Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash -x
# Description:L2TP/IPsec for CentOS7 64bit
# 2015/05/09 @mix3
(
## setting
cat << _SECRETS_ > /tmp/SECRETS_TMP.txt
#==============================================
# username auth_server password auth_ipaddress
"hoge001" "xl2tpd" "hoge##123" *
"hoge002" "xl2tpd" "hoge##456" *
#==============================================
_SECRETS_
PSK_SECRETS='HOGESECRETS'
COLOR_LIGHT_GREEN='\033[1;32m'
COLOR_LIGHT_BLUE='\033[1;34m'
COLOR_YELLOW='\033[1;33m'
COLOR_RED='\033[0;31m'
COLOR_WHITE='\033[1;37m'
COLOR_DEFAULT='\033[0m'
IPADDR_GLOBAL=$(/sbin/ip addr show eth0 2>/dev/null | /bin/grep 'inet ' | /bin/sed -e 's/.*inet \([^ ]*\)\/.*/\1/')
VPN_LOCAL_IPADDRESS='192.168.0.1'
VPN_REMOTE_IPADDRESS='192.168.0.151-200'
## リポジトリ追加:EPEL
yum install -y epel-release
## パッケージ追加
yum install -y xl2tpd libreswan lsof
yum update -y
## L2TP セットアップ
sed -i.org -e "s/; listen-addr.*/listen-addr = ${IPADDR_GLOBAL}/g" -e "s/ip range.*/ip range = ${VPN_REMOTE_IPADDRESS}/g" -e "s/local ip.*/local ip = ${VPN_LOCAL_IPADDRESS}/g" /etc/xl2tpd/xl2tpd.conf
sed -i.org -e "s/^ms-dns/# ms-dns/g" -e "s/^noccp/# noccp/g" /etc/ppp/options.xl2tpd
cat << _XL2TPDCONF_ >> /etc/ppp/options.xl2tpd
ms-dns 8.8.8.8
ms-dns 209.244.0.3
ms-dns 208.67.222.222
name xl2tpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
persist
logfile /var/log/xl2tpd.log
_XL2TPDCONF_
## IPsec セットアップ
sed -i.org -e "s/^#include/include/g" /etc/ipsec.conf
cat << _IPSECCONF_ > /etc/ipsec.d/l2tp-ipsec.conf
conn L2TP-PSK-NAT
rightsubnet=0.0.0.0/0
dpddelay=10
dpdtimeout=20
dpdaction=clear
forceencaps=yes
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=${IPADDR_GLOBAL}
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
_IPSECCONF_
cat /tmp/SECRETS_TMP.txt >> /etc/ppp/chap-secrets
rm /tmp/SECRETS_TMP.txt
echo -e ": PSK \"${PSK_SECRETS}\"" > /etc/ipsec.d/default.secrets
## firewalld セットアップ
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-port=1701/udp
firewall-cmd --permanent --add-port=4500/udp
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
## IP_FORWARD 設定
cat << _SYSCTLCONF_ > /etc/sysctl.d/60-sysctl_ipsec.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth1.accept_redirects = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.send_redirects = 0
net.ipv4.conf.eth2.accept_redirects = 0
net.ipv4.conf.eth2.rp_filter = 0
net.ipv4.conf.eth2.send_redirects = 0
net.ipv4.conf.ip_vti0.accept_redirects = 0
net.ipv4.conf.ip_vti0.rp_filter = 0
net.ipv4.conf.ip_vti0.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.ppp0.accept_redirects = 0
net.ipv4.conf.ppp0.rp_filter = 0
net.ipv4.conf.ppp0.send_redirects = 0
_SYSCTLCONF_
systemctl restart network
## プロセス起動
systemctl enable ipsec
systemctl enable xl2tpd
systemctl restart ipsec
systemctl restart xl2tpd
## Finish
echo -e "${COLOR_WHITE}L2TP/IPsec SERVER IP : ${COLOR_LIGHT_GREEN}${IPADDR_GLOBAL}${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}L2TP/IPsec USER/PASSWORD : \n${COLOR_LIGHT_GREEN}$(/bin/cat /etc/ppp/chap-secrets)${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}L2TP/IPsec PSK SECRETS : ${COLOR_LIGHT_GREEN}${PSK_SECRETS}${COLOR_DEFAULT}"
echo -e "${COLOR_WHITE}Install log : ${COLOR_LIGHT_GREEN}/var/log/L2TP_IPsec-installer.log${COLOR_DEFAULT}"
) 2>&1 | tee /var/log/L2TP_IPsec-installer.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.