midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

up

Browse Source
pull/109/head
midoks 4 years ago
parent 75c23ce49c
commit 151c26b004
4 changed files with 88 additions and 922 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      plugins/socket5/index.py
  2. 83
      plugins/socket5/init.d/ss5
  3. 101
      plugins/socket5/js/socket5.js
  4. 820
      plugins/socket5/scripts/socket5.sh

6
plugins/socket5/index.py
Unescape View File

@ -32,6 +32,10 @@ def getInitDFile():
return '/etc/init.d/ss5'
def initDreplace():
return getPluginDir() + '/init.d/ss5'
def getArgs():
args = sys.argv[2:]
tmp = {}
@ -74,7 +78,7 @@ def initConf():
ss5_pwd = getServerDir() + '/ss5.passwd'
if not os.path.exists(ss5_pwd):
tmp = getPluginDir() + '/tmp/ss5.conf'
tmp = getPluginDir() + '/tmp/ss5.passwd'
if not os.path.exists(tmp):
mw.execShell('cp -rf ' + tmp + ' /etc/opt/ss5')

83
plugins/socket5/init.d/ss5
Unescape View File

@ -0,0 +1,83 @@
#!/bin/sh
#
# chkconfig: 345 20 80
# description: This script takes care of starting \
# and stopping ss5
#
OS=`uname -s`
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/ss5 ] || exit 0
fi
# Test custom variables
test -f /etc/sysconfig/ss5 && . /etc/sysconfig/ss5
# See how we were called.
case "$1" in
start)
# Start daemon.
echo -n "Starting ss5... "
if [ $OS = "Linux" ]; then
daemon /usr/sbin/ss5 -t $SS5_OPTS
touch /var/lock/subsys/ss5
else
if [ $OS = "SunOS" ]; then
/usr/sbin/ss5 -t
touch /var/lock/subsys/ss5
else
/usr/local/sbin/ss5 -t
fi
fi
echo "done"
;;
stop)
# Stop daemon.
echo "Shutting down ss5... "
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
killproc ss5
rm -f /var/lock/subsys/ss5
else
killall ss5
fi
rm -f /var/run/ss5/ss5.pid
echo "done"
;;
reload)
# Reload configuration
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
echo -n "Reloading ss5... "
killproc ss5 -1
else
pkill -HUP ss5
fi
echo "done reload"
;;
restart)
# Restart daemon
echo -n "Restarting ss5... "
$0 stop
$0 start
;;
status)
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
status ss5
fi
;;
*)
echo "Usage: ss5 {start|stop|status|restart|reload}"
exit 1
;;
esac
exit 0

101
plugins/socket5/js/socket5.js
Unescape View File

@ -48,107 +48,6 @@ function lpAsyncPost(method,args){
return syncPost('/plugins/run', {name:'l2tp', func:method, args:_args});
}
function userList(){
lpPost('user_list', '' ,function(data){
var rdata = $.parseJSON(data['data']);
if (!rdata['status']){
layer.msg(rdata.msg,{icon:0,time:2000,shade: [0.3, '#000']});
return;
}
var list = rdata['data'];
var con = '';
con += '<div class="divtable" style="margin-top:5px;"><table class="table table-hover" width="100%" cellspacing="0" cellpadding="0" border="0">';
con += '<thead><tr>';
con += '<th>用户</th>';
con += '<th>密码</th>';
con += '<th>操作(<a class="btlink" onclick="addUser()">添加</a>)</th>';
con += '</tr></thead>';
con += '<tbody>';
for (var i = 0; i < list.length; i++) {
con += '<tr>'+
'<td>' + list[i]['user']+'</td>' +
'<td>' + list[i]['pwd']+'</td>' +
'<td><a class="btlink" onclick="modUser(\''+list[i]['user']+'\')">改密</a>|<a class="btlink" onclick="delUser(\''+list[i]['user']+'\')">删除</a></td></tr>';
}
con += '</tbody>';
con += '</table></div>';
$(".soft-man-con").html(con);
});
}
function addUser(){
var loadOpen = layer.open({
type: 1,
title: '添加用户',
area: '240px',
content:"<div class='bt-form pd20 pb70 c6'>\
<div class='version line'>\
<div><input class='bt-input-text mr5 outline_no' type='text' id='username' name='username' style='height: 28px; border-radius: 3px;width: 200px;' placeholder='输入用户名'></div>\
</div>\
<div class='bt-form-submit-btn'>\
<button type='button' id='add_ok' class='btn btn-success btn-sm btn-title bi-btn'>确认</button>\
</div>\
</div>"
});
$('#add_ok').click(function(){
_data = {};
_data['username'] = $('#username').val();
var loadT = layer.msg('正在获取...', { icon: 16, time: 0, shade: 0.3 });
lpPost('add_user', _data, function(data){
var rdata = $.parseJSON(data.data);
layer.close(loadOpen);
layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']});
setTimeout(function(){userList();},2000);
});
});
}
function delUser(username){
lpPost('del_user', {username:username}, function(data){
var rdata = $.parseJSON(data.data);
layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']});
setTimeout(function(){userList();},2000);
});
}
function modUser(username){
var loadOpen = layer.open({
type: 1,
title: '修改密码',
area: '240px',
content:"<div class='bt-form pd20 pb70 c6'>\
<div class='version line'>\
<div><input class='bt-input-text mr5 outline_no' type='text' id='password' name='password' style='height: 28px; border-radius: 3px;width: 200px;' placeholder='输入密码'></div>\
</div>\
<div class='bt-form-submit-btn'>\
<button type='button' id='mod_ok' class='btn btn-success btn-sm btn-title bi-btn'>确认</button>\
</div>\
</div>"
});
$('#mod_ok').click(function(){
_data = {};
_data['username'] = username;
_data['password'] = $('#password').val();
var loadT = layer.msg('正在获取...', { icon: 16, time: 0, shade: 0.3 });
lpPost('mod_user', _data, function(data){
var rdata = $.parseJSON(data.data);
layer.close(loadOpen);
layer.msg(rdata.msg,{icon:rdata.status?1:2,time:2000,shade: [0.3, '#000']});
setTimeout(function(){userList();},2000);
});
});
}
function readme(){
var readme = '<ul class="help-info-text c7">';
readme += '<li>默认需开放端口:UDP:1080</li>';

