mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

Use xl2tpd 1.3.12

Browse Source 
- Install xl2tpd 1.3.12 for systems with Linux kernel 4.14/4.15
- This version fixes an xl2tpd issue under the above Linux kernels
- Remove Linux kernel check and notes which are no longer needed
- Ref: xelerance/xl2tpd#147
- Ref: https://github.com/xelerance/xl2tpd/releases
This commit is contained in:
hwdsl2 2018-05-23 00:38:01 -05:00
parent e7d79e2587
commit 3f8e79b8e4
3 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README-zh.md
View File

@ -28,7 +28,7 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
## 快速开始
首先,在你的 Linux 服务器[*](#quick-start-note) 上全新安装一个 Ubuntu 16.04/14.04 LTS, Debian 或者 CentOS 系统。
首先,在你的 Linux 服务器[*](#quick-start-note) 上全新安装一个 Ubuntu LTS, Debian 或者 CentOS 系统。
使用以下命令快速搭建 IPsec VPN 服务器:
@ -58,7 +58,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
## 系统要求
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些映像 (AMIs):
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a> [*](#ubuntu-1804-note)
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
@ -77,9 +77,6 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
高级用户可以在 $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a> 上搭建 VPN 服务器。
<a name="ubuntu-1804-note"></a>
\* **注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 的 <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">问题</a>。你可以换用 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md" target="_blank">这个 Docker 镜像</a>
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!
## 安装说明

7
README.md
View File

@ -28,7 +28,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Quick start
First, prepare your Linux server[*](#quick-start-note) with a fresh install of Ubuntu 16.04/14.04 LTS, Debian or CentOS.
First, prepare your Linux server[*](#quick-start-note) with a fresh install of Ubuntu LTS, Debian or CentOS.
Use this one-liner to set up an IPsec VPN server:
@ -58,7 +58,7 @@ For other installation options and how to set up VPN clients, read the sections
## Requirements
A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> instance, from these images (AMIs):
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a> [*](#ubuntu-1804-note)
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
@ -77,9 +77,6 @@ This also includes Linux VMs in public clouds, such as <a href="https://blog.ls2
Advanced users can set up the VPN server on a $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a>.
<a name="ubuntu-1804-note"></a>
\* **Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">issue</a>. Use <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">this Docker image</a> instead.
:warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server!
## Installation

30
vpnsetup.sh
View File

@ -69,17 +69,6 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'"
fi
case "$(uname -r)" in
4.14*)
if uname -m | grep -qi '^arm'; then
exiterr "Linux kernel 4.14 is not supported due to an xl2tpd issue."
fi
;;
4.15*)
exiterr "Linux kernel 4.15 is not supported due to an xl2tpd issue."
;;
esac
net_iface=${VPN_NET_IFACE:-'eth0'}
def_iface="$(route 2>/dev/null | grep '^default' | grep -o '[^ ]*$')"
[ -z "$def_iface" ] && def_iface="$(ip -4 route list 0/0 2>/dev/null | grep -Po '(?<=dev )(\S+)')"
@ -184,6 +173,25 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config \
libcurl4-nss-dev flex bison gcc make libnss3-tools \
libevent-dev ppp xl2tpd || exiterr2
case "$(uname -r)" in
4.14*|4.15*)
L2TP_VER=1.3.12
l2tp_file="xl2tpd-$L2TP_VER.tar.gz"
l2tp_url1="https://github.com/xelerance/xl2tpd/archive/v$L2TP_VER.tar.gz"
l2tp_url2="https://mirrors.kernel.org/ubuntu/pool/universe/x/xl2tpd/xl2tpd_$L2TP_VER.orig.tar.gz"
apt-get -yq install libpcap0.8-dev || exiterr2
if ! { wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url1" || wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url2"; }; then
exiterr "Cannot download xl2tpd source."
fi
/bin/rm -rf "/opt/src/xl2tpd-$L2TP_VER"
tar xzf "$l2tp_file" && /bin/rm -f "$l2tp_file"
cd "xl2tpd-$L2TP_VER" || exiterr "Cannot enter xl2tpd source dir."
make -s 2>/dev/null && PREFIX=/usr make -s install
cd /opt/src || exiterr "Cannot enter /opt/src."
/bin/rm -rf "/opt/src/xl2tpd-$L2TP_VER"
;;
esac
bigecho "Installing Fail2Ban to protect SSH..."
apt-get -yq install fail2ban || exiterr2