L2TP IPSec VPN 自动安装脚本 for CentOS 7

CentOS 7改变比较大,以前的自动安装脚本不能使用

这个脚本可以在CentOS 7下自动部署IPSec L2TP VPN

  • ppp、openswan、xl2tpd全部使用yum源安装,不再需要自己编译
  • 防火墙使用FirewallD,CentOS 7默认不安装iptables
  • 开机自启动使用systemctl

下载:

https://github.com/travislee8964/L2TP-VPN-installation-script-for-CentOS-7/

作者: Travis Lee

进程务工人员

《L2TP IPSec VPN 自动安装脚本 for CentOS 7》有17个想法

  1. lz你这里漏了写yum源的更新事项了吧,按照文中的步骤会出现yum安装xl2tpd无法找到安装包。请帮忙更新下相关步骤。非常感谢!

  2. Travis:

    您好.搜索到了您这个脚本,我打算运行在 aws EC2 的RHEL-7.0上.

    安装倒是也顺利,配置我也都有检查正确.之前用类似的方法在EC2的ubuntu主机上安装成功过,VPN工作正常.

    现在在RHEL-7.0上一切看似没问题,但VPN始终就是无法建立成功.

    折腾了好几天,也完全没找到方法.serverIP 试过0.0.0.0和内网外网地址,都没有成功.请帮忙指导一下,是不是有新的地方需要注意?

    感谢!

    suhaha 20141205

    1. 打扰了 找到原因了 必须内网IP.现在可以了

      ps:脚本查询ec2的ip是不成功的.还有psk输入捕捉也是有点问题.

      再次谢谢你!

    1. 装好了,要手动开放firewall端口么,看到Failed UDP 500,添加了也没连接成功,IPSEC的话,群组名称填什么,跟PSK密钥相同么.

  3. 求教,出现如下错误该怎么解决?
    [root@jackybt ~]# wget –no-check-certificate https://github.com/travislee8964/L2TP-VPN-installation-script-for-CentOS-7/blob/master/l2tp-ipsec-install-script-for-centos7.sh
    [root@jackybt ~]# chmod +x l2tp-ipsec-install-script-for-centos7.sh
    [root@jackybt ~]# ./l2tp-ipsec-install-script-for-centos7.sh
    ./l2tp-ipsec-install-script-for-centos7.sh: line 5: syntax error near unexpected token `newline’
    ./l2tp-ipsec-install-script-for-centos7.sh: line 5: `’

  4. 我在vultr的vps上面装,不成功。
    CentOS7 64bit, Verify Ipsec 里面pluto没启动,而且没有masqoerade检测那一项 。

  5. hi脚本在centos7.2 上面一直failed:
    Verifying installed system and configuration files

    Version check and ipsec on-path [OK]
    Libreswan 3.15 (netkey) on 3.10.0-514.10.2.el7.x86_64
    Checking for IPsec support in kernel [OK]
    NETKEY: Testing XFRM related proc values
    ICMP default/send_redirects [OK]
    ICMP default/accept_redirects [OK]
    XFRM larval drop [OK]
    Pluto ipsec.conf syntax [OK]
    Hardware random device [N/A]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking rp_filter [OK]
    Checking that pluto is running [OK]
    Pluto listening for IKE on udp 500 [FAILED]
    Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
    Pluto ipsec.secret syntax [OK]
    Checking ‘ip’ command [OK]
    Checking ‘iptables’ command [OK]
    Checking ‘prelink’ command does not interfere with FIPSChecking for obsolete ipsec.conf options [OBSOLETE KEYWORD]
    Warning: ignored obsolete keyword ‘force_keepalive’
    Opportunistic Encryption [DISABLED]

    ipsec verify: encountered 2 errors – see ‘man ipsec_verify’ for help

    ####################################################
    # #
    # This is a L2TP VPN installation for CentOS 7 #
    # Version: 1.1.0 20140803 #
    # Author: Travis Lee #
    # Website: http://www.stunnel.info #
    # #
    ####################################################
    if there are no [FAILED] above, then you can
    connect to your L2TP VPN Server with the default
    user/password below:

    但是我单独执行 ipsec verify 是好的
    [root@l2tpcentos72 L2TP-VPN-installation-script-for-CentOS-7]# ipsec verify
    Verifying installed system and configuration files

    Version check and ipsec on-path [OK]
    Libreswan 3.15 (netkey) on 3.10.0-514.10.2.el7.x86_64
    Checking for IPsec support in kernel [OK]
    NETKEY: Testing XFRM related proc values
    ICMP default/send_redirects [OK]
    ICMP default/accept_redirects [OK]
    XFRM larval drop [OK]
    Pluto ipsec.conf syntax [OK]
    Hardware random device [N/A]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking rp_filter [OK]
    Checking that pluto is running [OK]
    Pluto listening for IKE on udp 500 [OK]
    Pluto listening for IKE/NAT-T on udp 4500 [OK]
    Pluto ipsec.secret syntax [OK]
    Checking ‘ip’ command [OK]
    Checking ‘iptables’ command [OK]
    Checking ‘prelink’ command does not interfere with FIPSChecking for obsolete ipsec.conf options [OBSOLETE KEYWORD]
    Warning: ignored obsolete keyword ‘force_keepalive’
    Opportunistic Encryption [DISABLED]

    所以手机一直无法连接这个VPN

发表评论