820
plugins/socket5/scripts/socket5.sh
Unescape View File

@ -1,820 +0,0 @@
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=======================================================================#
# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #
# Description: L2TP VPN Auto Installer #
# Author: Teddysun <i@teddysun.com> #
# Intro: https://teddysun.com/448.html #
#=======================================================================#
cur_dir=`pwd`
libreswan_filename="libreswan-3.27"
download_root_url="https://dl.lamp.sh/files"
rootness(){
if [[ $EUID -ne 0 ]]; then
echo "Error:This script must be run as root!" 1>&2
exit 1
fi
}
tunavailable(){
if [[ ! -e /dev/net/tun ]]; then
echo "Error:TUN/TAP is not available!" 1>&2
exit 1
fi
}
disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
get_opsy(){
[ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
[ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
[ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
}
get_os_info(){
IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )
local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
local tram=$( free -m | awk '/Mem/ {print $2}' )
local swap=$( free -m | awk '/Swap/ {print $2}' )
local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime )
local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' )
local opsy=$( get_opsy )
local arch=$( uname -m )
local lbit=$( getconf LONG_BIT )
local host=$( hostname )
local kern=$( uname -r )
echo "########## System Information ##########"
echo
echo "CPU model : ${cname}"
echo "Number of cores : ${cores}"
echo "CPU frequency : ${freq} MHz"
echo "Total amount of ram : ${tram} MB"
echo "Total amount of swap : ${swap} MB"
echo "System uptime : ${up}"
echo "Load average : ${load}"
echo "OS : ${opsy}"
echo "Arch : ${arch} (${lbit} Bit)"
echo "Kernel : ${kern}"
echo "Hostname : ${host}"
echo "IPv4 address : ${IP}"
echo
echo "########################################"
}
check_sys(){
local checkType=$1
local value=$2
local release=''
local systemPackage=''
if [[ -f /etc/redhat-release ]]; then
release="centos"
systemPackage="yum"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
fi
if [[ ${checkType} == "sysRelease" ]]; then
if [ "$value" == "$release" ];then
return 0
else
return 1
fi
elif [[ ${checkType} == "packageManager" ]]; then
if [ "$value" == "$systemPackage" ];then
return 0
else
return 1
fi
fi
}
rand(){
index=0
str=""
for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done
echo ${str}
}
is_64bit(){
if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then
return 0
else
return 1
fi
}
download_file(){
if [ -s ${1} ]; then
echo "$1 [found]"
else
echo "$1 not found!!!download now..."
if ! wget -c -t3 -T60 ${download_root_url}/${1}; then
echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again."
exit 1
fi
fi
}
versionget(){
if [[ -s /etc/redhat-release ]];then
grep -oE "[0-9.]+" /etc/redhat-release
else
grep -oE "[0-9.]+" /etc/issue
fi
}
centosversion(){
if check_sys sysRelease centos;then
local code=${1}
local version="`versionget`"
local main_ver=${version%%.*}
if [ "${main_ver}" == "${code}" ];then
return 0
else
return 1
fi
else
return 1
fi
}
debianversion(){
if check_sys sysRelease debian;then
local version=$( get_opsy )
local code=${1}
local main_ver=$( echo ${version} | sed 's/[^0-9]//g')
if [ "${main_ver}" == "${code}" ];then
return 0
else
return 1
fi
else
return 1
fi
}
version_check(){
if check_sys packageManager yum; then
if centosversion 5; then
echo "Error: CentOS 5 is not supported, Please re-install OS and try again."
exit 1
fi
fi
}
get_char(){
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
preinstall_l2tp(){
echo
if [ -d "/proc/vz" ]; then
echo -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel."
echo "Continue installation? (y/n)"
read -p "(Default: n)" agree
[ -z ${agree} ] && agree="n"
if [ "${agree}" == "n" ]; then
echo
echo "L2TP installation cancelled."
echo
exit 0
fi
fi
echo
echo "Please enter IP-Range:"
# read -p "(Default Range: 192.168.18):" iprange
# [ -z ${iprange} ] && iprange="192.168.18"
iprange="192.168.18"
echo ${iprange}
echo "Please enter PSK:"
# read -p "(Default PSK: teddysun.com):" mypsk
# [ -z ${mypsk} ] && mypsk="teddysun.com"
mypsk="midoks"
echo ${mypsk}
echo "Please enter Username:"
# read -p "(Default Username: teddysun):" username
# [ -z ${username} ] && username="teddysun"
username="midoks"
echo ${username}
# password=`rand`
echo "Please enter ${username}'s password:"
# read -p "(Default Password: ${password}):" tmppassword
# [ ! -z ${tmppassword} ] && password=${tmppassword}
password=midoks
echo ${password}
echo
echo "ServerIP:${IP}"
echo "Server Local IP:${iprange}.1"
echo "Client Remote IP Range:${iprange}.2-${iprange}.254"
echo "PSK:${mypsk}"
echo
echo "Press any key to start... or press Ctrl + C to cancel."
char=`get_char`
}
install_l2tp(){
mknod /dev/random c 1 9
if check_sys packageManager apt; then
apt-get -y update
if debianversion 7; then
if is_64bit; then
local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb"
local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb"
local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb"
local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb"
local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb"
local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb"
local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb"
local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb"
