diff --git a/plugins/l2tp/LICENSE b/plugins/l2tp/LICENSE new file mode 100644 index 000000000..b89fade39 --- /dev/null +++ b/plugins/l2tp/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Mr Chen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/plugins/l2tp/README.md b/plugins/l2tp/README.md new file mode 100644 index 000000000..7119b07cb --- /dev/null +++ b/plugins/l2tp/README.md @@ -0,0 +1,17 @@ +# mw-l2tp + +``` +mdserver-web项目的中用于管理vpn的插件 +``` + +### 安装过程 + +``` +* 先进行压缩 `cd mw-l2tp && zip l2tp.zip -r ./* ` +* 在mdserver-web点击`添加插件` +``` + +### 截图 + +[![截图1](/screenshot/ss1.png)](/screenshot/ss1.png) + diff --git a/plugins/l2tp/ico.png b/plugins/l2tp/ico.png new file mode 100644 index 000000000..ddfd2f89b Binary files /dev/null and b/plugins/l2tp/ico.png differ diff --git a/plugins/l2tp/index.html b/plugins/l2tp/index.html new file mode 100755 index 000000000..13b95bfaf --- /dev/null +++ b/plugins/l2tp/index.html @@ -0,0 +1,18 @@ +
+
+
+

服务

+

用户配置

+

PSK配置

+

用户列表

+
+
+
+
+
+
+ \ No newline at end of file diff --git a/plugins/l2tp/index.py b/plugins/l2tp/index.py new file mode 100755 index 000000000..e0b1eb576 --- /dev/null +++ b/plugins/l2tp/index.py @@ -0,0 +1,233 @@ +# coding:utf-8 + +import sys +import io +import os +import time +import shutil + +sys.path.append(os.getcwd() + "/class/core") +import public + +app_debug = False +if public.isAppleSystem(): + app_debug = True + + +def getPluginName(): + return 'l2tp' + + +def getPluginDir(): + return public.getPluginDir() + '/' + getPluginName() + + +def getServerDir(): + return public.getServerDir() + '/' + getPluginName() + + +def getArgs(): + args = sys.argv[2:] + tmp = {} + args_len = len(args) + + if args_len == 1: + t = args[0].strip('{').strip('}') + t = t.split(':') + tmp[t[0]] = t[1] + elif args_len > 1: + for i in range(len(args)): + t = args[i].split(':') + tmp[t[0]] = t[1] + + return tmp + + +def checkArgs(data, ck=[]): + for i in range(len(ck)): + if not ck[i] in data: + return (False, public.returnJson(False, '参数:(' + ck[i] + ')没有!')) + return (True, public.returnJson(True, 'ok')) + + +def status(): + cmd = "ps -ef|grep xl2tpd |grep -v grep | grep -v python | awk '{print $2}'" + data = public.execShell(cmd) + if data[0] == '': + return 'stop' + return 'start' + + +def initConf(): + l2tp_cs = getServerDir() + '/chap-secrets' + if not os.path.exists(l2tp_cs): + public.execShell('cp -rf ' + getPluginDir() + + '/tmp/chap-secrets' + ' ' + getServerDir()) + + l2tp_is = getServerDir() + '/ipsec.secrets' + if not os.path.exists(l2tp_is): + public.execShell('cp -rf ' + getPluginDir() + + '/tmp/ipsec.secrets' + ' ' + getServerDir()) + + +def start(): + initConf() + + if public.isAppleSystem(): + return "Apple Computer does not support" + + data = public.execShell('service xl2tpd start') + if data[0] == '': + return 'ok' + return data[1] + + +def stop(): + if public.isAppleSystem(): + return "Apple Computer does not support" + + data = public.execShell('service xl2tpd stop') + if data[0] == '': + return 'ok' + return data[1] + + +def restart(): + if public.isAppleSystem(): + return "Apple Computer does not support" + + data = public.execShell('service xl2tpd restart') + if data[0] == '': + return 'ok' + return data[1] + + +def reload(): + data = public.execShell('service xl2tpd reload') + if data[0] == '': + return 'ok' + return data[1] + + +def getPathFile(): + if public.isAppleSystem(): + return getServerDir() + '/chap-secrets' + return '/etc/ppp/chap-secrets' + + +def getPathFilePsk(): + if public.isAppleSystem(): + return getServerDir() + '/ipsec.secrets' + return '/etc/ipsec.secrets' + + +def getUserList(): + import re + path = getPathFile() + if not os.path.exists(path): + return public.returnJson(False, '密码配置文件不存在!') + conf = public.readFile(path) + + conf = re.sub('#(.*)\n', '', conf) + + if conf.strip() == '': + return public.returnJson(True, 'ok', []) + + ulist = conf.strip().split('\n') + + user = [] + for line in ulist: + line_info = {} + line = re.match(r'(\w*)\s*(\w*)\s*(\w*)\s*(.