/bin/bash # IKEV2+IPSEC/L2TP+PPTP/Freeradius-Client install for CentOS # Powered XiaoSang ( I@sangsir.com ) Vpn.sh Check if user is root if [$(ID -u) = = "0"]; then echo "Error: You must must," We currently support CentOS only' exit 1 fi function echoline {echo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = "Do read -p" Server eth: "eth if [${eth}] =" "; Then echo "Error: Server eth Can't be empty!" "fi done #install #install", "fi ", "fi ", "fi ", "fi ", "done ", "fi ", "done ", "fi ", "done ", " Http://download.strongswan.org/strongswan-5.3.2.tar.gz Tar xzf strongswan-5.3.2. Tar.gz CD strongswan-5.3.2 ./configure --enable-eap-identity --enable-eap-md5 --enable-load-tester --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap --enable-xauth-pam --enable-dhcp --enable-xauth-pam --disable-gmp make; make install #config IKEV2+IPSEC WGet Http://www.kailitec.com/FeiQuan/ca.cert.pem WGet Http://www.kailitec.com/FeiQuan/ca.pem IPSec PKI --gen --outform PEM > Server.pem IPSec PKI --pub --in Server.pem * IPSec PKI --issue --cacert Ca.cert.pem --cakey Ca.pem --dn "C=China, O=FeiQuan, CN=${ip} "--san=" ${ip} "--flag serverAuth --flag ikeIntermediate --outform PEM > Server.cert.pem IPSec PKI --gen --outform PEM > Client.pem IPSec PKI --pub --in Client.pem * IPSec PKI --issue --cacert Ca.cert.pem --cakey Ca.pem --dn "C= China, O=FeiQuan, CN=FeiQuanVPN" --outform PEM > Client.cert.pem OpenSSL pkcs12 -export -inkey Client.pem -in Client.cert.pem -name "client" -certfile Ca.cert.pem -caname "FeiQuanVPN" -out Client.cert .p12 -password Pass:8888 CP -r Ca.cert.pem /usr/local/etc/ipsec.d/cacerts/ CP -r Server.cert.pem /usr/local/etc/ipsec.d/certs/ CP -r Server.pem /usr/local/etc/ipsec.d/private/ CP -r Client.cert.pem /usr/local/etc/ipsec.d/certs/ echo ': RSA Server.pem ' "/usr/local/etc/ Ipsec.secrets Echo ': PSK "Feiquan" "/usr/local/etc/" Ipsec.secrets Echo ': XAUTH "Feiquan" "/usr/local/etc/" Ipsec.secrets Cat /dev/null > /usr/local/etc/ Ipsec.conf Echo "config setup" /usr/local/etc/ Ipsec.conf Echo "uniqueids=never" /usr/local/etc/ Ipsec.conf Echo "" /usr/local/etc/ Ipsec.conf Echo "conn Xauth_ PSK "" /usr/local/etc/ " Ipsec.conf Echo "keyexchange=ikev1" /usr/local/etc/ Ipsec.conf Echo "left=%defaultroute" /usr/local/etc/ Ipsec.conf Echo "leftauth=psk" /usr/local/etc/ Ipsec.conf Echo "leftsubnet=0.0.0.0/0" /usr/local/etc/ Ipsec.conf Echo "right=%any" /usr/local/etc/ Ipsec.conf Echo "rightauth=psk" /usr/local/etc/ Ipsec.conf Echo "rightauth2=xauth" /usr/local/etc/ Ipsec.conf Echo "rightsourceip=10.31.2.0/27" /usr/local/etc/ Ipsec.conf Echo "auto=add" /usr/local/etc/ Ipsec.conf Echo "" /usr/local/etc/ Ipsec.conf Echo "conn windows7" /usr/local/etc/ Ipsec.conf Echo "keyexchange=ikev2" /usr/local/etc/ Ipsec.conf Echo "ike=aes256-sha1-modp1024!" /usr/local/etc/ Ipsec.conf Echo "esp=aes256-sha1!" /usr/local/etc/ Ipsec.conf Echo "dpdaction=clear" /usr/local/etc/ Ipsec.conf Echo "dpddelay=300s" /usr/local/etc/ Ipsec.conf Echo "rekey=no" /usr/local/etc/ Ipsec.conf Echo "left=%any" /usr/local/etc/ Ipsec.conf Echo "leftauth=pubkey" /usr/local/etc/ Ipsec.conf Echo "leftsubnet=0.0.0.0/0" /usr/local/etc/ Ipsec.conf Echo 'leftid= "C=China, O=FeiQuan, CN='${ip}'" "/usr/local/etc/" Ipsec.conf Echo "leftcert= Server.cert.pem "/usr/local/etc/ Ipsec.conf Echo "right=%any" /usr/local/etc/ Ipsec.conf Echo "Rightauth=eap-radius" /usr/local/etc/ Ipsec.conf Echo "rightsourceip=10.31.2.0/27" /usr/local/etc/ Ipsec.conf Echo "rightsendcert=never" /usr/local/etc/ Ipsec.conf Echo "eap_ Identity=%any "" /usr/local/etc/ " Ipsec.conf Echo "auto=add" /usr/local/etc/ Ipsec.conf Echo "" /usr/local/etc/ Ipsec.conf Echo "conn L2TP" /usr/local/etc/ Ipsec.conf Echo "keyexchange=ikev1" /usr/local/etc/ Ipsec.conf Echo "left=${ip}" /usr/local/etc/ Ipsec.conf Echo "leftsubnet=0.0.0.0/0" /usr/local/etc/ Ipsec.conf Echo "leftprotoport=17/1701" /usr/local/etc/ Ipsec.conf Echo "authby=secret" /usr/local/etc/ Ipsec.conf Echo "leftfirewall=no" /usr/local/etc/ Ipsec.conf Echo "right=%any" /usr/local/etc/ Ipsec.conf Echo "rightprotoport=17/%any" /usr/local/etc/ Ipsec.conf Echo "type=transport" /usr/local/etc/ Ipsec.conf Echo "auto=add" /usr/local/etc/ Ipsec.conf Cat /dev/null > /usr/local/etc/ Strongswan.conf Echo "Charon {" /usr/local/etc/ Strongswan.conf Echo "load_ Modular = yes "" /usr/local/etc/ " Strongswan.conf Echo " Duplicheck.enable = no "" /usr/local/etc/ Strongswan.conf Echo "compress = yes" /usr/local/etc/ Strongswan.conf Echo "plugins {" /usr/local/etc/ Strongswan.conf Echo "include strongswan.d/charon/*.conf" /usr/local/etc/ Strongswan.conf Echo "Eap-radius {" /usr/local/etc/ Strongswan.conf Echo "Accounting = yes" /usr/local/etc/ Strongswan.conf Echo "servers {" /usr/local/etc/ Strongswan.conf Echo "primary {" /usr/local/etc/ Strongswan.conf Echo " Secret = FeiQuanServer "" /usr/local/etc/ " Strongswan.conf Echo "address = 47.90.23.202" /usr/local/etc/ Strongswan.conf Echo "auth_ Port = 1812 "" /usr/local/etc/ " Strongswan.conf Echo "acct_ Port = 1813 "" /usr/local/etc/ " Strongswan.conf Echo "preference = 99" /usr/local/etc/ Strongswan.conf Echo} /usr/local/etc/ Strongswan.conf Echo "" /usr/local/etc/ Strongswan.conf Echo "" /usr/local/etc/ Strongswan.conf Echo} /usr/local/etc/ Strongswan.conf Echo} /usr/local/etc/ Strongswan.conf Echo "xauth-eap {" /usr/local/etc/ Strongswan.conf Echo "backend = radius" /usr/local/etc/ Strongswan.conf Echo " } "/usr/local/etc/ Strongswan.conf Echo} /usr/local/etc/ Strongswan.conf Echo "dns1 = 8.8.8.8" /usr/local/etc/ Strongswan.conf Echo "dns2 = 8.8.4.4" /usr/local/etc/ Strongswan.conf Echo "nbns1 = 8.8.8.8" /usr/local/etc/ Strongswan.conf Echo "nbns2 = 8.8.4.4" /usr/local/etc/ Strongswan.conf Echo} /usr/local/etc/ Strongswan.conf Echo "include strongswan.d/*.conf" /usr/local/etc/ Strongswan.conf Iptables -t NAT -A POSTROUTING -s 10.31.1.0/24 -o ${eth} -j MASQUERADE MASQUERADE , "Dan,", ",", ",", " ACCEPT iptables -A FORWARD -s 10.31.2.0/24 -j ACCEPT iptables -A FORWARD -A 500, 500, 4500, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 1, 2, 1, 2, and 1. ${eth} -p UDP --dport 1701 -j ACCEPT iptables -A INPUT -i ${eth} -i 1723, 1814, UDP, --dport, and -j Restart #sysctl ifexists=`grep Net.ipv4 .ip_ Forward /etc/ Sysctl.conf "If" [$ifexists "= ="]; then echo " Net.ipv4 .ip_ Forward = 1 "" /etc/ " Sysctl.conf Else sed -i's/# Net.ipv4 .ip_ Forward/ Net.ipv4 .ip_ Forward/g'/etc/ Sysctl.conf Sed -i's/ Net.ipv4 .ip_ Forward = 0/ Net.ipv4 .ip_ Forward = 1/g'/etc/ Sysctl.conf Fi echoline sysctl -p IPSec start } function two {#config ip while ["${ip}" = "") Http://dl.fedoraproject.org/pub/epel/6/x86_ 64/epel-release-6-8. Noarch.rpm Yum -y install PPP pptpd xl2tpd cat /dev/null > /etc/xl2tpd/xl2 Tpd.conf Echo "[global]" /etc/xl2tpd/xl2 Tpd.conf Echo "listen-addr = ${ip}" /etc/xl2tpd/xl2 Tpd.conf