-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcentos-pptp
79 lines (78 loc) · 3.37 KB
/
centos-pptp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
[ $(id -u) != "0" ] && { echo -e "\033[31mError: You must be root to run this script\033[0m"; exit 1; }
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear
[ ! -e '/usr/bin/curl' ] && yum -y install curl
VPN_IP="IPADDRESS"
VPN_USER="USER"
VPN_PASS="PASSWORD"
VPN_LOCAL="192.168.0.1"
VPN_REMOTE="192.168.0.100-110"
while :
do
echo
read -p "Please input username: " VPN_USER
[ -n "$VPN_USER" ] && break
done
while :
do
echo
read -p "Please input password: " VPN_PASS
[ -n "$VPN_PASS" ] && break
done
clear
if [ -f /etc/redhat-release -a -n "`grep ' 7\.' /etc/redhat-release`" ];then
#CentOS_REL=7
if [ ! -e /etc/yum.repos.d/epel.repo ];then
cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
EOF
fi
for Package in wget make openssl gcc-c++ ppp pptpd iptables iptables-services
do
yum -y install $Package
done
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
elif [ -f /etc/redhat-release -a -n "`grep ' 6\.' /etc/redhat-release`" ];then
#CentOS_REL=6
for Package in wget make openssl gcc-c++ iptables ppp
do
yum -y install $Package
done
sed -i '[email protected]_forward.*@net.ipv4.ip_forward = 1@g' /etc/sysctl.conf
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install pptpd
else
echo -e "\033[31mDoes not support this OS, Please contact the author! \033[0m"
exit 1
fi
echo "1" > /proc/sys/net/ipv4/ip_forward
sysctl -p /etc/sysctl.conf
[ -z "`grep '^localip' /etc/pptpd.conf`" ] && echo "localip $VPN_LOCAL" >> /etc/pptpd.conf # Local IP address of your VPN server
[ -z "`grep '^remoteip' /etc/pptpd.conf`" ] && echo "remoteip $VPN_REMOTE" >> /etc/pptpd.conf # Scope for your home network
if [ -z "`grep '^ms-dns' /etc/ppp/options.pptpd`" ];then
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd # Google DNS Primary
echo "ms-dns 209.244.0.3" >> /etc/ppp/options.pptpd # Level3 Primary
echo "ms-dns 208.67.222.222" >> /etc/ppp/options.pptpd # OpenDNS Primary
fi
echo "$VPN_USER pptpd $VPN_PASS *" >> /etc/ppp/chap-secrets
ETH=`route | grep default | awk '{print $NF}'`
[ -z "`grep '1723 -j ACCEPT' /etc/sysconfig/iptables`" ] && iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
[ -z "`grep 'gre -j ACCEPT' /etc/sysconfig/iptables`" ] && iptables -I INPUT 5 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o $ETH -j MASQUERADE
iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
service iptables save
sed -i 's@^-A INPUT -j REJECT --reject-with icmp-host-prohibited@#-A INPUT -j REJECT --reject-with icmp-host-prohibited@' /etc/sysconfig/iptables
sed -i 's@^-A FORWARD -j REJECT --reject-with icmp-host-prohibited@#-A FORWARD -j REJECT --reject-with icmp-host-prohibited@' /etc/sysconfig/iptables
service iptables restart
service pptpd restart
chkconfig pptpd on
clear
echo -e "You can now connect to your VPN via your external IP \033[32m${VPN_IP}\033[0m"
echo -e "Username: \033[32m${VPN_USER}\033[0m"
echo -e "Password: \033[32m${VPN_PASS}\033[0m"