记录点点滴滴

0%

发表于 分类于 Disqus:

服务器搭建

vpn.shview raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/bin/bash

## #############################
## VPN服务器安装脚本
## PASSWD_LEN, SERVER_IP要手动配置
## #############################

## 生成的密码长度
PASSWD_LEN=20
## 服务器IP
SERVER_IP=

function installVPN(){
	echo "begin to install VPN services";
	
    ## 刪除原有的pptpd&ppp
	yum remove -y pptpd ppp
	iptables --flush POSTROUTING --table nat
	iptables --flush FORWARD
	rm -rf /etc/pptpd.conf
	rm -rf /etc/ppp
	
    ## yum安裝除pptpd的包
    yum install -y dkms kernel_ppp_mppe ppp
	yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers
	
    ## 安裝pptpd
    if [ "$(rpm -qa pptpd)" == "" ]; then
        wget ftp://rpmfind.net/linux/epel/6/x86_64/pptpd-1.4.0-3.el6.x86_64.rpm
        rpm -ivh pptpd-1.4.0-3.el6.x86_64.rpm
    fi

    ## 自动化配置
	mknod /dev/ppp c 108 0 
	echo 1 > /proc/sys/net/ipv4/ip_forward 
	echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
	echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
	echo "localip 172.16.36.1" >> /etc/pptpd.conf
	echo "remoteip 172.16.36.2-254" >> /etc/pptpd.conf
	echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
	echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd

    ## 增加密码
	pass=`openssl rand ${PASSWD_LEN} -base64`
	if [ "$1" != "" ]
	then pass=$1
	fi
	echo "vpn pptpd ${pass} *" >> /etc/ppp/chap-secrets

    ## 開放端口
    iptables --flush POSTROUTING --table nat
	iptables --flush FORWARD
	iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source ${SERVER_IP}
	iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 47 -j ACCEPT
    iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
	service iptables save
    
    ## 自启动
	chkconfig iptables on
	chkconfig pptpd on

    ## 启动
	service iptables restart
	service pptpd start

	echo "VPN service is installed, your VPN username is vpn, VPN password is ${pass}"
}

function repaireVPN(){
	echo "begin to repaire VPN";
    iptables --flush POSTROUTING --table nat
	iptables --flush FORWARD
	iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source ${SERVER_IP}
	iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 47 -j ACCEPT
    iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
	service iptables save
	service iptables restart
	service pptpd start
}

function addVPNuser(){
	echo -n "input user name:"
	read username
    userpassword=$(openssl rand ${PASSWD_LEN} -base64)
    echo "name: ${username}  password: ${userpassword}"
    echo -n "confirm(Y/N):"
    read confirm
    case $confirm in
        "Y" | "y" )
	        echo "${username} pptpd ${userpassword} *" >> /etc/ppp/chap-secrets
	        service iptables restart
	        service pptpd start
            echo "add user succeed"
            ;;
        *)
            echo "add user fail"
            ;;
    esac
}

function delVPNuser(){
    echo "all users:"
    cat /etc/ppp/chap-secrets | grep -v '^#' | awk '{print $1}'
    echo -n "please select one:"
    read vpn_user
    cat /etc/ppp/chap-secrets | grep -v "^${vpn_user} " > /ect/ppp/chap-secrets
    service iptables restart
    service pptpd start
    echo "del user succeed"
}

function getVPNInfo(){
    echo "VPN Server IP: ${SERVER_IP}"
    echo "VPN Users:"
    echo "user | -- | password | * "
    cat /etc/ppp/chap-secrets | grep -v '^#'
    echo -n "VPN link num:"
    echo $(netstat -nat | grep ESTABLISHED | grep ':1723' | wc -l)
}

function checkConf(){
    if [[ "${SERVER_IP}" == "" ]]; then
        echo -e "\033[31m[ERROR] please set server_ip \033[0m"
        exit
    fi
}

echo "which do you want to?input the number."
echo "1. install VPN service"
echo "2. repaire VPN service"
echo "3. add VPN user"
echo "4. VPN info"
echo "5. del VPN user"
echo -n "please select:"
read num

case "$num" in
[1] ) 
    checkConf
    installVPN
    ;;
[2] ) 
    repaireVPN
    ;;
[3] ) 
    addVPNuser
    ;;
[4] ) 
    getVPNInfo
    ;;
[5] )
    delVPNuser
    ;;
*) echo "nothing,exit";;
esac

连接数查看

netstat -nat | grep ESTABLISHED | grep ':1723' | wc -l

发表于 分类于 Disqus:
  1. 使用win32diskimage将下载好的centos-dvd.iso刻录到准备好的U盘中.
    • UltraISO不能用,会无法引导
    • rufus也是一个不错的选择,没有测试centos是否可用,但是ubuntu可用
    • ventoy也是一个不错的选择,不过没有测试过
  2. 使用U盘安装,具体可以百度.