diff --git a/plugins/l2tp/ico.png b/plugins/l2tp/ico.png new file mode 100644 index 000000000..ddfd2f89b Binary files /dev/null and b/plugins/l2tp/ico.png differ diff --git a/plugins/l2tp/index.html b/plugins/l2tp/index.html new file mode 100755 index 000000000..834706386 --- /dev/null +++ b/plugins/l2tp/index.html @@ -0,0 +1,16 @@ +
+
+
+

服务

+

项目列表

+

Node版本

+

模版管理

+

日志管理

+
+
+
+
+
+
+ \ No newline at end of file diff --git a/plugins/l2tp/index.py b/plugins/l2tp/index.py new file mode 100755 index 000000000..461db59c8 --- /dev/null +++ b/plugins/l2tp/index.py @@ -0,0 +1,474 @@ +# coding:utf-8 + +import sys +import io +import os +import time +import shutil + +sys.path.append(os.getcwd() + "/class/core") +import public + +app_debug = False +if public.isAppleSystem(): + app_debug = True + + +def getPluginName(): + return 'pureftp' + + +def getPluginDir(): + return public.getPluginDir() + '/' + getPluginName() + + +def getServerDir(): + return public.getServerDir() + '/' + getPluginName() + + +def getInitDFile(): + if app_debug: + return '/tmp/' + getPluginName() + return '/etc/init.d/' + getPluginName() + + +def getConf(): + path = getServerDir() + "/etc/pure-ftpd.conf" + return path + + +def getInitDTpl(): + path = getPluginDir() + "/init.d/pure-ftpd.tpl" + return path + + +def getArgs(): + args = sys.argv[2:] + tmp = {} + args_len = len(args) + + if args_len == 1: + t = args[0].strip('{').strip('}') + t = t.split(':') + tmp[t[0]] = t[1] + elif args_len > 1: + for i in range(len(args)): + t = args[i].split(':') + tmp[t[0]] = t[1] + + return tmp + + +def status(): + cmd = "ps -ef|grep pure-ftpd |grep -v grep | grep -v python | awk '{print $2}'" + data = public.execShell(cmd) + if data[0] == '': + return 'stop' + return 'start' + + +def contentReplace(content): + service_path = public.getServerDir() + content = content.replace('{$ROOT_PATH}', public.getRootDir()) + content = content.replace('{$SERVER_PATH}', service_path) + return content + + +def initDreplace(): + + file_tpl = getInitDTpl() + service_path = os.path.dirname(os.getcwd()) + + initD_path = getServerDir() + '/init.d' + if not os.path.exists(initD_path): + os.mkdir(initD_path) + file_bin = initD_path + '/' + getPluginName() + + # initd replace + if not os.path.exists(file_bin): + content = public.readFile(file_tpl) + content = contentReplace(content) + public.writeFile(file_bin, content) + public.execShell('chmod +x ' + file_bin) + + pureSbinConfig = getServerDir() + "/sbin/pure-config.pl" + if not os.path.exists(pureSbinConfig): + pureTplConfig = getPluginDir() + "/init.d/pure-config.pl" + content = public.readFile(pureTplConfig) + content = contentReplace(content) + public.writeFile(pureSbinConfig, content) + public.execShell('chmod +x ' + pureSbinConfig) + + pureFtpdConfig = getServerDir() + "/etc/pure-ftpd.conf" + pureFtpdConfigBak = getServerDir() + "/etc/pure-ftpd.bak.conf" + pureFtpdConfigTpl = getPluginDir() + "/conf/pure-ftpd.conf" + + if not os.path.exists(pureFtpdConfigBak): + shutil.copyfile(pureFtpdConfig, pureFtpdConfigBak) + content = public.readFile(pureFtpdConfigTpl) + content = contentReplace(content) + public.writeFile(pureFtpdConfig, content) + + return file_bin + + +def start(): + file = initDreplace() + data = public.execShell(file + ' start') + if data[1] == '': + return 'ok' + return data[1] + + +def stop(): + file = initDreplace() + data = public.execShell(file + ' stop') + if data[1] == '': + return 'ok' + return data[1] + + +def restart(): + file = initDreplace() + data = public.execShell(file + ' restart') + if data[1] == '': + return 'ok' + return 'fail' + + +def reload(): + file = initDreplace() + data = public.execShell(file + ' reload') + if data[1] == '': + return 'ok' + return data[1] + + +def initdStatus(): + if not app_debug: + os_name = public.getOs() + if os_name == 'darwin': + return "Apple Computer does not support" + initd_bin = getInitDFile() + if os.path.exists(initd_bin): + return 'ok' + return 'fail' + + +def initdInstall(): + import shutil + if not app_debug: + os_name = public.getOs() + if os_name == 'darwin': + return "Apple Computer does not support" + + source_bin = initDreplace() + initd_bin = getInitDFile() + shutil.copyfile(source_bin, initd_bin) + public.execShell('chmod +x ' + initd_bin) + return 'ok' + + +def initdUinstall(): + if not app_debug: + os_name = public.getOs() + if os_name == 'darwin': + return "Apple Computer does not support" + initd_bin = getInitDFile() + os.remove(initd_bin) + return 'ok' + + +def pftpDB(): + file = getServerDir() + '/ftps.db' + if not os.path.exists(file): + conn = public.M('ftps').dbPos(getServerDir(), 'ftps') + csql = public.readFile(getPluginDir() + '/conf/ftps.sql') + csql_list = csql.split(';') + for index in range(len(csql_list)): + conn.execute(csql_list[index], ()) + else: + conn = public.M('ftps').dbPos(getServerDir(), 'ftps') + return conn + + +def pftpUser(): + if public.isAppleSystem(): + user = public.execShell( + "who | sed -n '2, 1p' |awk '{print $1}'")[0].strip() + return user + return 'www' + + +def pftpAdd(username, password, path): + user = pftpUser() + + if not os.path.exists(path): + os.makedirs(path) + if public.isAppleSystem(): + os.system('chown ' + user + '.staff ' + path) + else: + os.system('chown www.www ' + path) + + cmd = getServerDir() + '/bin/pure-pw useradd ' + username + ' -u ' + user + ' -d ' + \ + path + '< 65535: + return '端口范围不正确!' + file = file = getServerDir() + '/etc/pure-ftpd.conf' + conf = public.readFile(file) + rep = u"\n#?\s*Bind\s+[0-9]+\.[0-9]+\.[0-9]+\.+[0-9]+,([0-9]+)" + # preg_match(rep,conf,tmp) + conf = re.sub( + rep, "\nBind 0.0.0.0," + port, conf) + public.writeFile(file, conf) + restart() + return 'ok' + except Exception as ex: + return str(ex) + + +def stopPort(): + args = getArgs() + if not 'id' in args: + return 'id missing' + + if not 'username' in args: + return 'username missing' + + if not 'status' in args: + return 'status missing' + + data = pftpStop(args['username']) + pftpReload() + conn = pftpDB() + conn.where('id=?', (int(args['id']),)).save( + 'status', (args['status'],)) + + if data[1] == '': + return 'ok' + return data[0] + + +def startPort(): + args = getArgs() + if not 'id' in args: + return 'id missing' + + if not 'username' in args: + return 'username missing' + + if not 'status' in args: + return 'status missing' + + data = pftpStart(args['username']) + pftpReload() + conn = pftpDB() + conn.where('id=?', (int(args['id']),)).save( + 'status', (args['status'],)) + + if data[1] == '': + return 'ok' + return data[0] + + +if __name__ == "__main__": + func = sys.argv[1] + if func == 'status': + print status() + elif func == 'start': + print start() + elif func == 'stop': + print stop() + elif func == 'restart': + print restart() + elif func == 'reload': + print reload() + elif func == 'initd_status': + print initdStatus() + elif func == 'initd_install': + print initdInstall() + elif func == 'initd_uninstall': + print initdUinstall() + elif func == 'conf': + print getConf() + elif func == 'get_www_dir': + print getWwwDir() + elif func == 'get_ftp_list': + print getFtpList() + elif func == 'add_ftp': + print addFtp() + elif func == 'del_ftp': + print delFtp() + elif func == 'mod_ftp': + print modFtp() + elif func == 'mod_ftp_port': + print modFtpPort() + elif func == 'stop_ftp': + print stopPort() + elif func == 'start_ftp': + print startPort() + else: + print 'error' diff --git a/plugins/l2tp/info.json b/plugins/l2tp/info.json new file mode 100755 index 000000000..8d3ab2fb1 --- /dev/null +++ b/plugins/l2tp/info.json @@ -0,0 +1,14 @@ +{ + "title":"L2TP", + "tip":"soft", + "name":"l2tp", + "type":"运行环境", + "ps":"VPN网关", + "versions":"1.0", + "shell":"install.sh", + "checks":"server/l2tp", + "author":"teddysun", + "home":"https://github.com/teddysun/across/blob/master/l2tp.sh", + "date":"2019-02-27", + "pid": "4" +} \ No newline at end of file diff --git a/plugins/l2tp/install.sh b/plugins/l2tp/install.sh new file mode 100755 index 000000000..6f16b3bf5 --- /dev/null +++ b/plugins/l2tp/install.sh @@ -0,0 +1,35 @@ +#!