local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb"
else
local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb"
local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb"
local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb"
local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb"
local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb"
local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb"
local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb"
local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb"
local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb"
fi
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libnspr4_filename1}"
download_file "${libnspr4_filename2}"
download_file "${libnspr4_filename3}"
download_file "${libnspr4_filename4}"
download_file "${libnss3_filename1}"
download_file "${libnss3_filename2}"
download_file "${libnss3_filename3}"
download_file "${libnss3_filename4}"
download_file "${libnss3_filename5}"
dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4}
dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5}
apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \
libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev
else
apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \
libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \
libevent-dev libcurl4-nss-dev libsystemd-dev
fi
apt-get -y --no-install-recommends install xmlto
apt-get -y install xl2tpd
compile_install
elif check_sys packageManager yum; then
echo "Adding the EPEL repository..."
yum -y install epel-release yum-utils
[ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1
yum-config-manager --enable epel
echo "Adding the EPEL repository complete..."
if centosversion 7; then
yum -y install ppp libreswan xl2tpd firewalld
yum_install
elif centosversion 6; then
yum -y remove libevent-devel
yum -y install libevent2-devel
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
libcap-ng-devel libselinux-devel lsof \
curl-devel flex bison gcc ppp make iptables gmp-devel \
fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd
compile_install
fi
fi
}
config_install(){
cat > /etc/ipsec.conf<<EOF
version 2.0
config setup
protostack=netkey
nhelpers=0
uniqueids=no
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${iprange}.0/24
conn l2tp-psk
rightsubnet=vhost:%priv
also=l2tp-psk-nonat
conn l2tp-psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftid=${IP}
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
sha2-truncbug=yes
EOF
cat > /etc/ipsec.secrets<<EOF
%any %any : PSK "${mypsk}"
EOF
cat > /etc/xl2tpd/xl2tpd.conf<<EOF
[global]
port = 1701
[lns default]
ip range = ${iprange}.2-${iprange}.254
local ip = ${iprange}.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
cat > /etc/ppp/options.xl2tpd<<EOF
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
proxyarp
connect-delay 5000
EOF
rm -f /etc/ppp/chap-secrets
cat > /etc/ppp/chap-secrets<<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
${username} l2tpd ${password} *
EOF
}
compile_install(){
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libreswan_filename}.tar.gz"
tar -zxf ${libreswan_filename}.tar.gz
cd ${cur_dir}/l2tp/${libreswan_filename}
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS =
USE_DNSSEC = false
USE_DH31 = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF
make programs && make install
/usr/local/sbin/ipsec --version >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "${libreswan_filename} install failed."
exit 1
fi
config_install
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
for each in `ls /proc/sys/net/ipv4/conf/`; do
echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
done
sysctl -p
if centosversion 6; then
[ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d`
if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
cat > /etc/sysconfig/iptables <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOF
else
iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s ${iprange}.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
/etc/init.d/iptables save
fi
if [ ! -f /etc/ipsec.d/cert9.db ]; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
rm -f /var/tmp/libreswan-nss-pwd
fi
chkconfig --add iptables
chkconfig iptables on
chkconfig --add ipsec
chkconfig ipsec on
chkconfig --add xl2tpd
chkconfig xl2tpd on
/etc/init.d/iptables restart
/etc/init.d/ipsec start
/etc/init.d/xl2tpd start
else
[ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d`
if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
cat > /etc/iptables.rules <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOF
else
iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s ${iprange}.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
/sbin/iptables-save > /etc/iptables.rules
fi
cat > /etc/network/if-up.d/iptables <<EOF
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.rules
EOF
chmod +x /etc/network/if-up.d/iptables
if [ ! -f /etc/ipsec.d/cert9.db ]; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
rm -f /var/tmp/libreswan-nss-pwd
fi
update-rc.d -f xl2tpd defaults
cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d`
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
cat >> /etc/rc.local <<EOF
# Added by L2TP VPN script
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/service ipsec start
exit 0
EOF
chmod +x /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables-restore < /etc/iptables.rules
/usr/sbin/service ipsec start