*)', + line.strip(), re.M | re.I).groups() + line_info['user'] = line[0] + line_info['pwd'] = line[2] + line_info['type'] = line[1] + line_info['ip'] = line[3] + user.append(line_info) + + return public.returnJson(True, 'ok', user) + + +def addUser(): + if public.isAppleSystem(): + return public.returnJson(False, "Apple Computer does not support") + + args = getArgs() + data = checkArgs(args, ['username']) + if not data[0]: + return data[1] + ret = public.execShell('echo ' + args['username'] + '|l2tp -a') + if ret[1] == '': + return public.returnJson(True, '添加成功!:' + ret[0]) + return public.returnJson(False, '添加失败:' + ret[0]) + + +def delUser(): + if public.isAppleSystem(): + return public.returnJson(False, "Apple Computer does not support") + + args = getArgs() + data = checkArgs(args, ['username']) + if not data[0]: + return data[1] + + ret = public.execShell('echo ' + args['username'] + '|l2tp -d') + if ret[1] == '': + return public.returnJson(True, '删除成功!:' + ret[0]) + return public.returnJson(False, '删除失败:' + ret[0]) + + +def modUser(): + + args = getArgs() + data = checkArgs(args, ['username', 'password']) + if not data[0]: + return data[1] + + path = getPathFile() + username = args['username'] + password = args['password'] + + # sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets + # echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets + + if public.isAppleSystem(): + public.execShell("sed -i .bak '/^\(" + username + "\)/d' " + path) + else: + public.execShell("sed -i '/^\(" + username + "\)/d' " + path) + # print 'echo "' + username + " l2tpd " + password + " *\" >>" + # + path + ret = public.execShell("echo \"" + username + + " l2tpd " + password + " *\" >>" + path) + if ret[1] == '': + return public.returnJson(True, '修改成功!') + return public.returnJson(False, '修改失败') + + +if __name__ == "__main__": + func = sys.argv[1] + if func == 'status': + print status() + elif func == 'start': + print start() + elif func == 'stop': + print stop() + elif func == 'restart': + print restart() + elif func == 'reload': + print reload() + elif func == 'conf': + print getPathFile() + elif func == 'conf_psk': + print getPathFilePsk() + elif func == 'user_list': + print getUserList() + elif func == 'add_user': + print addUser() + elif func == 'del_user': + print delUser() + elif func == 'mod_user': + print modUser() + else: + print 'error' diff --git a/plugins/l2tp/info.json b/plugins/l2tp/info.json new file mode 100755 index 000000000..8d3ab2fb1 --- /dev/null +++ b/plugins/l2tp/info.json @@ -0,0 +1,14 @@ +{ + "title":"L2TP", + "tip":"soft", + "name":"l2tp", + "type":"运行环境", + "ps":"VPN网关", + "versions":"1.0", + "shell":"install.sh", + "checks":"server/l2tp", + "author":"teddysun", + "home":"https://github.com/teddysun/across/blob/master/l2tp.sh", + "date":"2019-02-27", + "pid": "4" +} \ No newline at end of file diff --git a/plugins/l2tp/install.sh b/plugins/l2tp/install.sh new file mode 100755 index 000000000..2d7b767bb --- /dev/null +++ b/plugins/l2tp/install.sh @@ -0,0 +1,46 @@ +#!/bin/bash +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin +export PATH + + +curPath=`pwd` +rootPath=$(dirname "$curPath") +rootPath=$(dirname "$rootPath") +serverPath=$(dirname "$rootPath") + + +install_tmp=${rootPath}/tmp/mw_install.pl +SYSOS=`uname` + +Install_l2tp() +{ + isStart="" + echo '正在安装脚本文件...' > $install_tmp + mkdir -p $serverPath/l2tp + echo '1.0' > $serverPath/l2tp/version.pl + + cp -rf scripts/l2tp.sh $serverPath/l2tp + chmod +x $serverPath/l2tp/l2tp.sh + + if [ "Darwin" == "$SYSOS" ];then + echo 'macosx unavailable' > $install_tmp + exit 0 + fi + + /bin/sh $serverPath/l2tp/l2tp.sh + + echo 'install complete' > $install_tmp +} + +Uninstall_l2tp() +{ + rm -rf $serverPath/l2tp + echo "Uninstall completed" > $install_tmp +} + +action=$1 +if [ "${1}" == 'install' ];then + Install_l2tp +else + Uninstall_l2tp +fi diff --git a/plugins/l2tp/js/l2tp.js b/plugins/l2tp/js/l2tp.js new file mode 100755 index 000000000..12b0c4fc4 --- /dev/null +++ b/plugins/l2tp/js/l2tp.js @@ -0,0 +1,150 @@ +function str2Obj(str){ + var