midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

L2TP vpn 插件

Browse Source
pull/109/head
Mr Chen 6 years ago
parent 91f501be13
commit 87e83538d5
6 changed files with 1349 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. BIN
      plugins/l2tp/ico.png
  2. 16
      plugins/l2tp/index.html
  3. 474
      plugins/l2tp/index.py
  4. 14
      plugins/l2tp/info.json
  5. 35
      plugins/l2tp/install.sh
  6. 810
      plugins/l2tp/scripts/l2tp.sh

BIN
plugins/l2tp/ico.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.4 KiB

16
plugins/l2tp/index.html
Unescape View File

@ -0,0 +1,16 @@
<div class="bt-form">
<div class="bt-w-main">
<div class="bt-w-menu">
<p class="bgw" onclick="pluginService('pm2');">服务</p>
<p onclick="pluginInitD('pm2');">项目列表</p>
<p onclick="pluginConfig('pm2');">Node版本</p>
<p onclick="redisStatus();">模版管理</p>
<p onclick="pluginLogs('pm2','','run_log');">日志管理</p>
</div>
<div class="bt-w-con pd15">
<div class="soft-man-con"></div>
</div>
</div>
</div>
<script type="text/javascript">
</script>

474
plugins/l2tp/index.py
Unescape View File

@ -0,0 +1,474 @@
# coding:utf-8
import sys
import io
import os
import time
import shutil
sys.path.append(os.getcwd() + "/class/core")
import public
app_debug = False
if public.isAppleSystem():
app_debug = True
def getPluginName():
return 'pureftp'
def getPluginDir():
return public.getPluginDir() + '/' + getPluginName()
def getServerDir():
return public.getServerDir() + '/' + getPluginName()
def getInitDFile():
if app_debug:
return '/tmp/' + getPluginName()
return '/etc/init.d/' + getPluginName()
def getConf():
path = getServerDir() + "/etc/pure-ftpd.conf"
return path
def getInitDTpl():
path = getPluginDir() + "/init.d/pure-ftpd.tpl"
return path
def getArgs():
args = sys.argv[2:]
tmp = {}
args_len = len(args)
if args_len == 1:
t = args[0].strip('{').strip('}')
t = t.split(':')
tmp[t[0]] = t[1]
elif args_len > 1:
for i in range(len(args)):
t = args[i].split(':')
tmp[t[0]] = t[1]
return tmp
def status():
cmd = "ps -ef|grep pure-ftpd |grep -v grep | grep -v python | awk '{print $2}'"
data = public.execShell(cmd)
if data[0] == '':
return 'stop'
return 'start'
def contentReplace(content):
service_path = public.getServerDir()
content = content.replace('{$ROOT_PATH}', public.getRootDir())
content = content.replace('{$SERVER_PATH}', service_path)
return content
def initDreplace():
file_tpl = getInitDTpl()
service_path = os.path.dirname(os.getcwd())
initD_path = getServerDir() + '/init.d'
if not os.path.exists(initD_path):
os.mkdir(initD_path)
file_bin = initD_path + '/' + getPluginName()
# initd replace
if not os.path.exists(file_bin):
content = public.readFile(file_tpl)
content = contentReplace(content)
public.writeFile(file_bin, content)
public.execShell('chmod +x ' + file_bin)
pureSbinConfig = getServerDir() + "/sbin/pure-config.pl"
if not os.path.exists(pureSbinConfig):
pureTplConfig = getPluginDir() + "/init.d/pure-config.pl"
content = public.readFile(pureTplConfig)
content = contentReplace(content)
public.writeFile(pureSbinConfig, content)
public.execShell('chmod +x ' + pureSbinConfig)
pureFtpdConfig = getServerDir() + "/etc/pure-ftpd.conf"
pureFtpdConfigBak = getServerDir() + "/etc/pure-ftpd.bak.conf"
pureFtpdConfigTpl = getPluginDir() + "/conf/pure-ftpd.conf"
if not os.path.exists(pureFtpdConfigBak):
shutil.copyfile(pureFtpdConfig, pureFtpdConfigBak)
content = public.readFile(pureFtpdConfigTpl)
content = contentReplace(content)
public.writeFile(pureFtpdConfig, content)
return file_bin
def start():
file = initDreplace()
