From 9462aa677c95efd31bf581110908eb5773ad9000 Mon Sep 17 00:00:00 2001
From: NewName <newemail@example.com>
Date: Fri, 22 Nov 2024 00:37:01 +0800
Subject: [PATCH] Create l2tp.sh

---
 l2tp.sh | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 l2tp.sh

diff --git a/l2tp.sh b/l2tp.sh
new file mode 100644
index 0000000..03b78b1
--- /dev/null
+++ b/l2tp.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+# 颜色代码
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+# 检查Root权限
+if [[ $EUID -ne 0 ]]; then
+   echo -e "${RED}必须以root权限运行此脚本${NC}"
+   exit 1
+fi
+
+# 生成随机字符串
+generate_random_string() {
+    tr -dc 'A-Za-z0-9' < /dev/urandom | head -c "$1"
+}
+
+# 主安装函数
+install_l2tp_vpn() {
+    # 配置参数
+    VPN_SERVER_IP=$(curl -s http://ipinfo.io/ip)
+    VPN_PSK=$(generate_random_string 16)
+    VPN_USERNAME=$(generate_random_string 8)
+    VPN_PASSWORD=$(generate_random_string 12)
+
+    # 更新和安装依赖
+    apt-get update
+    apt-get install -y strongswan xl2tpd ppp
+
+    # IPsec配置
+    cat > /etc/ipsec.conf << EOF
+config setup
+    charondebug="all"
+    uniqueids=never
+
+conn l2tp-psk
+    authby=secret
+    left=%defaultroute
+    leftid=$VPN_SERVER_IP
+    leftauth=psk
+    leftprotoport=17/1701
+    leftsendcert=never
+    right=%any
+    rightauth=psk
+    rightprotoport=17/1701
+    rightsourceip=10.0.0.0/24
+    auto=add
+EOF
+
+    cat > /etc/ipsec.secrets << EOF
+: PSK "$VPN_PSK"
+EOF
+
+    # xl2tpd配置
+    cat > /etc/xl2tpd/xl2tpd.conf << EOF
+[global]
+port = 1701
+
+[lns default]
+ip range = 10.0.0.2-10.0.0.254
+local ip = 10.0.0.1
+require chap = yes
+refuse pap = yes
+require authentication = yes
+name = L2TPServer
+ppp debug = yes
+pppoptfile = /etc/ppp/options.xl2tpd
+length bit = yes
+EOF
+
+    cat > /etc/ppp/options.xl2tpd << EOF
+ipcp-accept-local
+ipcp-accept-remote
+require-mschap-v2
+ms-dns 8.8.8.8
+ms-dns 1.1.1.1
+noccp
+auth
+hide-password
+nodefaultroute
+usepeerdns
+name l2tpd
+plugin /usr/lib/pppd/*/libplugin.so
+EOF
+
+    cat > /etc/ppp/chap-secrets << EOF
+$VPN_USERNAME * $VPN_PASSWORD *
+EOF
+
+    # 设置权限
+    chmod 600 /etc/ipsec.secrets /etc/ppp/chap-secrets
+
+    # 重启服务(使用完整路径)
+    /usr/sbin/service strongswan-starter restart
+    /usr/sbin/service xl2tpd restart
+
+    # 输出配置信息
+    echo -e "${GREEN}================================================================"
+    echo -e "L2TP/IPsec VPN连接详情："
+    echo -e "服务器IP: $VPN_SERVER_IP"
+    echo -e "用户名: $VPN_USERNAME"
+    echo -e "密码: $VPN_PASSWORD"
+    echo -e "预共享密钥: $VPN_PSK"
+    echo -e "================================================================${NC}"
+
+    # 保存连接信息到文件
+    cat > /root/vpn_credentials.txt << EOF
+服务器IP: $VPN_SERVER_IP
+用户名: $VPN_USERNAME
+密码: $VPN_PASSWORD
+预共享密钥: $VPN_PSK
+EOF
+}
+
+# 执行安装
+install_l2tp_vpn