Created
November 1, 2016 11:33
-
-
Save toshas/cca6890909b5691ae8ce675045c200a9 to your computer and use it in GitHub Desktop.
Install an L2TP client in Ubuntu
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #usage: | |
| # install_l2tp.sh <L2TP_SERVER> <SHARED_SECRET> <USERNAME> <PASSWORD> | |
| set -e | |
| L2TP_SERVER=${1} | |
| SHARED_SECRET=${2} | |
| USERNAME=${3} | |
| PASSWORD=${4} | |
| apt-get install openswan xl2tpd | |
| echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf | |
| echo "net.ipv4.conf.all.accept_redirects = 0" >>/etc/sysctl.conf | |
| echo "net.ipv4.conf.all.send_redirects = 0" >>/etc/sysctl.conf | |
| echo "net.ipv4.conf.default.rp_filter = 0" >>/etc/sysctl.conf | |
| echo "net.ipv4.conf.default.accept_source_route = 0" >>/etc/sysctl.conf | |
| echo "net.ipv4.conf.default.send_redirects = 0" >>/etc/sysctl.conf | |
| echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >>/etc/sysctl.conf | |
| for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done | |
| sysctl -p | |
| cat > /etc/ipsec.conf << EOF | |
| config setup | |
| virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 | |
| nat_traversal=yes | |
| protostack=netkey | |
| oe=off | |
| plutoopts="--interface=eth0" | |
| conn L2TP-PSK | |
| authby=secret | |
| pfs=no | |
| auto=add | |
| keyingtries=3 | |
| dpddelay=30 | |
| dpdtimeout=120 | |
| dpdaction=clear | |
| rekey=yes | |
| ikelifetime=8h | |
| keylife=1h | |
| type=transport | |
| left=%defaultroute | |
| leftnexthop=%defaultroute | |
| leftprotoport=17/1701 | |
| right=${L2TP_SERVER} | |
| rightid=10.0.1.11 | |
| EOF | |
| echo "0.0.0.0 ${L2TP_SERVER}: PSK \"${SHARED_SECRET}\"" >/var/lib/openswan/ipsec.secrets.inc | |
| cat >/etc/xl2tpd/xl2tpd.conf << EOF | |
| [lac vpn-connection] | |
| lns = ${L2TP_SERVER} | |
| pppoptfile = /etc/ppp/options.l2tpd.client | |
| length bit = yes | |
| EOF | |
| cat >/etc/ppp/options.l2tpd.client << EOF | |
| ipcp-accept-local | |
| ipcp-accept-remote | |
| refuse-eap | |
| require-mschap-v2 | |
| noccp | |
| noauth | |
| idle 1800 | |
| mtu 1410 | |
| mru 1410 | |
| defaultroute | |
| connect-delay 5000 | |
| name ${USERNAME} | |
| password ${PASSWORD} | |
| EOF | |
| mkdir -p /var/run/xl2tpd | |
| touch /var/run/xl2tpd/l2tp-control | |
| cat >> /etc/ppp/ip-up <<EOF | |
| route add -net 10.0.1.0/24 dev \${PPP_IFACE} | |
| route add -net 10.0.2.0/24 dev \${PPP_IFACE} | |
| route add -net 10.0.3.0/24 dev \${PPP_IFACE} | |
| route add -net 10.0.4.0/24 dev \${PPP_IFACE} | |
| EOF | |
| cat >/etc/rc.vpn.start << EOF | |
| #!/bin/sh | |
| service ipsec restart | |
| service xl2tpd restart | |
| ipsec auto --up L2TP-PSK | |
| echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control | |
| EOF | |
| cat >/etc/rc.vpn.stop << EOF | |
| #!/bin/sh | |
| service ipsec stop | |
| service xl2tpd stop | |
| EOF | |
| chmod +x /etc/rc.vpn.start | |
| chmod +x /etc/rc.vpn.stop | |
| /etc/rc.vpn.start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment