龙空技术网

用Shell脚本快速部署L2TP服务器

IT专家服务 392

前言:

当前兄弟们对“ubuntupptpdebug”大致比较看重,兄弟们都想要了解一些“ubuntupptpdebug”的相关知识。那么小编同时在网上搜集了一些对于“ubuntupptpdebug””的相关内容,希望我们能喜欢,你们一起来了解一下吧!

十几年前,我自学Linux的时候,参考网络教程,或多或少碰到各种各样的问题。很多时候,花费很大的时间却完成不了设定的安装部署目标,在没有指导和对照时:学习太难了……

最近完成了L2TP、PPPOE、samba、FTP、PPPOE服务器的脚本,最近几天在研究odoo ERP开源系统,这一块离商业比较近,有利于产出经济效益:商业的ERP安装和部署,吃透了再给中小企业部署安装,有利于节省企业成本,而且相对我们来说:能够共同成长……

初学者学习shell脚本,自编写的小程序,主要是为学习和交流!

参考文档:

代码截图

shell脚本代码

# +-----------------------------------------------------------------------------# | L2TP Server Shell scripts Create.....# +-----------------------------------------------------------------------------# | Copyright (c) 2020  Shanghai DuoLuo information Co.,LTD All rights reserved.# +-----------------------------------------------------------------------------# | Author: andy.wang <14918097@qq.com># +-----------------------------------------------------------------------------#!bai/bin/bashecho user1="user1"user2="user2"secretspw="duoluo20201"    #secretspw共享秘钥pw1="duoluoinfo"pw2="duoluoinfo"client_ip_range="192.168.127.128-192.168.127.254"aMTU="ifconfig $1 mtu 1500"echo ---------------------Nic interface-------------------------------------tempNIC=$(awk 'BEGIN {max = 0} {if ($2+0 > max+0) {max=$2 ;content=$0} } END {print $1}' /proc/net/dev )netnic=$(echo ${tempNIC%:*})echo ---------------------PPTP Server IP------------------------------------l2tpsrvip=$(ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:")#L2TP $l2tpsrvip服务器IP地址clearecho " "echo " "Linuxname=$(awk -F= '/^NAME/{print $2}' /etc/os-release)echo "--------Shanghai DuoLuo Infomation Technology Co.,ltd--------"echo "                         "$Linuxnameecho " "echo " "echo "Server NIC interface :   "$netnicecho "Server IP address    :   "$l2tpsrvipecho "L2TP Client IPaddress:   "$client_ip_rangemask01=$(echo ${client_ip_range%-*})mask02=$(echo ${mask01%.*})mask03=$(echo $mask02".0")echo ---------查看是否支持-----------modprobe ppp-compress-18 && echo yessystemctl stop NetworkManagersystemctl disable NetworkManagerecho --------- 关闭防火墙-----------systemctl stop firewalldsystemctl disable firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configsetenforce 0 echo --------------------------安装需要的包-------------------------------cd /homeecho #################################判断wget是否已安装#######################if [ -f /usr/share/man/man1/wget.1.gz ] ;thenecho "Wget already is exist.............OK"elseyum install wget -yfiecho ##########################################################################echo ################################## lsof ###################################lsof(list open files)是一个列出当前系统打开文件的工具。在linux环境下,任何事物都以文件的形式存在,# 通过文件不仅仅可以访问常规数据,还可以访问网络连接和硬件。所以如传输控制协议 (TCP) 和用户数据报协议 (UDP) 套接字等,#系统在后台都为该应用程序分配了一个文件描述符,无论这个文件的本质如何,该文件描述符为应用程序与基础操作系统之间的交互提供了通用接口。#因为应用程序打开文件的描述符列表提供了大量关于这个应用程序本身的信息,因此通过lsof工具能够查看这个列表对系统监测以及排错将是很有帮助的。if [ -f /usr/sbin/lsof ] ;thenecho " lsof  is exist.............OK"elseyum install lsof  -yfiecho ##########################################################################echo ################################## Vim ###################################if [ -f /usr/bin/vim ] ;thenecho " Vim  is exist.............OK"elseyum install vim  -yfi#1.删除,yum remove vim-enhanced-7.4.629-6.el7.x86_64#2.安装,yum install vim -y#3.