安装PPTP和OpenVPN的自动化脚本
安装OpenVPN需要主机支持tun,安装PPTP需要主机支持tun和ppp。
首先要检测你的VPS是否开启了TUN和PPP,联系你的服务器提供商,直接询问。如果没有开启,可以要求他们开启。
自行检测的方法:
检测TUN
cat /dev/net/tun
返回:
cat: /dev/net/tun: File descriptor in bad state 说明正常
检测是支持PPP模块
cat /dev/ppp
返回:
cat: /dev/ppp: No such device or address 说明正常
PPTP:
yum remove -y pptpd ppp
iptables –flush POSTROUTING –table nat
iptables –flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp
wget http://www.diahosting.com/dload/dkms-2.0.17.5-1.noarch.rpm
wget http://www.diahosting.com/dload/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
wget http://www.diahosting.com/dload/pptpd-1.3.4-1.rhel5.1.i386.rpm
wget http://www.diahosting.com/dload/ppp-2.4.4-9.0.rhel5.i386.rpm
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
rpm -qa kernel_ppp_mppe
rpm -Uvh ppp-2.4.4-9.0.rhel5.i386.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo “mknod /dev/ppp c 108 0″ >> /etc/rc.local
echo “echo 1 > /proc/sys/net/ipv4/ip_forward” >> /etc/rc.local
echo “localip 172.16.36.1″ >> /etc/pptpd.conf
echo “remoteip 172.16.36.2-254″ >> /etc/pptpd.conf
echo “ms-dns 8.8.8.8″ >> /etc/ppp/options.pptpd
echo “ms-dns 8.8.4.4″ >> /etc/ppp/options.pptpd
pass=`openssl rand 6 -base64`
if [ "$1" != "" ]
then pass=$1
fi
echo “vpn pptpd ${pass} *” >> /etc/ppp/chap-secrets
iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT –to-source `ifconfig | grep ‘inet addr:’| grep -v ’127.0.0.1′ | cut -d: -f2 | awk ‘NR==1 { print $1}’`
iptables -A FORWARD -p tcp –syn -s 172.16.36.0/24 -j TCPMSS –set-mss 1356
service iptables save
chkconfig iptables on
chkconfig pptpd on
service iptables start
service pptpd start
echo “VPN service is installed, your VPN username is vpn, VPN password is ${pass}”
VPN用户管理:
直接编辑/etc/ppp/chap-secrets文件,按照相同格式添加用户名和密码即可。
OpenVPN:
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= ‘{print $2}’`
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum -y install openvpn openssl openssl-devel
ver=`yum info openvpn| grep Version | awk -F “: ” ‘{print $2}’`
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-$ver/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ../vars
./clean-all
source ./vars
echo -e “\n\n\n\n\n\n\n” | ./build-ca
clear
echo “####################################”
echo “Feel free to accept default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
clear
echo “####################################”
echo “Feel free to accept default values”
echo “This is your client key, you may set a password here but it’s not required”
echo “####################################”
./build-key client1
cd keys/
client=”
client
remote $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 10.8.0.1
verb 3″
echo “$client” > $HOSTNAME.ovpn
tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root
opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon’
echo “$opvpn” > /etc/openvpn/openvpn.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT –to-source 64.31.18.188
iptables-save > /etc/sysconfig/iptables
sed -i ‘s/eth0/venet0/g’ /etc/sysconfig/iptables # dirty vz fix for iptables-save
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf
/etc/init.d/openvpn start
clear
echo “OpenVPN has been installed
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
Start openvpn-gui, right click the tray icon go to vpn and click connect
脚本下载:
近期评论