/bin/bash +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin +export PATH + + +curPath=`pwd` +rootPath=$(dirname "$curPath") +rootPath=$(dirname "$rootPath") +serverPath=$(dirname "$rootPath") + + +install_tmp=${rootPath}/tmp/bt_install.pl + +npm install pm2 -g + +Install_pm2() +{ + echo '正在安装脚本文件...' > $install_tmp + mkdir -p $serverPath/pm2 + echo '1.0' > $serverPath/pm2/version.pl + echo '安装完成' > $install_tmp +} + +Uninstall_pm2() +{ + rm -rf $serverPath/pm2 + echo "卸载完成" > $install_tmp +} + +action=$1 +if [ "${1}" == 'install' ];then + Install_pm2 +else + Uninstall_pm2 +fi diff --git a/plugins/l2tp/scripts/l2tp.sh b/plugins/l2tp/scripts/l2tp.sh new file mode 100644 index 000000000..0fb341989 --- /dev/null +++ b/plugins/l2tp/scripts/l2tp.sh @@ -0,0 +1,810 @@ +#!/usr/bin/env bash +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin +export PATH +#=======================================================================# +# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ # +# Description: L2TP VPN Auto Installer # +# Author: Teddysun # +# Intro: https://teddysun.com/448.html # +#=======================================================================# +cur_dir=`pwd` + +libreswan_filename="libreswan-3.27" +download_root_url="https://dl.lamp.sh/files" + +rootness(){ + if [[ $EUID -ne 0 ]]; then + echo "Error:This script must be run as root!" 1>&2 + exit 1 + fi +} + +tunavailable(){ + if [[ ! -e /dev/net/tun ]]; then + echo "Error:TUN/TAP is not available!" 1>&2 + exit 1 + fi +} + +disable_selinux(){ +if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 +fi +} + +get_opsy(){ + [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return + [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return + [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return +} + +get_os_info(){ + IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) + [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) + + local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) + local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local tram=$( free -m | awk '/Mem/ {print $2}' ) + local swap=$( free -m | awk '/Swap/ {print $2}' ) + local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime ) + local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' ) + local opsy=$( get_opsy ) + local arch=$( uname -m ) + local lbit=$( getconf LONG_BIT ) + local host=$( hostname ) + local kern=$( uname -r ) + + echo "########## System Information ##########" + echo + echo "CPU model : ${cname}" + echo "Number of cores : ${cores}" + echo "CPU frequency : ${freq} MHz" + echo "Total amount of ram : ${tram} MB" + echo "Total amount of swap : ${swap} MB" + echo "System uptime : ${up}" + echo "Load average : ${load}" + echo "OS : ${opsy}" + echo "Arch : ${arch} (${lbit} Bit)" + echo "Kernel : ${kern}" + echo "Hostname : ${host}" + echo "IPv4 address : ${IP}" + echo + echo "########################################" +} + +check_sys(){ + local checkType=$1 + local value=$2 + + local release='' + local systemPackage='' + + if [[ -f /etc/redhat-release ]]; then + release="centos" + systemPackage="yum" + elif cat /etc/issue | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + elif cat /proc/version | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + fi + + if [[ ${checkType} == "sysRelease" ]]; then + if [ "$value" == "$release" ];then + return 0 + else + return 1 + fi + elif [[ ${checkType} == "packageManager" ]]; then + if [ "$value" == "$systemPackage" ];then + return 0 + else + return 1 + fi + fi +} + +rand(){ + index=0 + str="" + for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done + for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done + echo ${str} +} + +is_64bit(){ + if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then + return 0 + else + return 1 + fi +} + +download_file(){ + if [ -s ${1} ]; then + echo "$1 [found]" + else + echo "$1 not found!!!download now..." + if ! wget -c -t3 -T60 ${download_root_url}/${1}; then + echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again." + exit 1 + fi + fi +} + +versionget(){ + if [[ -s /etc/redhat-release ]];then + grep -oE "[0-9.]+" /etc/redhat-release + else + grep -oE "[0-9.]+" /etc/issue + fi +} + +centosversion(){ + if check_sys sysRelease centos;then + local code=${1} + local version="`versionget`" + local main_ver=${version%%.