起初是想,既然SSH可以用来看YouTube了,自己还花钱买别的VPN,这个VPS搭个VPN不也可以的么?所以,几经周折,学习,谷歌,各种参考,找教程,终于搞定了,当然完全没有成就感,因为实在太懒,用的别人的一键包,不过到回来翻看一键包,倒是学了不少东西。看来Shell这个东西,无聊的时候也要学习一下呀,挺有趣的~都是代码嘛~
PS:之所以不是PPTP的方式的VPN,因为这个方式的基本已经算是被封了,没办法连滴。
废话不多说,流程如下(本文主要参考整理自:http://logicmd.net/2010/12/setup-pptp-and-l2tp-over-ipsec-on-CentOS/):
1.用putty以root用户登陆VPS(当然也可以用其他用户,用su提权既可)
升级下软件包
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
手动安装pptpd
yum -y install pptpd
2.进入opt目录
cd /opt/
3.下载一键包
wget http://mirror.zeddicus.com/auto-l2tp/1.2/CentOS/l2tp.sh
4.赋予可执行权限
chmod +x l2tp.sh
5.执行一键安装包
./l2tp.sh
6.编辑连接账号密码
vim /etc/ppp/chap-secrets
7.编辑密钥
vim /etc/ipsec.secrets
8.重启服务
service pptpd restart
至此,L2TP的VPN就已经装好了。
directspace的VPS要去后台开一下PPP才可以哦。开启可以参考Directspace-VPS如何重装系统
反正无聊,就对l2tp.sh的源码分析了下:
#!/bin/bash
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this tool!n"
exit 1
fi
clear
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.2 #
# Author: Zed Lau #
# Website: http://zeddicus.com #
# #
####################################################
"
vpsip=`hostname -i` #获取VPS的IP
iprange="10.0.99" #定义默认的IP分配子段然后让用户选择是否自定义子段
echo "Please input IP-Range:"
read -p "(Default Range: 10.0.99):" iprange
if [ "$iprange" = "" ]; then
iprange="10.0.99"
fi
mypsk="vpsyou.com" #定义L2TP的连接密钥然后让用户选择是否自定义密钥
echo "Please input PSK:"
read -p "(Default PSK: vpsyou.com):" mypsk
if [ "$mypsk" = "" ]; then
mypsk="vpsyou.com"
fi
clear
get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
#下面输出一些你刚才设置的信息
echo ""
echo "ServerIP:"
echo "$vpsip"
echo ""
echo "Server Local IP:"
echo "$iprange.1"
echo ""
echo "Client Remote IP Range:"
echo "$iprange.2-$iprange.254"
echo ""
echo "PSK:"
echo "$mypsk"
echo ""
echo "Press any key to start..."
char=`get_char`
clear
mknod /dev/random c 1 9
#升级并安装所需的一些组件扩展
yum -y update
yum -y upgrade
yum install -y ppp iptables make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced
mkdir /ztmp
mkdir /ztmp/l2tp
cd /ztmp/l2tp
wget http://www.openswan.org/download/openswan-2.6.24.tar.gz
tar zxvf openswan-2.6.24.tar.gz
cd openswan-2.6.24
#安装openswan
make programs install
#删除重写ipsec的配置,诸如分配IP以及连接方式等信息
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat >>/etc/ipsec.conf<<EOF
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=$vpsip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
EOF
#写入密钥并在防火墙加入相关规则,要改蜜月用vim照着路径进来改就是了,改完记得重启服务
cat >>/etc/ipsec.secrets<<EOF
$vpsip %any: PSK "$mypsk"
EOF
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
sysctl -p
iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
#重启ipsec
/etc/init.d/ipsec restart
ipsec verify
#安装L2TP的相关包
cd /ztmp/l2tp
wget http://mirror.zeddicus.com/sources/rp-l2tp-0.4.tar.gz
tar zxvf rp-l2tp-0.4.tar.gz
cd rp-l2tp-0.4
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd/
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
cd /ztmp/l2tp
wget http://mirror.zeddicus.com/sources/xl2tpd-1.2.4.tar.gz
tar zxvf xl2tpd-1.2.4.tar.gz
cd xl2tpd-1.2.4
make install
#写xl2tpd配置
mkdir /etc/xl2tpd
rm -rf /etc/xl2tpd/xl2tpd.conf
touch /etc/xl2tpd/xl2tpd.conf
cat >>/etc/xl2tpd/xl2tpd.conf<<EOF
[global]
ipsec saref = yes
[lns default]
ip range = $iprange.2-$iprange.254
local ip = $iprange.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat >>/etc/ppp/options.xl2tpd<<EOF
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOF
#写入VPN的账号,连接方式以及密码,要改用vim照着路径进来改就是了,改完记得重启服务
cat >>/etc/ppp/chap-secrets<<EOF
test l2tpd test123 *
EOF
touch /usr/bin/zl2tpset
echo "#/bin/bash" >>/usr/bin/zl2tpset
echo "for each in /proc/sys/net/ipv4/conf/*" >>/usr/bin/zl2tpset
echo "do" >>/usr/bin/zl2tpset
echo "echo 0 > $each/accept_redirects" >>/usr/bin/zl2tpset
echo "echo 0 > $each/send_redirects" >>/usr/bin/zl2tpset
echo "done" >>/usr/bin/zl2tpset
chmod +x /usr/bin/zl2tpset
iptables --table nat --append POSTROUTING --jump MASQUERADE
zl2tpset
xl2tpd
#加入系统自启动服务
cat >>/etc/rc.local<<EOF
iptables --table nat --append POSTROUTING --jump MASQUERADE
/etc/init.d/ipsec restart
/usr/bin/zl2tpset
/usr/local/sbin/xl2tpd
EOF
clear
ipsec verify
printf "
####################################################
# #
# This is a Shell-Based tool of l2tp installation #
# Version: 1.2 #
# Author: Zed Lau #
# Website: http://zeddicus.com #
# #
####################################################
if there are no [FAILED] above, then you can
connect to your L2TP VPN Server with the default
user/pass below:
ServerIP:$vpsip
username:test
password:test123
PSK:$mypsk
"
#安装完毕
20170823 博主留言:VPN协议基本都被吃透了,想出去的话,放弃VPN改用其他方式架设吧,比如Shadowsocks,自己搜博文。
如您从本文得到了有价值的信息或帮助,请考虑扫描文末二维码捐赠和鼓励。
如本文对您有用,捐赠和留言 将是对我最好的支持~(捐赠可转为站内积分)
如愿意,请向朋友推荐本站,谢谢。
尊重他人劳动成果。转载请务必附上原文链接,我将感激不尽。