
	require-mschap-v2
	persist
	logfile /var/log/xl2tpd.log
	_XL2TPDCONF_

	## IPsec セットアップ
	sed -i.org -e "s/^#include/include/g" /etc/ipsec.conf
	cat << _IPSECCONF_ > /etc/ipsec.d/l2tp-ipsec.conf
	conn L2TP-PSK-NAT
	rightsubnet=0.0.0.0/0
	dpddelay=10
	dpdtimeout=20
	dpdaction=clear
	forceencaps=yes
	also=L2TP-PSK-noNAT
	conn L2TP-PSK-noNAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	ikelifetime=8h
	keylife=1h
	type=transport
	left=${IPADDR_GLOBAL}
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/%any
	_IPSECCONF_

	cat /tmp/SECRETS_TMP.txt >> /etc/ppp/chap-secrets
	rm /tmp/SECRETS_TMP.txt
	echo -e ": PSK \"${PSK_SECRETS}\"" > /etc/ipsec.d/default.secrets

	## firewalld セットアップ
	firewall-cmd --permanent --add-service=ipsec
	firewall-cmd --permanent --add-port=1701/udp
	firewall-cmd --permanent --add-port=4500/udp
	firewall-cmd --permanent --add-masquerade
	firewall-cmd --reload

	## IP_FORWARD 設定
	cat << _SYSCTLCONF_ > /etc/sysctl.d/60-sysctl_ipsec.conf
	net.ipv4.ip_forward = 1
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.all.rp_filter = 0
	net.ipv4.conf.all.send_redirects = 0
	net.ipv4.conf.default.accept_redirects = 0
	net.ipv4.conf.default.rp_filter = 0
	net.ipv4.conf.default.send_redirects = 0
	net.ipv4.conf.eth0.accept_redirects = 0
	net.ipv4.conf.eth0.rp_filter = 0
	net.ipv4.conf.eth0.send_redirects = 0
	net.ipv4.conf.eth1.accept_redirects = 0
	net.ipv4.conf.eth1.rp_filter = 0
	net.ipv4.conf.eth1.send_redirects = 0
	net.ipv4.conf.eth2.accept_redirects = 0
	net.ipv4.conf.eth2.rp_filter = 0
	net.ipv4.conf.eth2.send_redirects = 0
	net.ipv4.conf.ip_vti0.accept_redirects = 0
	net.ipv4.conf.ip_vti0.rp_filter = 0
	net.ipv4.conf.ip_vti0.send_redirects = 0
	net.ipv4.conf.lo.accept_redirects = 0
	net.ipv4.conf.lo.rp_filter = 0
	net.ipv4.conf.lo.send_redirects = 0
	net.ipv4.conf.ppp0.accept_redirects = 0
	net.ipv4.conf.ppp0.rp_filter = 0
	net.ipv4.conf.ppp0.send_redirects = 0
	_SYSCTLCONF_
	systemctl restart network

	## プロセス起動
	systemctl enable ipsec
	systemctl enable xl2tpd
	systemctl restart ipsec
	systemctl restart xl2tpd

	## Finish
	echo -e "${COLOR_WHITE}L2TP/IPsec SERVER IP : ${COLOR_LIGHT_GREEN}${IPADDR_GLOBAL}${COLOR_DEFAULT}"
	echo -e "${COLOR_WHITE}L2TP/IPsec USER/PASSWORD : \n${COLOR_LIGHT_GREEN}$(/bin/cat /etc/ppp/chap-secrets)${COLOR_DEFAULT}"
	echo -e "${COLOR_WHITE}L2TP/IPsec PSK SECRETS : ${COLOR_LIGHT_GREEN}${PSK_SECRETS}${COLOR_DEFAULT}"
	echo -e "${COLOR_WHITE}Install log : ${COLOR_LIGHT_GREEN}/var/log/L2TP_IPsec-installer.log${COLOR_DEFAULT}"

	) 2>&1 \| tee /var/log/L2TP_IPsec-installer.log