data = {}; + kv = str.split('&'); + for(i in kv){ + v = kv[i].split('='); + data[v[0]] = v[1]; + } + return data; +} + +function lpPost(method,args,callback, title){ + + var _args = null; + if (typeof(args) == 'string'){ + _args = JSON.stringify(str2Obj(args)); + } else { + _args = JSON.stringify(args); + } + + var _title = '正在获取...'; + if (typeof(title) != 'undefined'){ + _title = title; + } + + var loadT = layer.msg(_title, { icon: 16, time: 0, shade: 0.3 }); + $.post('/plugins/run', {name:'l2tp', func:method, args:_args}, function(data) { + layer.close(loadT); + if (!data.status){ + layer.msg(data.msg,{icon:0,time:2000,shade: [0.3, '#000']}); + return; + } + + if(typeof(callback) == 'function'){ + callback(data); + } + },'json'); +} + +function lpAsyncPost(method,args){ + var _args = null; + if (typeof(args) == 'string'){ + _args = JSON.stringify(str2Obj(args)); + } else { + _args = JSON.stringify(args); + } + + var loadT = layer.msg('正在获取...', { icon: 16, time: 0, shade: 0.3 }); + return syncPost('/plugins/run', {name:'l2tp', func:method, args:_args}); +} + +function userList(){ + lpPost('user_list', '' ,function(data){ + var rdata = $.parseJSON(data['data']); + + if (!rdata['status']){ + layer.msg(rdata.msg,{icon:0,time:2000,shade: [0.3, '#000']}); + return; + } + var list = rdata['data']; + + var con = ''; + con += '
'; + con += ''; + con += ''; + con += ''; + con += ''; + con += ''; + + con += ''; + + for (var i = 0; i < list.length; i++) { + con += ''+ + '' + + '' + + ''; + } + + con += ''; + con += '
用户密码操作(添加)
' + list[i]['user']+'' + list[i]['pwd']+'改密|删除
'; + + $(".soft-man-con").html(con); + }); +} + + +function addUser(){ + var loadOpen = layer.open({ + type: 1, + title: '添加用户', + area: '240px', + content:"
\ +
\ +
\ +
\ +
\ + \ +
\ +
" + }); + + $('#add_ok').click(function(){ + _data = {}; + _data['username'] = $('#username').val(); + var loadT = layer.msg('正在获取...', { icon: 16, time: 0, shade: 0.3 }); + lpPost('add_user', _data, function(data){ + var rdata = $.parseJSON(data.data); + layer.close(loadOpen); + layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']}); + setTimeout(function(){userList();},2000); + }); + }); +} + +function delUser(username){ + lpPost('del_user', {username:username}, function(data){ + var rdata = $.parseJSON(data.data); + layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']}); + setTimeout(function(){userList();},2000); + }); +} + +function modUser(username){ + var loadOpen = layer.open({ + type: 1, + title: '修改密码', + area: '240px', + content:"
\ +
\ +
\ +
\ +
\ + \ +
\ +
" + }); + + $('#mod_ok').click(function(){ + _data = {}; + _data['username'] = username; + _data['password'] = $('#password').val(); + var loadT = layer.msg('正在获取...', { icon: 16, time: 0, shade: 0.3 }); + lpPost('mod_user', _data, function(data){ + var rdata = $.parseJSON(data.data); + layer.close(loadOpen); + layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']}); + setTimeout(function(){userList();},2000); + }); + }); +} + diff --git a/plugins/l2tp/screenshot/ss1.png b/plugins/l2tp/screenshot/ss1.png new file mode 100644 index 000000000..f9e270f3c Binary files /dev/null and b/plugins/l2tp/screenshot/ss1.png differ diff --git a/plugins/l2tp/scripts/l2tp.sh b/plugins/l2tp/scripts/l2tp.sh new file mode 100644 index 000000000..2109a4489 --- /dev/null +++ b/plugins/l2tp/scripts/l2tp.sh @@ -0,0 +1,820 @@ +#!/usr/bin/env bash +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin +export PATH +#=======================================================================# +# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ # +# Description: L2TP VPN Auto Installer # +# Author: Teddysun # +# Intro: https://teddysun.com/448.html # +#=======================================================================# +cur_dir=`pwd` + +libreswan_filename="libreswan-3.27" +download_root_url="https://dl.lamp.sh/files" + +rootness(){ + if [[ $EUID -ne 0 ]]; then + echo "Error:This script must be run as root!" 1>&2 + exit 1 + fi +} + +tunavailable(){ + if [[ ! -e /dev/net/tun ]]; then + echo "Error:TUN/TAP is not available!" 