位置,rpm -ql vim-enhanced-7.4.629-6.el7.x86_64echo #########################################################################echo ################################## nss ###################################if [ -f /etc/pki/nss-legacy/nss-rhel7.config ] ;thenecho " Nss  is exist.............OK"elseyum install nss  -yfiecho #########################################################################echo ###########################Development tools#############################if [ -f /usr/share/man/man1/zip.1.gz ] ;thenecho " Development tools is exist.............OK"elseecho " "#yum groupinstall "Development tools" -yfiecho ################################## openswan###############################if [ -f /etc/ipsec.conf ] ;thenecho " openswan is exist.............OK"elseyum install openswan -yfiecho #########################################################################echo ################################## xl2tpd ###############################cd /homeif [ -f /usr/share/man/man1/pfc.1.gz ] ;thenecho "xl2tpd.conf is exist.............OK"else{wget  install xl2tpd-1.3.8-1.el6.x86_64.rpm -y}fi#rpm -ql xl2tpd.x86_64 0:1.3.8-1.el6  二个包中的一个############备注vim /etc/ipsec.d/default.secrets没有的情况下,此文件有效,否则反之############if [ -f /etc/ipsec.d/default.secrets ] ;thenecho "/etc/ppp/chap-secrets is already exist.............OK"elseecho ':   PSK    "'$secretspw'"' >>/etc/ipsec.d/default.secretsfi################################/etc/ipsec.secrets###########################################echo -------添加预共享秘钥vim /etc/ipsec.secrets-----------if cat '/etc/ipsec.secrets' | grep $secretspw > /dev/nullthen     echo "Localip  $secretspw is secrets Passwordr.............OK"elsesed -i '$a 0.0.0.0 %any:   PSK     \"'$secretspw'\"' /etc/ipsec.secretsficlearecho "cat /etc/ipsec.d/default.secrets  cat /etc/ipsec.secrets"cat /etc/ipsec.d/default.secretsecho ""cat /etc/ipsec.secretssleep 5echo ###############################vim /etc/ipsec.conf#####################################if cat '/etc/ipsec.conf' | grep "virtual_private=%v4:10.0.0.0/8" > /dev/nullthensed -i 's/virtual_private=%v4:10.0.0.0\/8/virtual_private=%v4:'"$mask03"'\/24/g' /etc/ipsec.confelseecho "$mask03  already is exist.............OK"fiif cat '/etc/ipsec.conf' | grep "protostack=netkey" > /dev/nullthenecho "protostack=netkey  already is exist.............OK"elsesed -i '/plutodebug=none/a\        protostack=netkey\n        dumpdir=/var/run/pluto/' /etc/ipsec.conffiif cat '/etc/ipsec.conf' | grep "sha2-truncbug=yes" > /dev/nullthenecho "sha2-truncbug=yes already is exist.............OK"elsesed -i '$a conn l2tp-psk\n    rightsubnet=vhost:%priv\n    also=l2tp-psk-nonat\nconn l2tp-psk-nonat\n    authby=secret\n    pfs=no\n    auto=add\n    keyingtries=3\n    rekey=no\n    ikelifetime=8h\n    keylife=1h\n    type=transport\n    left='"$l2tpsrvip"'\n    leftprotoport=17/1701\n    right=%any\n    rightprotoport=17/%any\n    dpddelay=40\n    dpdtimeout=130\n    dpdaction=clear\n    sha2-truncbug=yes' /etc/ipsec.confficlearecho "/etc/ipsec.conf"cat '/etc/ipsec.conf'echo ##############################vim /etc/xl2tpd/xl2tpd.conf################################if cat '/etc/xl2tpd/xl2tpd.conf' | grep "; listen-addr = 192.168.1.98" > /dev/nullthensed -i 's/; listen-addr = 192.168.1.98/listen-addr = '"$l2tpsrvip"'/g' /etc/xl2tpd/xl2tpd.confelseecho "$l2tpsrvip already is exist.............OK"fiif cat '/etc/xl2tpd/xl2tpd.conf' | grep "ip range = 192.168.1.128-192.168.1.254" > /dev/nullthen{sed -i 's/ip range = 192.168.1.128-192.168.1.254/ip range = '"$client_ip_range"'/g' /etc/xl2tpd/xl2tpd.confsed -i 's/local ip = 192.168.1.99/local ip = '"$l2tpsrvip"'/g' /etc/xl2tpd/xl2tpd.conf}elseecho "$client_ip_range already is