data = public.execShell(file + ' start')
if data[1] == '':
return 'ok'
return data[1]
def stop():
file = initDreplace()
data = public.execShell(file + ' stop')
if data[1] == '':
return 'ok'
return data[1]
def restart():
file = initDreplace()
data = public.execShell(file + ' restart')
if data[1] == '':
return 'ok'
return 'fail'
def reload():
file = initDreplace()
data = public.execShell(file + ' reload')
if data[1] == '':
return 'ok'
return data[1]
def initdStatus():
if not app_debug:
os_name = public.getOs()
if os_name == 'darwin':
return "Apple Computer does not support"
initd_bin = getInitDFile()
if os.path.exists(initd_bin):
return 'ok'
return 'fail'
def initdInstall():
import shutil
if not app_debug:
os_name = public.getOs()
if os_name == 'darwin':
return "Apple Computer does not support"
source_bin = initDreplace()
initd_bin = getInitDFile()
shutil.copyfile(source_bin, initd_bin)
public.execShell('chmod +x ' + initd_bin)
return 'ok'
def initdUinstall():
if not app_debug:
os_name = public.getOs()
if os_name == 'darwin':
return "Apple Computer does not support"
initd_bin = getInitDFile()
os.remove(initd_bin)
return 'ok'
def pftpDB():
file = getServerDir() + '/ftps.db'
if not os.path.exists(file):
conn = public.M('ftps').dbPos(getServerDir(), 'ftps')
csql = public.readFile(getPluginDir() + '/conf/ftps.sql')
csql_list = csql.split(';')
for index in range(len(csql_list)):
conn.execute(csql_list[index], ())
else:
conn = public.M('ftps').dbPos(getServerDir(), 'ftps')
return conn
def pftpUser():
if public.isAppleSystem():
user = public.execShell(
"who | sed -n '2, 1p' |awk '{print $1}'")[0].strip()
return user
return 'www'
def pftpAdd(username, password, path):
user = pftpUser()
if not os.path.exists(path):
os.makedirs(path)
if public.isAppleSystem():
os.system('chown ' + user + '.staff ' + path)
else:
os.system('chown www.www ' + path)
cmd = getServerDir() + '/bin/pure-pw useradd ' + username + ' -u ' + user + ' -d ' + \
path + '<<EOF \n' + password + '\n' + password + '\nEOF'
return public.execShell(cmd)
def pftpMod(username, password):
user = pftpUser()
cmd = getServerDir() + '/bin/pure-pw passwd ' + username + \
'<<EOF \n' + password + '\n' + password + '\nEOF'
return public.execShell(cmd)
def pftpStop(username):
cmd = getServerDir() + '/bin/pure-pw usermod ' + username + ' -r 1'
return public.execShell(cmd)
def pftpStart(username):
cmd = getServerDir() + '/bin/pure-pw usermod ' + username + " -r ''"
return public.execShell(cmd)
def pftpReload():
public.execShell(getServerDir() + '/bin/pure-pw mkdb ' +
getServerDir() + '/etc/pureftpd.pdb')
def getWwwDir():
path = public.getWwwDir()
return path
def getFtpPort():
import re
try:
file = getServerDir() + '/etc/pure-ftpd.conf'
conf = public.readFile(file)
rep = "\n#?\s*Bind\s+[0-9]+\.[0-9]+\.[0-9]+\.+[0-9]+,([0-9]+)"
port = re.search(rep, conf).groups()[0]
except:
port = '21'
return port
def getFtpList():
args = getArgs()
page = 1
page_size = 10
search = ''
if 'page' in args:
page = int(args['page'])
if 'page_size' in args:
page_size = int(args['page_size'])
if 'search' in args:
search = args['search']
data = {}
conn = pftpDB()
limit = str((page - 1) * page_size) + ',' + str(page_size)
# print limit, search
condition = ''
if not search == '':
condition = "name like '%" + search + "%'"
field = 'id,pid,name,password,path,status,ps,addtime'
clist = conn.where(condition, ()).field(
field).limit(limit).order('id desc').select()
count = conn.where(condition, ()).count()
_page = {}
_page['count'] = count
_page['p'] = page
_page['row'] = page_size