1>&2 + exit 1 + fi +} + +disable_selinux(){ +if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 +fi +} + +get_opsy(){ + [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return + [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return + [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return +} + +get_os_info(){ + IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) + [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) + + local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) + local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local tram=$( free -m | awk '/Mem/ {print $2}' ) + local swap=$( free -m | awk '/Swap/ {print $2}' ) + local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime ) + local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local opsy=$( get_opsy ) + local arch=$( uname -m ) + local lbit=$( getconf LONG_BIT ) + local host=$( hostname ) + local kern=$( uname -r ) + + echo "########## System Information ##########" + echo + echo "CPU model : ${cname}" + echo "Number of cores : ${cores}" + echo "CPU frequency : ${freq} MHz" + echo "Total amount of ram : ${tram} MB" + echo "Total amount of swap : ${swap} MB" + echo "System uptime : ${up}" + echo "Load average : ${load}" + echo "OS : ${opsy}" + echo "Arch : ${arch} (${lbit} Bit)" + echo "Kernel : ${kern}" + echo "Hostname : ${host}" + echo "IPv4 address : ${IP}" + echo + echo "########################################" +} + +check_sys(){ + local checkType=$1 + local value=$2 + + local release='' + local systemPackage='' + + if [[ -f /etc/redhat-release ]]; then + release="centos" + systemPackage="yum" + elif cat /etc/issue | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + elif cat /proc/version | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + fi + + if [[ ${checkType} == "sysRelease" ]]; then + if [ "$value" == "$release" ];then + return 0 + else + return 1 + fi + elif [[ ${checkType} == "packageManager" ]]; then + if [ "$value" == "$systemPackage" ];then + return 0 + else + return 1 + fi + fi +} + +rand(){ + index=0 + str="" + for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done + echo ${str} +} + +is_64bit(){ + if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then + return 0 + else + return 1 + fi +} + +download_file(){ + if [ -s ${1} ]; then + echo "$1 [found]" + else + echo "$1 not found!!!download now..." + if ! wget -c -t3 -T60 ${download_root_url}/${1}; then + echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again." + exit 1 + fi + fi +} + +versionget(){ + if [[ -s /etc/redhat-release ]];then + grep -oE "[0-9.]+" /etc/redhat-release + else + grep -oE "[0-9.]+" /etc/issue + fi +} + +centosversion(){ + if check_sys sysRelease centos;then + local code=${1} + local version="`versionget`" + local main_ver=${version%%.*} + if [ "${main_ver}" == "${code}" ];then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +debianversion(){ + if check_sys sysRelease debian;then + local version=$( get_opsy ) + local code=${1} + local main_ver=$( echo ${version} | sed 's/[^0-9]//g') + if [ "${main_ver}" == "${code}" ];then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +version_check(){ + if check_sys packageManager yum; then + if centosversion 5; then + echo "Error: CentOS 5 is not supported, Please re-install OS and try again." + exit 1 + fi + fi +} + +get_char(){ + SAVEDSTTY=`stty -g` + stty -echo + stty cbreak + dd if=/dev/tty bs=1 count=1 2> /dev/null + stty -raw + stty echo + stty $SAVEDSTTY +} + +preinstall_l2tp(){ + + echo + if [ -d "/proc/vz" ]; then + echo -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel." + echo "Continue installation? (y/n)" + read -p "(Default: n)" agree + [ -z ${agree} ] && agree="n" + if [ "${agree}" == "n" ]; then + echo + echo "L2TP installation cancelled." + echo + exit 0 + fi + fi + echo + echo "Please enter IP-Range:" + # read -p "(Default Range: 192.168.18):" iprange + # [ -z ${iprange} ] && iprange="192.168.18" + iprange="192.168.18" + echo ${iprange} + + echo "Please