exist.............OK"ficlearecho "cat /etc/xl2tpd/xl2tpd.conf"cat '/etc/xl2tpd/xl2tpd.conf'echo ##############################vim /etc/ppp/options.xl2tpd################################sed -i 's/noccp/#noccp/g' /etc/ppp/options.xl2tpdsed -i 's/crtscts/#crtscts/g' /etc/ppp/options.xl2tpdsed -i 's/lock/#lock/g' /etc/ppp/options.xl2tpdclearecho "Modify /etc/ppp/options.xl2tpd"sleep 10if cat '/etc/ppp/options.xl2tpd' | grep "#Shang hai Duoluo Infomation Techlogogy Co.,ltd" > /dev/nullthenecho "Shang hai Duoluo Infomation Techlogogy Co.,ltd"else{echo "#Shang hai Duoluo Infomation Techlogogy Co.,ltd" >> /etc/ppp/options.xl2tpdecho "refuse-pap" >> /etc/ppp/options.xl2tpdecho "refuse-chap" >> /etc/ppp/options.xl2tpdecho "refuse-mschap" >> /etc/ppp/options.xl2tpdecho "require-mschap-v2" >> /etc/ppp/options.xl2tpdecho "persist" >> /etc/ppp/options.xl2tpd}ficlearecho "cat /etc/ppp/options.xl2tpd"cat /etc/ppp/options.xl2tpdsleep 5echo "--------------启动xl12tpd服务并加入开机启动---------------"service xl2tpd startservice ipsec startsleep 5echo  -----------------设置PPP帐号-密码 -----------------if cat '/etc/ppp/chap-secrets' | grep "$user1" > /dev/nullthen     echo "$user1 account is exist,check $user1 password!"elsesed -i '$a '"   $user1   "' * '"   $vpnpw1  "'   *' /etc/ppp/chap-secretsfiif cat '/etc/ppp/chap-secrets' | grep "$user2" > /dev/nullthen     echo "$user2 account is exist,check $user2 password!"elsesed -i '$a '"   $user2   "' * '"   $vpnpw2  "'   *' /etc/ppp/chap-secretsficlearecho "cat /etc/ppp/chap-secrets"cat /etc/ppp/chap-secretssleep 10echo  -----------------修改配置文件/etc/sysctl.conf- -----------------if cat '/etc/sysctl.conf' | grep "net.ipv4.ip_forward=1" > /dev/nullthen     echo "net.ipv4.ip_forward=1 alreary is exist......  OK"elsesed -i '$a net.ipv4.ip_forward=1' /etc/sysctl.conffiif cat '/etc/sysctl.conf' | grep "net.ipv4.conf.all.rp_filter=0" > /dev/nullthen     echo "net.ipv4.conf.all.rp_filter=0 alreary is exist......  OK"else{sed -i '$a net.ipv4.conf.all.rp_filter=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.all.accept_source_route=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.all.accept_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.all.send_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.default.rp_filter=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.default.accept_source_route=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.default.accept_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.default.send_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.'"$netnic"'.accept_source_route=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.'"$netnic"'.accept_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.'"$netnic"'.send_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.'"$netnic"'.rp_filter=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.lo.accept_source_route=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.lo.accept_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.lo.send_redirects=0' /etc/sysctl.confsed -i '$a net.ipv4.conf.lo.rp_filter=0' /etc/sysctl.conf}ficlearcat '/etc/sysctl.conf'sleep 5sysctl -pecho  ----------------- ----------------- -----------------service xl2tpd startservice ipsec startipsec verifysleep 3systemctl restart rsyslogsystemctl enable ipsecsystemctl restart ipsecsleep 3systemctl enable xl2tpdsystemctl restart xl2tpdecho -----------------

作者:王维翰,资深IT运维工程师,具备20多年IT及相关技术支持,为上海近千家中小企业、家庭用户提供过专业的IT技术支持服务;曾多次获“中小企业十佳项目经理”、“中小企业IT专家”……!

标签: #ubuntupptpdebug