*} + if [ "${main_ver}" == "${code}" ];then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +debianversion(){ + if check_sys sysRelease debian;then + local version=$( get_opsy ) + local code=${1} + local main_ver=$( echo ${version} | sed 's/[^0-9]//g') + if [ "${main_ver}" == "${code}" ];then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +version_check(){ + if check_sys packageManager yum; then + if centosversion 5; then + echo "Error: CentOS 5 is not supported, Please re-install OS and try again." + exit 1 + fi + fi +} + +get_char(){ + SAVEDSTTY=`stty -g` + stty -echo + stty cbreak + dd if=/dev/tty bs=1 count=1 2> /dev/null + stty -raw + stty echo + stty $SAVEDSTTY +} + +preinstall_l2tp(){ + + echo + if [ -d "/proc/vz" ]; then + echo -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel." + echo "Continue installation? (y/n)" + read -p "(Default: n)" agree + [ -z ${agree} ] && agree="n" + if [ "${agree}" == "n" ]; then + echo + echo "L2TP installation cancelled." + echo + exit 0 + fi + fi + echo + echo "Please enter IP-Range:" + read -p "(Default Range: 192.168.18):" iprange + [ -z ${iprange} ] && iprange="192.168.18" + + echo "Please enter PSK:" + read -p "(Default PSK: teddysun.com):" mypsk + [ -z ${mypsk} ] && mypsk="teddysun.com" + + echo "Please enter Username:" + read -p "(Default Username: teddysun):" username + [ -z ${username} ] && username="teddysun" + + password=`rand` + echo "Please enter ${username}'s password:" + read -p "(Default Password: ${password}):" tmppassword + [ ! -z ${tmppassword} ] && password=${tmppassword} + + echo + echo "ServerIP:${IP}" + echo "Server Local IP:${iprange}.1" + echo "Client Remote IP Range:${iprange}.2-${iprange}.254" + echo "PSK:${mypsk}" + echo + echo "Press any key to start... or press Ctrl + C to cancel." + char=`get_char` + +} + +install_l2tp(){ + + mknod /dev/random c 1 9 + + if check_sys packageManager apt; then + apt-get -y update + + if debianversion 7; then + if is_64bit; then + local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb" + local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb" + local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb" + local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb" + local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb" + local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb" + local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb" + local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb" + local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb" + else + local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb" + local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb" + local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb" + local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb" + local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb" + local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb" + local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb" + local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb" + local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb" + fi + rm -rf ${cur_dir}/l2tp + mkdir -p ${cur_dir}/l2tp + cd ${cur_dir}/l2tp + download_file "${libnspr4_filename1}" + download_file "${libnspr4_filename2}" + download_file "${libnspr4_filename3}" + download_file "${libnspr4_filename4}" + download_file "${libnss3_filename1}" + download_file "${libnss3_filename2}" + download_file "${libnss3_filename3}" + download_file "${libnss3_filename4}" + download_file "${libnss3_filename5}" + dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4} + dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5} + + apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \ + libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev + else + apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \ + libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \ + libevent-dev libcurl4-nss-dev libsystemd-dev + fi + apt-get -y --no-install-recommends install xmlto + apt-get -y install xl2tpd + + compile_install + elif check_sys packageManager yum; then + echo "Adding the EPEL repository..." + yum -y install epel-release yum-utils + [ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1 + yum-config-manager --enable epel + echo "Adding the EPEL repository complete..." + + if centosversion 7; then + yum -y install ppp libreswan xl2tpd firewalld + yum_install + elif centosversion 6; then + yum -y