-
-
Save sAws/1b8e1ca9e6f67f7dd9f59c2f26dd9a44 to your computer and use it in GitHub Desktop.
L2TP VPN client on Linux Debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Requirements | |
| # debian/ubuntu | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get -y install strongswan xl2tpd libstrongswan-standard-plugins libstrongswan-extra-plugins | |
| VPN_SERVER_IP='' | |
| VPN_IPSEC_PSK='' | |
| VPN_USER='' | |
| VPN_PASSWORD='' | |
| VPN_LOCAL_NETWORK='172.25.1.1/24' | |
| VPN_NAME='VPN1' | |
| cat > /etc/ipsec.conf <<EOF | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev1 | |
| authby=secret | |
| conn ${VPN_NAME} | |
| keyexchange=ikev1 | |
| ike=3des-sha1-modp1024! | |
| esp=3des-sha1! | |
| left=%defaultroute | |
| auto=add | |
| authby=secret | |
| type=transport | |
| leftprotoport=17/1701 | |
| rightprotoport=17/1701 | |
| right=${VPN_SERVER_IP} | |
| EOF | |
| cat > /etc/ipsec.secrets <<EOF | |
| : PSK "${VPN_IPSEC_PSK}" | |
| EOF | |
| chmod 600 /etc/ipsec.secrets | |
| cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
| [lac ${VPN_NAME}] | |
| lns = ${VPN_SERVER_IP} | |
| ppp debug = yes | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat > /etc/ppp/options.l2tpd.client <<EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-chap | |
| noccp | |
| noauth | |
| mtu 1280 | |
| mru 1280 | |
| noipdefault | |
| defaultroute | |
| usepeerdns | |
| connect-delay 5000 | |
| name ${VPN_USER} | |
| password ${VPN_PASSWORD} | |
| EOF | |
| chmod 600 /etc/ppp/options.l2tpd.client | |
| service strongswan restart | |
| service xl2tpd restart | |
| cat > /usr/local/bin/start-vpn <<EOF | |
| #!/usr/bin/env bash | |
| VPN_LOCAL_NETWORK="${VPN_LOCAL_NETWORK}" | |
| VPN_NAME="${VPN_NAME}" | |
| ( | |
| service strongswan start | |
| sleep 2 | |
| service xl2tpd start | |
| ) && ( | |
| ipsec up ${VPN_NAME} | |
| echo "c ${VPN_NAME}" > /var/run/xl2tpd/l2tp-control | |
| sleep 5 | |
| if (( ${#VPN_LOCAL_NETWORK} != 0 )); then | |
| ip route add ${VPN_LOCAL_NETWORK} dev ppp0 | |
| fi | |
| ipsec statusall | |
| route -n | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/start-vpn | |
| cat > /usr/local/bin/stop-vpn <<EOF | |
| #!/usr/bin/env bash | |
| VPN_LOCAL_NETWORK="${VPN_LOCAL_NETWORK}" | |
| ( | |
| echo "d ${VPN_NAME}" > /var/run/xl2tpd/l2tp-control | |
| ipsec down ${VPN_NAME} | |
| ) && ( | |
| service xl2tpd stop | |
| service strongswan stop | |
| if (( ${#VPN_LOCAL_NETWORK} != 0 )); then | |
| ip route del ${VPN_LOCAL_NETWORK} dev ppp0 | |
| fi | |
| ipsec statusall | |
| route -n | |
| ) | |
| EOF | |
| chmod +x /usr/local/bin/stop-vpn | |
| echo "To start VPN type: start-vpn" | |
| echo "To stop VPN type: stop-vpn" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
add
https://unix.stackexchange.com/a/381479