enter PSK:" + # read -p "(Default PSK: teddysun.com):" mypsk + # [ -z ${mypsk} ] && mypsk="teddysun.com" + mypsk="midoks" + echo ${mypsk} + + echo "Please enter Username:" + # read -p "(Default Username: teddysun):" username + # [ -z ${username} ] && username="teddysun" + username="midoks" + echo ${username} + + # password=`rand` + echo "Please enter ${username}'s password:" + # read -p "(Default Password: ${password}):" tmppassword + # [ ! -z ${tmppassword} ] && password=${tmppassword} + password=midoks + echo ${password} + + echo + echo "ServerIP:${IP}" + echo "Server Local IP:${iprange}.1" + echo "Client Remote IP Range:${iprange}.2-${iprange}.254" + echo "PSK:${mypsk}" + echo + echo "Press any key to start... or press Ctrl + C to cancel." + char=`get_char` + +} + +install_l2tp(){ + + mknod /dev/random c 1 9 + + if check_sys packageManager apt; then + apt-get -y update + + if debianversion 7; then + if is_64bit; then + local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb" + local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb" + local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb" + local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb" + local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb" + local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb" + local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb" + local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb" + local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb" + else + local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb" + local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb" + local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb" + local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb" + local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb" + local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb" + local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb" + local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb" + local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb" + fi + rm -rf ${cur_dir}/l2tp + mkdir -p ${cur_dir}/l2tp + cd ${cur_dir}/l2tp + download_file "${libnspr4_filename1}" + download_file "${libnspr4_filename2}" + download_file "${libnspr4_filename3}" + download_file "${libnspr4_filename4}" + download_file "${libnss3_filename1}" + download_file "${libnss3_filename2}" + download_file "${libnss3_filename3}" + download_file "${libnss3_filename4}" + download_file "${libnss3_filename5}" + dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4} + dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5} + + apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \ + libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev + else + apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \ + libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \ + libevent-dev libcurl4-nss-dev libsystemd-dev + fi + apt-get -y --no-install-recommends install xmlto + apt-get -y install xl2tpd + + compile_install + elif check_sys packageManager yum; then + echo "Adding the EPEL repository..." + yum -y install epel-release yum-utils + [ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1 + yum-config-manager --enable epel + echo "Adding the EPEL repository complete..." + + if centosversion 7; then + yum -y install ppp libreswan xl2tpd firewalld + yum_install + elif centosversion 6; then + yum -y remove libevent-devel + yum -y install libevent2-devel + yum -y install nss-devel nspr-devel pkgconfig pam-devel \ + libcap-ng-devel libselinux-devel lsof \ + curl-devel flex bison gcc ppp make iptables gmp-devel \ + fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd + + compile_install + fi + fi + +} + +config_install(){ + + cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets< Makefile.inc.local <<'EOF' +WERROR_CFLAGS = +USE_DNSSEC = false +USE_DH31 = false +USE_GLIBC_KERN_FLIP_HEADERS = true +EOF + make programs && make install + + /usr/local/sbin/ipsec --version >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "${libreswan_filename} install