_page['tojs'] = 'ftpList'
data['page'] = public.getPage(_page)
info = {}
info['ip'] = public.getLocalIp()
info['port'] = getFtpPort()
data['info'] = info
data['data'] = clist
return public.getJson(data)
def addFtp():
import urllib
args = getArgs()
if not 'ftp_username' in args:
return 'ftp_username missing'
if not 'ftp_password' in args:
return 'ftp_password missing'
if not 'path' in args:
return 'path missing'
if not 'ps' in args:
return 'ps missing'
path = urllib.unquote(args['path'])
user = args['ftp_username']
pwd = args['ftp_password']
ps = args['ps']
addtime = time.strftime('%Y-%m-%d %X', time.localtime())
data = pftpAdd(user, pwd, path)
conn = pftpDB()
conn.add('pid,name,password,path,status,ps,addtime',
(0, user, pwd, path, 1, ps, addtime))
pftpReload()
if data[1] == '':
return 'ok'
return data[0]
def delFtp():
args = getArgs()
if not 'id' in args:
return 'ftp_username missing'
if not 'username' in args:
return 'username missing'
public.execShell(getServerDir() +
'/bin/pure-pw userdel ' + args['username'])
pftpReload()
conn = pftpDB()
conn.where("id=?", (args['id'],)).delete()
public.writeLog('TYPE_FTP', 'FTP_DEL_SUCCESS', (args['username'],))
return 'ok'
def modFtp():
args = getArgs()
if not 'id' in args:
return 'id missing'
if not 'name' in args:
return 'name missing'
if not 'password' in args:
return 'password missing'
conn = pftpDB()
data = pftpMod(args['name'], args['password'])
pftpReload()
conn.where('id=?', (int(args['id']),)).save(
'password', (args['password'],))
# print data
if data[1] == '':
return 'ok'
return data[0]
def modFtpPort():
import re
args = getArgs()
if not 'port' in args:
return 'port missing'
try:
port = args['port']
if int(port) < 1 or int(port) > 65535:
return '端口范围不正确!'
file = file = getServerDir() + '/etc/pure-ftpd.conf'
conf = public.readFile(file)
rep = u"\n#?\s*Bind\s+[0-9]+\.[0-9]+\.[0-9]+\.+[0-9]+,([0-9]+)"
# preg_match(rep,conf,tmp)
conf = re.sub(
rep, "\nBind 0.0.0.0," + port, conf)
public.writeFile(file, conf)
restart()
return 'ok'
except Exception as ex:
return str(ex)
def stopPort():
args = getArgs()
if not 'id' in args:
return 'id missing'
if not 'username' in args:
return 'username missing'
if not 'status' in args:
return 'status missing'
data = pftpStop(args['username'])
pftpReload()
conn = pftpDB()
conn.where('id=?', (int(args['id']),)).save(
'status', (args['status'],))
if data[1] == '':
return 'ok'
return data[0]
def startPort():
args = getArgs()
if not 'id' in args:
return 'id missing'
if not 'username' in args:
return 'username missing'
if not 'status' in args:
return 'status missing'
data = pftpStart(args['username'])
pftpReload()
conn = pftpDB()
conn.where('id=?', (int(args['id']),)).save(
'status', (args['status'],))
if data[1] == '':
return 'ok'
return data[0]
if __name__ == "__main__":
func = sys.argv[1]
if func == 'status':
print status()
elif func == 'start':
print start()
elif func == 'stop':
print stop()
elif func == 'restart':
print restart()
elif func == 'reload':
print reload()
elif func == 'initd_status':
print initdStatus()
elif func == 'initd_install':
print initdInstall()
elif func == 'initd_uninstall':
print initdUinstall()
elif func == 'conf':
print getConf()
elif func == 'get_www_dir':
print getWwwDir()
elif func == 'get_ftp_list':
print getFtpList()
elif func == 'add_ftp':
print addFtp()
elif func == 'del_ftp':
print delFtp()
elif func == 'mod_ftp':
print modFtp()
elif func == 'mod_ftp_port':
print modFtpPort()
elif func == 'stop_ftp':
print stopPort()
elif func == 'start_ftp':
print startPort()
else:
print 'error'

14
plugins/l2tp/info.json
Unescape View File

@ -0,0 +1,14 @@
{
"title":"L2TP",
"tip":"soft",
"name":"l2tp",
"type":"运行环境",
"ps":"VPN网关",
"versions":"1.0",
"shell":"install.sh",
"checks":"server/l2tp",
"author":"teddysun",
"home":"https://github.com/teddysun/across/blob/master/l2tp.sh",
"date":"2019-02-27",
"pid": "4"
}

35
plugins/l2tp/install.sh
Unescape View File

@ -0,0 +1,35 @@
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
curPath=`pwd`
rootPath=$(dirname "$curPath")
rootPath=$(dirname "$rootPath")
serverPath=$(dirname "$rootPath")
install_tmp=${rootPath}/tmp/bt_install.pl
npm install pm2 -g
Install_pm2()
{
echo '正在安装脚本文件...' > $install_tmp
mkdir -p $serverPath/pm2
echo '1.0' > $serverPath/pm2/version.pl
echo '安装完成' > $install_tmp
}
Uninstall_pm2()
{
rm -rf $serverPath/pm2
echo "卸载完成" > $install_tmp
}
action=$1
if [ "${1}" == 'install' ];then
Install_pm2
else
Uninstall_pm2
fi

810
plugins/l2tp/scripts/l2tp.sh
Unescape View File

@ -0,0 +1,810 @@
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=======================================================================#
# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #
# Description: L2TP VPN Auto Installer #
# Author: Teddysun <i@teddysun.com> #
# Intro: https://teddysun.com/448.html #
#=======================================================================#
cur_dir=`pwd`
libreswan_filename="libreswan-3.27"
download_root_url="https://dl.lamp.sh/files"
rootness(){
if [[ $EUID -ne 0 ]]; then
echo "Error:This script must be run as root!" 1>&2
exit 1
fi
}
tunavailable(){
if [[ ! -e /dev/net/tun ]]; then
echo "Error:TUN/TAP is not available!" 1>&2
exit 1
fi
}
disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
get_opsy(){
[ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
[ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
[ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
}
get_os_info(){
IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )
local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
local tram=$( free -m | awk '/Mem/ {print $2}' )
local swap=$( free -m | awk '/Swap/ {print $2}' )
local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime )
local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' )
local opsy=$( get_opsy )
local arch=$( uname -m )
local lbit=$( getconf LONG_BIT )
local host=$( hostname )
local kern=$( uname -r )
echo "########## System Information ##########"
echo
echo "CPU model : ${cname}"
echo "Number of cores : ${cores}"
echo "CPU frequency : ${freq} MHz"
echo "Total amount of ram : ${tram} MB"
echo "Total amount of swap : ${swap} MB"
echo "System uptime : ${up}"
echo "Load average : ${load}"
echo "OS : ${opsy}"
echo "Arch : ${arch} (${lbit} Bit)"
echo "Kernel : ${kern}"
echo "Hostname : ${host}"
echo "IPv4 address : ${IP}"
echo
echo "########################################"
}
check_sys(){
local checkType=$1
local value=$2
local release=''
local systemPackage=''
if [[ -f /etc/redhat-release ]]; then
release="centos"
systemPackage="yum"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
fi
if [[ ${checkType} == "sysRelease" ]]; then
if [ "$value" == "$release" ];then
return 0
else
return 1
fi
elif [[ ${checkType} == "packageManager" ]]; then
if [ "$value" == "$systemPackage" ];then
return 0
else
return 1
fi
fi
}
rand(){
index=0
str=""
for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; done
for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done
echo ${str}
}
is_64bit(){
if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then
return 0
else
return 1
fi
}
download_file(){
if [ -s ${1} ]; then
echo "$1 [found]"
else
echo "$1 not found!!!download now..."
if ! wget -c -t3 -T60 ${download_root_url}/${1}; then
echo "Failed to download $1, please download it to ${cur_dir} directory manually and try again."
exit 1
fi
fi
}
versionget(){
if [[ -s /etc/redhat-release ]];then
grep -oE "[0-9.]+" /etc/redhat-release
else
grep -oE "[0-9.]+" /etc/issue
fi
}
centosversion(){
if check_sys sysRelease centos;then
local code=${1}
local version="`versionget`"
local main_ver=${version%%.*}
if [ "${main_ver}" == "${code}" ];then
return 0
else
return 1
fi
else
return 1
fi
}
debianversion(){
if check_sys sysRelease debian;then
local version=$( get_opsy )
local code=${1}
local main_ver=$( echo ${version} | sed 's/[^0-9]//g')
if [ "${main_ver}" == "${code}" ];then