remove libevent-devel + yum -y install libevent2-devel + yum -y install nss-devel nspr-devel pkgconfig pam-devel \ + libcap-ng-devel libselinux-devel lsof \ + curl-devel flex bison gcc ppp make iptables gmp-devel \ + fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd + + compile_install + fi + fi + +} + +config_install(){ + + cat > /etc/ipsec.conf< /etc/ipsec.secrets< /etc/xl2tpd/xl2tpd.conf< /etc/ppp/options.xl2tpd< /etc/ppp/chap-secrets< Makefile.inc.local <<'EOF' +WERROR_CFLAGS = +USE_DNSSEC = false +USE_DH31 = false +USE_GLIBC_KERN_FLIP_HEADERS = true +EOF + make programs && make install + + /usr/local/sbin/ipsec --version >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "${libreswan_filename} install failed." + exit 1 + fi + + config_install + + cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak + + sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf + + for each in `ls /proc/sys/net/ipv4/conf/`; do + echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf + done + sysctl -p + + if centosversion 6; then + [ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d` + + if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then + cat > /etc/sysconfig/iptables < /var/tmp/libreswan-nss-pwd + certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d + rm -f /var/tmp/libreswan-nss-pwd + fi + + chkconfig --add iptables + chkconfig iptables on + chkconfig --add ipsec + chkconfig ipsec on + chkconfig --add xl2tpd + chkconfig xl2tpd on + + /etc/init.d/iptables restart + /etc/init.d/ipsec start + /etc/init.d/xl2tpd start + + else + [ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d` + + if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then + cat > /etc/iptables.rules < /etc/iptables.rules + fi + + cat > /etc/network/if-up.d/iptables < /var/tmp/libreswan-nss-pwd + certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d + rm -f /var/tmp/libreswan-nss-pwd + fi + + update-rc.d -f xl2tpd defaults + + cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d` + sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local + cat >> /etc/rc.local < /proc/sys/net/ipv4/ip_forward +/usr/sbin/service ipsec start +exit 0 +EOF + chmod +x /etc/rc.local + echo 1 > /proc/sys/net/ipv4/ip_forward + + /sbin/iptables-restore < /etc/iptables.rules + /usr/sbin/service ipsec start + /usr/sbin/service xl2tpd restart + + fi + +} + +yum_install(){ + + config_install + + cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak + + echo "# Added by L2TP VPN" >> /etc/sysctl.conf + echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf + echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf + echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf + echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf + + for each in `ls /proc/sys/net/ipv4/conf/`; do + echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf + echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf + done + sysctl -p + + cat > /etc/firewalld/services/xl2tpd.xml< + + xl2tpd + L2TP IPSec + + + +EOF + chmod 640 /etc/firewalld/services/xl2tpd.xml + + systemctl enable ipsec + systemctl enable xl2tpd + systemctl enable firewalld + + systemctl status firewalld > /dev/null 2>&1 + if [ $? -eq 0 ]; then + firewall-cmd --reload + echo "Checking firewalld status..." + firewall-cmd --list-all + echo "add firewalld rules..." + firewall-cmd --permanent --add-service=ipsec + firewall-cmd --permanent --add-service=xl2tpd + firewall-cmd --permanent --add-masquerade + firewall-cmd --reload + else + echo "Firewalld looks like not running, trying to start..." + systemctl start firewalld + if [ $? -eq 0 ]; then + echo "Firewalld start successfully..." + firewall-cmd --reload + echo "Checking firewalld status..." + firewall-cmd --list-all + echo "adding firewalld rules..." + firewall-cmd --permanent --add-service=ipsec + firewall-cmd --permanent --add-service=xl2tpd + firewall-cmd --permanent --add-masquerade + firewall-cmd --reload + else + echo "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary." + fi + fi + + systemctl restart ipsec + systemctl restart xl2tpd + echo "Checking ipsec status..." + systemctl -a | grep ipsec + echo "Checking xl2tpd status..." + systemctl -a | grep xl2tpd + echo "Checking firewalld status..." + firewall-cmd --list-all + +} + +finally(){ + + cd ${cur_dir} + rm -fr ${cur_dir}/l2tp + # create l2tp command + cp -f ${cur_dir}/`basename $0` /usr/bin/l2tp + + echo "Please wait a moment..." + sleep 5 + ipsec verify + echo + echo "###############################################################" + echo "# L2TP VPN Auto Installer #" + echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #" + echo "# Intro: https://teddysun.com/448.html #" + echo "# Author: Teddysun #" + echo "###############################################################" + echo "If there is no [FAILED] above, you can connect to your L2TP " + echo "VPN Server with the default Username/Password is below:" + echo + echo "Server IP: ${IP}" + echo "PSK : ${mypsk}" + echo "Username : ${username}" + echo "Password : ${password}" + echo + echo "If you want to modify user settings, please use below command(s):" + echo "l2tp -a (Add a user)" + echo "l2tp -d (Delete a user)" + echo "l2tp -l (List all users)" + echo "l2tp -m (Modify a user password)" + echo + echo "Welcome to visit our website: https://teddysun.com/448.html" + echo "Enjoy it!" + echo +} + + +l2tp(){ + clear + echo + echo "###############################################################" + echo "# L2TP VPN Auto Installer #" + echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #" + echo "# Intro: https://teddysun.com/448.html #" + echo "# Author: Teddysun #" + echo "###############################################################" + echo + rootness + tunavailable + disable_selinux + version_check + get_os_info + preinstall_l2tp + install_l2tp + finally +} + +list_users(){ + if [ ! -f /etc/ppp/chap-secrets ];then + echo "Error: /etc/ppp/chap-secrets file not found." + exit 1 + fi + local line="+-------------------------------------------+\n" + local string=%20s + printf "${line}|${string} |${string} |\n${line}" Username Password + grep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}' + printf ${line} +} + +add_user(){ + while : + do + read -p "Please input your Username:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1 + if [ $? -eq 0 ];then + echo "Username (${user}) already exists. Please re-enter your username." + else + break + fi + fi + done + pass=`rand` + echo "Please input ${user}'s password:" + read -p "(Default Password: ${pass}):" tmppass + [ ! -z ${tmppass} ] && pass=${tmppass} + echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets + echo "Username (${user}) add completed." +} + +del_user(){ + while : + do + read -p "Please input Username you want to delete it:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 + if [ $? -eq 0 ];then + break + else + echo "Username (${user}) is not exists. Please re-enter your username." + fi + fi + done + sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets + echo "Username (${user}) delete completed." +} + +mod_user(){ + while : + do + read -p "Please input Username you want to change password:" user + if [ -z ${user} ]; then + echo "Username can not be empty" + else + grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1 + if [ $? -eq 0 ];then + break + else + echo "Username (${user}) is not exists. Please re-enter your username." + fi + fi + done + pass=`rand` + echo "Please input ${user}'s new password:" + read -p "(Default Password: ${pass}):" tmppass + [ ! -z ${tmppass} ] && pass=${tmppass} + sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets + echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets + echo "Username ${user}'s password has been changed." +} + +# Main process +action=$1 +if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; then + action=install +fi + +case ${action} in + install) + l2tp 2>&1 | tee ${cur_dir}/l2tp.log + ;; + -l|--list) + list_users + ;; + -a|--add) + add_user + ;; + -d|--del) + del_user + ;; + -m|--mod) + mod_user + ;; + -h|--help) + echo "Usage: `basename $0` -l,--list List all users" + echo " `basename $0` -a,--add Add a user" + echo " `basename $0` -d,--del Delete a user" + echo " `basename $0` -m,--mod Modify a user password" + echo " `basename $0` -h,--help Print this help information" + ;; + *) + echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit + ;; +esac