failed." + exit 1 + fi + + config_install + + cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak + + sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf + + for each in `ls /proc/sys/net/ipv4/conf/`; do + echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf + done + sysctl -p + + if centosversion 6; then + [ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d` + + if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then + cat > /etc/sysconfig/iptables < /var/tmp/libreswan-nss-pwd + certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d + rm -f /var/tmp/libreswan-nss-pwd + fi + + chkconfig --add iptables + chkconfig iptables on + chkconfig --add ipsec + chkconfig ipsec on + chkconfig --add xl2tpd + chkconfig xl2tpd on + + /etc/init.d/iptables restart + /etc/init.d/ipsec start + /etc/init.d/xl2tpd start + + else + [ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d` + + if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then + cat > /etc/iptables.rules < /etc/iptables.rules + fi + + cat > /etc/network/if-up.d/iptables < /var/tmp/libreswan-nss-pwd + certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d + rm -f /var/tmp/libreswan-nss-pwd + fi + + update-rc.d -f xl2tpd defaults + + cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d` + sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local + cat >> /etc/rc.local < /proc/sys/net/ipv4/ip_forward +/usr/sbin/service ipsec start +exit 0 +EOF + chmod +x /etc/rc.local + echo 1 > /proc/sys/net/ipv4/ip_forward + + /sbin/iptables-restore < /etc/iptables.rules + /usr/sbin/service ipsec start + /usr/sbin/service xl2tpd restart + + fi + +} + +yum_install(){ + + config_install + + cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak + + echo "# Added by L2TP VPN" >> /etc/sysctl.conf + echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf + echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf + echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf + echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf + + for each in `ls /proc/sys/net/ipv4/conf/`; do + echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf + done + sysctl -p + + cat > /etc/firewalld/services/xl2tpd.xml< + + xl2tpd + L2TP IPSec + + + +EOF + chmod 640 /etc/firewalld/services/xl2tpd.xml + + systemctl enable ipsec + systemctl enable xl2tpd + systemctl enable firewalld + + systemctl status firewalld > /dev/null 2>&1 + if [ $? -eq 0 ]; then + firewall-cmd --reload + echo "Checking firewalld status..." + firewall-cmd --list-all + echo "add firewalld rules..." + firewall-cmd --permanent --add-service=ipsec + firewall-cmd --permanent --add-service=xl2tpd + firewall-cmd --permanent --add-masquerade + firewall-cmd --reload + else + echo "Firewalld looks like not running, trying to start..." + systemctl start firewalld + if [ $? -eq 0 ]; then + echo "Firewalld start successfully..." + firewall-cmd --reload + echo "Checking firewalld status..." + firewall-cmd --list-all + echo "adding firewalld rules..." + firewall-cmd --permanent --add-service=ipsec + firewall-cmd --permanent --add-service=xl2tpd + firewall-cmd --permanent --add-masquerade + firewall-cmd --reload + else + echo "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary." + fi + fi + + systemctl restart ipsec + systemctl restart xl2tpd + echo "Checking ipsec status..." + systemctl -a | grep ipsec + echo "Checking xl2tpd status..." + systemctl -a | grep xl2tpd + echo "Checking firewalld status..." + firewall-cmd --list-all + +} + +finally(){ + + cd ${cur_dir} + rm -fr ${cur_dir}/l2tp + # create l2tp command + cp -f ${cur_dir}/`basename $0` /usr/bin/l2tp + + echo "Please wait a moment..." + sleep 5 + ipsec verify + echo + echo "###############################################################" + echo "# L2TP VPN Auto Installer #" + echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #" + echo "# Intro: https://teddysun.com/448.html #" + echo "# Author: Teddysun #" + echo "###############################################################" + echo "If