return 0
else
return 1
fi
else
return 1
fi
}
version_check(){
if check_sys packageManager yum; then
if centosversion 5; then
echo "Error: CentOS 5 is not supported, Please re-install OS and try again."
exit 1
fi
fi
}
get_char(){
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
preinstall_l2tp(){
echo
if [ -d "/proc/vz" ]; then
echo -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel."
echo "Continue installation? (y/n)"
read -p "(Default: n)" agree
[ -z ${agree} ] && agree="n"
if [ "${agree}" == "n" ]; then
echo
echo "L2TP installation cancelled."
echo
exit 0
fi
fi
echo
echo "Please enter IP-Range:"
read -p "(Default Range: 192.168.18):" iprange
[ -z ${iprange} ] && iprange="192.168.18"
echo "Please enter PSK:"
read -p "(Default PSK: teddysun.com):" mypsk
[ -z ${mypsk} ] && mypsk="teddysun.com"
echo "Please enter Username:"
read -p "(Default Username: teddysun):" username
[ -z ${username} ] && username="teddysun"
password=`rand`
echo "Please enter ${username}'s password:"
read -p "(Default Password: ${password}):" tmppassword
[ ! -z ${tmppassword} ] && password=${tmppassword}
echo
echo "ServerIP:${IP}"
echo "Server Local IP:${iprange}.1"
echo "Client Remote IP Range:${iprange}.2-${iprange}.254"
echo "PSK:${mypsk}"
echo
echo "Press any key to start... or press Ctrl + C to cancel."
char=`get_char`
}
install_l2tp(){
mknod /dev/random c 1 9
if check_sys packageManager apt; then
apt-get -y update
if debianversion 7; then
if is_64bit; then
local libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb"
local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb"
local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb"
local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb"
local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb"
local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb"
local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb"
local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb"
local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb"
else
local libnspr4_filename1="libnspr4_4.10.7-1_i386.deb"
local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb"
local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb"
local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb"
local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb"
local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb"
local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb"
local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb"
local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb"
fi
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libnspr4_filename1}"
download_file "${libnspr4_filename2}"
download_file "${libnspr4_filename3}"
download_file "${libnspr4_filename4}"
download_file "${libnss3_filename1}"
download_file "${libnss3_filename2}"
download_file "${libnss3_filename3}"
download_file "${libnss3_filename4}"
download_file "${libnss3_filename5}"
dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4}
dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5}
apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \
libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev
else
apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \
libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \
libevent-dev libcurl4-nss-dev libsystemd-dev
fi
apt-get -y --no-install-recommends install xmlto
apt-get -y install xl2tpd
compile_install
elif check_sys packageManager yum; then
echo "Adding the EPEL repository..."
yum -y install epel-release yum-utils
[ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1
yum-config-manager --enable epel
echo "Adding the EPEL repository complete..."
if centosversion 7; then
yum -y install ppp libreswan xl2tpd firewalld
yum_install
elif centosversion 6; then
yum -y remove libevent-devel
yum -y install libevent2-devel
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
libcap-ng-devel libselinux-devel lsof \
curl-devel flex bison gcc ppp make iptables gmp-devel \
fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd
compile_install
fi
fi
}
config_install(){
cat > /etc/ipsec.conf<<EOF
version 2.0
config setup
protostack=netkey
nhelpers=0
uniqueids=no
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${iprange}.0/24
conn l2tp-psk
rightsubnet=vhost:%priv
also=l2tp-psk-nonat