Echo "" /etc/xl2tpd/xl2 Tpd.conf Echo "[lns default]" /etc/xl2tpd/xl2 Tpd.conf Echo "IP range = 10.31.1.100-10.31.1.200". /etc/xl2tpd/xl2 Tpd.conf Echo "local IP = 10.31.1.1" /etc/xl2tpd/xl2 Tpd.conf Echo "require chap = yes" /etc/xl2tpd/xl2 Tpd.conf Echo "refuse PAP = yes" /etc/xl2tpd/xl2 Tpd.conf Echo "require authentication = yes" /etc/xl2tpd/xl2 Tpd.conf Echo "name = LinuxVPNserver" /etc/xl2tpd/xl2 Tpd.conf Echo "PPP debug = yes". /etc/xl2tpd/xl2 Tpd.conf Echo "pppoptfile = /etc/ppp/ Options.xl2tpd "/etc/xl2tpd/xl2 Tpd.conf Echo "length bit = yes" /etc/xl2tpd/xl2 Tpd.conf Cat /dev/null > /etc/ppp/ Options.xl2tpd Echo "refuse-pap" /etc/ppp/ Options.xl2tpd Echo "refuse-chap" /etc/ppp/ Options.xl2tpd Echo "refuse-mschap" /etc/ppp/ Options.xl2tpd Echo "Require-mppe-128" /etc/ppp/ Options.xl2tpd Echo "require-mschap-v2" /etc/ppp/ Options.xl2tpd Echo "ipcp-accept-local" /etc/ppp/ Options.xl2tpd Echo "ipcp-accept-remote" /etc/ppp/ Options.xl2tpd Echo "ms-dns 8.8.8.8" /etc/ppp/ Options.xl2tpd Echo "ms-dns 8.8.4.4" /etc/ppp/ Options.xl2tpd Echo "asyncmap 0" /etc/ppp/ Options.xl2tpd Echo "noccp" /etc/ppp/ Options.xl2tpd Echo "auth" /etc/ppp/ Options.xl2tpd Echo "crtscts" /etc/ppp/ Options.xl2tpd Echo "hide-password" /etc/ppp/ Options.xl2tpd Echo "debug" /etc/ppp/ Options.xl2tpd Echo "modem" /etc/ppp/ Options.xl2tpd Echo "lock" /etc/ppp/ Options.xl2tpd Echo "proxyarp" /etc/ppp/ Options.xl2tpd Echo "name l2tpd" /etc/ppp/ Options.xl2tpd Echo "lcp-echo-interval 30" /etc/ppp/ Options.xl2tpd Echo "lcp-echo-failure 4" /etc/ppp/ Options.xl2tpd Echo "" /etc/ppp/ Options.xl2tpd Echo "plugin /usr/lib64/pppd/2.4.5/ Radius.so "/etc/ppp/ Options.xl2tpd Echo "plugin /usr/lib64/pppd/2.4.5/ Radattr.so "" /etc/ppp/ Options.xl2tpd Echo "radius-config-file /usr/local/etc/radiusclient/ Radiusclient.conf "/etc/ppp/ Options.xl2tpd Echo "ms-dns 8.8.8.8" /etc/ppp/ Options.pptpd Echo "ms-dns 8.8.4.4" /etc/ppp/ Options.pptpd Echo "plugin /usr/lib64/pppd/2.4.5/ Radius.so "/etc/ppp/ Options.pptpd Echo "plugin /usr/lib64/pppd/2.4.5/ Radattr.so "" /etc/ppp/ Options.pptpd Echo "radius-config-file /usr/local/etc/radiusclient/ Radiusclient.conf "/etc/ppp/ Options.pptpd Sed -i's/logwtmp/#logwtmp/g'/etc/ Pptpd.conf Echo "localip 10.31.1.1" /etc/ Pptpd.conf Echo "remoteip 10.31.1.10-99" /etc/ Pptpd.conf Echoline service pptpd start service xl2tpd start } function three {CD CD WGet WGet Ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz Tar -zxf freeradius-client-1.1.7. Tar.gz CD freeradius-client-1.1.7 ./configure make & & make install echo "47.90.23.202 FeiQuanServer" /usr/local/etc/radiusclient/servers sed FeiQuanServer Deadtime/#radius_ Deadtime/g'/usr/local/etc/radiusclient/ Radiusclient.conf Sed -i's/bindaddr/#bindaddr/g'/usr/local/etc/radiusclient/ Radiusclient.conf Sed -i's/localhost/47.90.23.202/g'/usr/local/etc/radiusclient/ Radiusclient.conf RM -f /usr/local/etc/radiusclient/dictionary CD /usr/local/etc/radiusclient WGet Http://www.fqboost.com/dictionary WGet Http://small-script.googlecode.com/files/dictionary.microsoft CD ~ } clear echo "" echo "IKEV2+IPSEC/L2TP+PPTP/Freeradius-Client install for CentOS" echo "Please press the the Please" " I@sangsir.com " echo" 1. install IKEV2+IPSEC " echo" 2. install L2TP+PPTP " echo" 3. install Freeradius-Client " echoline read -p" "Please input your choice:" choice case "$choice" in 1) one ; (2) two ; (3) three ;; * *) echo "three ";;