there is no [FAILED] above, you can connect to your L2TP " + echo "VPN Server with the default Username/Password is below:" + echo + echo "Server IP: ${IP}" + echo "PSK : ${mypsk}" + echo "Username : ${username}" + echo "Password : ${password}" + echo + echo "If you want to modify user settings, please use below command(s):" + echo "l2tp -a (Add a user)" + echo "l2tp -d (Delete a user)" + echo "l2tp -l (List all users)" + echo "l2tp -m (Modify a user password)" + echo + echo "Welcome to visit our website: https://teddysun.com/448.html" + echo "Enjoy it!" + echo +} + + +l2tp(){ + clear + echo + echo "###############################################################" + echo "# L2TP VPN Auto Installer #" + echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #" + echo "# Intro: https://teddysun.com/448.html #" + echo "# Author: Teddysun #" + echo "###############################################################" + echo + rootness + tunavailable + disable_selinux + version_check + get_os_info + preinstall_l2tp + install_l2tp + finally +} + +list_users(){ + if [ ! -f /etc/ppp/chap-secrets ];then + echo "Error: /etc/ppp/chap-secrets file not found." + exit 1 + fi + local line="+-------------------------------------------+\n" + local string=%20s + printf "${line}|${string} |${string} |\n${line}" Username Password + grep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}' + printf ${line} +} + +add_user(){ + while : + do + read -p "Please input your Username:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1 + if [ $? -eq 0 ];then + echo "Username (${user}) already exists. Please re-enter your username." + else + break + fi + fi + done + pass=`rand` + echo "Please input ${user}'s password:" + read -p "(Default Password: ${pass}):" tmppass + [ ! -z ${tmppass} ] && pass=${tmppass} + echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets + echo "Username (${user}) add completed." +} + +del_user(){ + while : + do + read -p "Please input Username you want to delete it:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 + if [ $? -eq 0 ];then + break + else + echo "Username (${user}) is not exists. Please re-enter your username." + fi + fi + done + sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets + echo "Username (${user}) delete completed." +} + +mod_user(){ + while : + do + read -p "Please input Username you want to change password:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 + if [ $? -eq 0 ];then + break + else + echo "Username (${user}) is not exists. Please re-enter your username." + fi + fi + done + pass=`rand` + echo "Please input ${user}'s new password:" + read -p "(Default Password: ${pass}):" tmppass + [ ! -z ${tmppass} ] && pass=${tmppass} + sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets + echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets + echo "Username ${user}'s password has been changed." +} + + + +# Main process +action=$1 +if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; then + action=install +fi + +case ${action} in + install) + l2tp 2>&1 | tee ${cur_dir}/l2tp.log + ;; + -l|--list) + list_users + ;; + -a|--add) + add_user + ;; + -d|--del) + del_user + ;; + -m|--mod) + mod_user + ;; + -h|--help) + echo "Usage: `basename $0` -l,--list List all users" + echo " `basename $0` -a,--add Add a user" + echo " `basename $0` -d,--del Delete a user" + echo " `basename $0` -m,--mod Modify a user password" + echo " `basename $0` -h,--help Print this help information" + ;; + *) + echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit + ;; +esac diff --git a/plugins/l2tp/tmp/chap-secrets b/plugins/l2tp/tmp/chap-secrets new file mode 100644 index 000000000..20721096a --- /dev/null +++ b/plugins/l2tp/tmp/chap-secrets @@ -0,0 +1,3 @@ +# Secrets for authentication using CHAP +# client server secret IP addresses +demo demo demo * diff --git a/plugins/l2tp/tmp/ipsec.secrets b/plugins/l2tp/tmp/ipsec.secrets new file mode 100644 index 000000000..e186ee087 --- /dev/null +++ b/plugins/l2tp/tmp/ipsec.secrets @@ -0,0 +1 @@ +%any %any : PSK "midoks"