conn l2tp-psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftid=${IP}
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
sha2-truncbug=yes
EOF
cat > /etc/ipsec.secrets<<EOF
%any %any : PSK "${mypsk}"
EOF
cat > /etc/xl2tpd/xl2tpd.conf<<EOF
[global]
port = 1701
[lns default]
ip range = ${iprange}.2-${iprange}.254
local ip = ${iprange}.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
cat > /etc/ppp/options.xl2tpd<<EOF
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
proxyarp
connect-delay 5000
EOF
rm -f /etc/ppp/chap-secrets
cat > /etc/ppp/chap-secrets<<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
${username} l2tpd ${password} *
EOF
}
compile_install(){
rm -rf ${cur_dir}/l2tp
mkdir -p ${cur_dir}/l2tp
cd ${cur_dir}/l2tp
download_file "${libreswan_filename}.tar.gz"
tar -zxf ${libreswan_filename}.tar.gz
cd ${cur_dir}/l2tp/${libreswan_filename}
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS =
USE_DNSSEC = false
USE_DH31 = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF
make programs && make install
/usr/local/sbin/ipsec --version >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "${libreswan_filename} install failed."
exit 1
fi
config_install
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
for each in `ls /proc/sys/net/ipv4/conf/`; do
echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
done
sysctl -p
if centosversion 6; then
[ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d`
if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
cat > /etc/sysconfig/iptables <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOF
else
iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s ${iprange}.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
/etc/init.d/iptables save
fi
if [ ! -f /etc/ipsec.d/cert9.db ]; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
rm -f /var/tmp/libreswan-nss-pwd
fi
chkconfig --add iptables
chkconfig iptables on
chkconfig --add ipsec
chkconfig ipsec on
chkconfig --add xl2tpd
chkconfig xl2tpd on
/etc/init.d/iptables restart
/etc/init.d/ipsec start
/etc/init.d/xl2tpd start
else
[ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d`
if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; then
cat > /etc/iptables.rules <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOF
else
iptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s ${iprange}.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
/sbin/iptables-save > /etc/iptables.rules
fi
cat > /etc/network/if-up.d/iptables <<EOF
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.rules
EOF
chmod +x /etc/network/if-up.d/iptables
if [ ! -f /etc/ipsec.d/cert9.db ]; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
rm -f /var/tmp/libreswan-nss-pwd
fi
update-rc.d -f xl2tpd defaults
cp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d`
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
cat >> /etc/rc.local <<EOF
# Added by L2TP VPN script
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/service ipsec start
exit 0
EOF
chmod +x /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables-restore < /etc/iptables.rules
/usr/sbin/service ipsec start
/usr/sbin/service xl2tpd restart
fi
}
yum_install(){
config_install
cp -pf /etc/sysctl.conf /etc/sysctl.conf.bak
echo "# Added by L2TP VPN" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf
for each in `ls /proc/sys/net/ipv4/conf/`; do
echo "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.conf
done
sysctl -p
cat > /etc/firewalld/services/xl2tpd.xml<<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>xl2tpd</short>
<description>L2TP IPSec</description>
<port protocol="udp" port="4500"/>
<port protocol="udp" port="1701"/>
</service>
EOF
chmod 640 /etc/firewalld/services/xl2tpd.xml
systemctl enable ipsec
systemctl enable xl2tpd
systemctl enable firewalld
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ]; then
firewall-cmd --reload
echo "Checking firewalld status..."
firewall-cmd --list-all
echo "add firewalld rules..."
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-service=xl2tpd
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
else
echo "Firewalld looks like not running, trying to start..."
systemctl start firewalld
if [ $? -eq 0 ]; then
echo "Firewalld start successfully..."
firewall-cmd --reload
echo "Checking firewalld status..."
firewall-cmd --list-all
echo "adding firewalld rules..."
firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-service=xl2tpd
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
else
echo "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary."
fi
fi
systemctl restart ipsec
systemctl restart xl2tpd
echo "Checking ipsec status..."
systemctl -a | grep ipsec
echo "Checking xl2tpd status..."
systemctl -a | grep xl2tpd
echo "Checking firewalld status..."
firewall-cmd --list-all
}
finally(){
cd ${cur_dir}
rm -fr ${cur_dir}/l2tp
# create l2tp command
cp -f ${cur_dir}/`basename $0` /usr/bin/l2tp
echo "Please wait a moment..."
sleep 5
ipsec verify
echo
echo "###############################################################"
echo "# L2TP VPN Auto Installer #"
echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #"
echo "# Intro: https://teddysun.com/448.html #"
echo "# Author: Teddysun <i@teddysun.com> #"
echo "###############################################################"
echo "If there is no [FAILED] above, you can connect to your L2TP "
echo "VPN Server with the default Username/Password is below:"
echo
echo "Server IP: ${IP}"
echo "PSK : ${mypsk}"
echo "Username : ${username}"
echo "Password : ${password}"
echo
echo "If you want to modify user settings, please use below command(s):"
echo "l2tp -a (Add a user)"
echo "l2tp -d (Delete a user)"
echo "l2tp -l (List all users)"
echo "l2tp -m (Modify a user password)"
echo
echo "Welcome to visit our website: https://teddysun.com/448.html"
echo "Enjoy it!"
echo
}
l2tp(){
clear
echo
echo "###############################################################"
echo "# L2TP VPN Auto Installer #"
echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+ #"
echo "# Intro: https://teddysun.com/448.html #"
echo "# Author: Teddysun <i@teddysun.com> #"
echo "###############################################################"
echo
rootness
tunavailable
disable_selinux
version_check
get_os_info
preinstall_l2tp
install_l2tp
finally
}
list_users(){
if [ ! -f /etc/ppp/chap-secrets ];then
echo "Error: /etc/ppp/chap-secrets file not found."
exit 1
fi
local line="+-------------------------------------------+\n"
local string=%20s
printf "${line}|${string} |${string} |\n${line}" Username Password
grep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}'
printf ${line}
}
add_user(){
while :
do
read -p "Please input your Username:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1
if [ $? -eq 0 ];then
echo "Username (${user}) already exists. Please re-enter your username."
else
break
fi
fi
done
pass=`rand`
echo "Please input ${user}'s password:"
read -p "(Default Password: ${pass}):" tmppass
[ ! -z ${tmppass} ] && pass=${tmppass}
echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets
echo "Username (${user}) add completed."
}
del_user(){
while :
do
read -p "Please input Username you want to delete it:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
if [ $? -eq 0 ];then
break
else
echo "Username (${user}) is not exists. Please re-enter your username."
fi
fi
done
sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
echo "Username (${user}) delete completed."
}
mod_user(){
while :
do
read -p "Please input Username you want to change password:" user
if [ -z ${user} ]; then
echo "Username can not be empty"
else
grep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1
if [ $? -eq 0 ];then
break
else
echo "Username (${user}) is not exists. Please re-enter your username."
fi
fi
done
pass=`rand`
echo "Please input ${user}'s new password:"
read -p "(Default Password: ${pass}):" tmppass
[ ! -z ${tmppass} ] && pass=${tmppass}
sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets
echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets
echo "Username ${user}'s password has been changed."
}
# Main process
action=$1
if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; then
action=install
fi
case ${action} in
install)
l2tp 2>&1 | tee ${cur_dir}/l2tp.log
;;
-l|--list)
list_users
;;
-a|--add)
add_user
;;
-d|--del)
del_user
;;
-m|--mod)
mod_user
;;
-h|--help)
echo "Usage: `basename $0` -l,--list List all users"
echo " `basename $0` -a,--add Add a user"
echo " `basename $0` -d,--del Delete a user"
echo " `basename $0` -m,--mod Modify a user password"
echo " `basename $0` -h,--help Print this help information"
;;
*)
echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit
;;
esac
Write Preview
Loading…
Cancel
Save