forked from DanylZhang/VPS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCentOS-pptp-setup.sh
131 lines (110 loc) · 4.81 KB
/
CentOS-pptp-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
# Setup Simple PPTP VPN server for CentOS
# Copyright (C) 2015-2016 Danyl Zhang <[email protected]> and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
printhelp() {
echo "
Usage: ./CentOS-pptp-setup.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you.
If you trying set password only. It will generate Default user with Random password.
example: ./CentOS-pptp-setup.sh -u myusr -p mypass
Use without parameter [ ./CentOS-pptp-setup.sh ] to use default username and Random password
-u, --username Enter the Username
-p, --password Enter the Password
"
}
while [ "$1" != "" ]; do
case "$1" in
-u | --username ) NAME=$2; shift 2 ;;
-p | --password ) PASS=$2; shift 2 ;;
-h | --help ) echo "$(printhelp)"; exit; shift; break ;;
esac
done
# Check if user is root
[ $(id -u) != "0" ] && { echo -e "\033[31mError: You must be root to run this script\033[0m"; exit 1; }
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear
[ ! -e '/usr/bin/curl' ] && yum -y install curl
VPN_IP=`curl ipv4.icanhazip.com`
VPN_LOCAL="192.168.2.1"
VPN_REMOTE="192.168.2.10-100"
clear
if [ -f /etc/redhat-release -a -n "`grep ' 7\.' /etc/redhat-release`" ];then
#CentOS_REL=7
if [ ! -e /etc/yum.repos.d/epel.repo ];then
cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
EOF
fi
for Package in wget make openssl gcc-c++ ppp pptpd iptables iptables-services
do
yum -y install $Package
done
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
elif [ -f /etc/redhat-release -a -n "`grep ' 6\.' /etc/redhat-release`" ];then
#CentOS_REL=6
for Package in wget make openssl gcc-c++ iptables ppp
do
yum -y install $Package
done
sed -i '[email protected]_forward.*@net.ipv4.ip_forward = 1@g' /etc/sysctl.conf
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install pptpd
else
echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
exit 1
fi
sysctl -p
[ -z "`grep '^localip' /etc/pptpd.conf`" ] && echo "localip $VPN_LOCAL" >> /etc/pptpd.conf # Local IP address of your VPN server
[ -z "`grep '^remoteip' /etc/pptpd.conf`" ] && echo "remoteip $VPN_REMOTE" >> /etc/pptpd.conf # Scope for your home network
if [ -z "`grep '^ms-dns' /etc/ppp/options.pptpd`" ];then
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 209.244.0.3" >> /etc/ppp/options.pptpd
fi
#no liI10oO chars in password
LEN=$(echo ${#PASS})
if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME"]
then
P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
PASS="$P1-$P2-$P3"
fi
if [ -z "$NAME" ]
then
NAME="vpn"
fi
cat >> /etc/ppp/chap-secrets <<END
$NAME pptpd $PASS *
END
ETH=`route | grep default | awk '{print $NF}'`
[ -z "`grep '1723 -j ACCEPT' /etc/sysconfig/iptables`" ] && iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
[ -z "`grep 'gre -j ACCEPT' /etc/sysconfig/iptables`" ] && iptables -I INPUT 5 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o $ETH -j MASQUERADE
iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
service iptables save
sed -i 's@^-A INPUT -j REJECT --reject-with icmp-host-prohibited@#-A INPUT -j REJECT --reject-with icmp-host-prohibited@' /etc/sysconfig/iptables
sed -i 's@^-A FORWARD -j REJECT --reject-with icmp-host-prohibited@#-A FORWARD -j REJECT --reject-with icmp-host-prohibited@' /etc/sysconfig/iptables
service iptables restart
chkconfig iptables on
service pptpd restart
chkconfig pptpd on
clear
echo -e "You can now connect to your VPN via your external IP \033[32m${VPN_IP}\033[0m"
echo -e "Username: \033[32m${NAME}\033[0m"
echo -e "Password: \033[32m${PASS}\033[0m"