/usr/sbin/service xl2tpd restart
fi
}
yum_install(){
config_install
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
echo "# Added by L2TP VPN" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf
for each in `ls /proc/sys/net/ipv4/conf/`; do
echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
done
sysctl -p
cat > /etc/firewalld/services/xl2tpd.xml<<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>xl2tpd</short>
<description>L2TP IPSec</description>
<port protocol="udp" port="4500"/>
<port protocol="udp" port="1701"/>
</service>
EOF
chmod 640 /etc/firewalld/services/xl2tpd.xml
systemctl enable ipsec
systemctl enable xl2tpd
systemctl enable firewalld
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ]; then
firewall-cmd --reload
echo "Checking firewalld status..."
firewall-cmd --list-all
echo "add firewalld rules..."
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-service=xl2tpd
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
else
echo "Firewalld looks like not running, trying to start..."
systemctl start firewalld
if [ $? -eq 0 ]; then
echo "Firewalld start successfully..."
firewall-cmd --reload
echo "Checking firewalld status..."
firewall-cmd --list-all
echo "adding firewalld rules..."
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-service=xl2tpd
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
else
echo "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary."
fi
fi
systemctl restart ipsec
systemctl restart xl2tpd
echo "Checking ipsec status..."
systemctl -a | grep ipsec
echo "Checking xl2tpd status..."
systemctl -a | grep xl2tpd
echo "Checking firewalld status..."
firewall-cmd --list-all
}
finally(){
cd ${cur_dir}
rm -fr ${cur_dir}/l2tp
# create l2tp command
cp -f ${cur_dir}/`basename $0` /usr/bin/l2tp
echo "Please wait a moment..."
sleep 5
ipsec verify
echo
echo "###############################################################"
echo "# L2TP VPN Auto Installer #"
echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #"
echo "# Intro: https://teddysun.com/448.html #"
echo "# Author: Teddysun <i@teddysun.com> #"
echo "###############################################################"
echo "If there is no [FAILED] above, you can connect to your L2TP "
echo "VPN Server with the default Username/Password is below:"
echo
echo "Server IP: ${IP}"
echo "PSK : ${mypsk}"
echo "Username : ${username}"
echo "Password : ${password}"
echo
echo "If you want to modify user settings, please use below command(s):"
echo "l2tp -a (Add a user)"
echo "l2tp -d (Delete a user)"
echo "l2tp -l (List all users)"
echo "l2tp -m (Modify a user password)"
echo
echo "Welcome to visit our website: https://teddysun.com/448.html"
echo "Enjoy it!"
echo
}
l2tp(){
clear
echo
echo "###############################################################"
echo "# L2TP VPN Auto Installer #"
echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #"
echo "# Intro: https://teddysun.com/448.html #"
echo "# Author: Teddysun <i@teddysun.com> #"
echo "###############################################################"
echo
rootness
tunavailable
disable_selinux
version_check
get_os_info
preinstall_l2tp
install_l2tp
finally
}
list_users(){
if [ ! -f /etc/ppp/chap-secrets ];then
echo "Error: /etc/ppp/chap-secrets file not found."
exit 1
fi
local line="+-------------------------------------------+\n"
local string=%20s
printf "${line}|${string} |${string} |\n${line}" Username Password
grep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}'
printf ${line}
}
add_user(){
while :
do
read -p "Please input your Username:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1
if [ $? -eq 0 ];then
echo "Username (${user}) already exists. Please re-enter your username."
else
break
fi
fi
done
pass=`rand`
echo "Please input ${user}'s password:"
read -p "(Default Password: ${pass}):" tmppass
[ ! -z ${tmppass} ] && pass=${tmppass}
echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets
echo "Username (${user}) add completed."
}
del_user(){
while :
do
read -p "Please input Username you want to delete it:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
if [ $? -eq 0 ];then
break
else
echo "Username (${user}) is not exists. Please re-enter your username."
fi
fi
done
sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
echo "Username (${user}) delete completed."
}
mod_user(){
while :
do
read -p "Please input Username you want to change password:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
if [ $? -eq 0 ];then
break
else
echo "Username (${user}) is not exists. Please re-enter your username."
fi
fi
done
pass=`rand`
echo "Please input ${user}'s new password:"
read -p "(Default Password: ${pass}):" tmppass
[ ! -z ${tmppass} ] && pass=${tmppass}
sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets
echo "Username ${user}'s password has been changed."
}
# Main process
action=$1
if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; then
action=install
fi
case ${action} in
install)
l2tp 2>&1 | tee ${cur_dir}/l2tp.log
;;
-l|--list)
list_users
;;
-a|--add)
add_user
;;
-d|--del)
del_user
;;
-m|--mod)
mod_user
;;
-h|--help)
echo "Usage: `basename $0` -l,--list List all users"
echo " `basename $0` -a,--add Add a user"
echo " `basename $0` -d,--del Delete a user"
echo " `basename $0` -m,--mod Modify a user password"
echo " `basename $0` -h,--help Print this help information"
;;
*)
echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit
;;
esac
Write Preview
Loading…
Cancel
Save