Centos7.x PPTP 一键脚本

下载脚本到服务器

yum install -y wget && wget https://99836.vip/wp-content/uploads/2022/06/Centos7_PPTP && chmod +x ./Centos7_PPTP

运行脚本(可带参数)

• 不带参数
  bash Centos7_PPTP
./Centos7_PPTP
• 带参数
  bash Centos7_PPTP -u PPTPUsername -p PPTPassword
./Centos7_PPTP -u PPTPUsername -p PPTPassword

注意事项

如果你无法访问一些特定网站，建议你修改ppp接口的MTU（很多时候能连接vpn但是无法打开某些网页也可能跟这个有关系）
MTU解决方法
vi /etc/ppp/ip-up
输入以下内容

#!/bin/sh
#允许连接PPTP服务
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
#允许建立VPN隧道以验证用户名密码
iptables -I INPUT -p gre -j ACCEPT
#建立NAT转换规则
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o 网卡名称 -j MASQUERADE
#允许pptpd转发
iptables -I FORWARD -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#优化网络数据传输速度
iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
echo "完成"

重启 PPTPd
systemctl restart pptpd

脚本源码

#!/bin/bash
#    Setup Simple PPTP VPN server for CentOS 7 on Host1plus
#    Copyright (C) 2015-2016 Danyl Zhang <[email protected]> and contributors
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.

SYSTEM_TYPE=""

###
# 去除开头结尾的空白字符
###
trim() {
  str=""
  if [ $# -gt 0 ]; then
      str="$1"
  fi
  echo "$str" | sed -e 's/^[ \t\r\n]*//g' | sed -e 's/[ \t\r\n]*$//g'
}
###
# 获取系统标识符：ubuntu、centos、alpine等
###
os() {
    os=$(trim $(cat /etc/os-release 2>/dev/null | grep ^ID= | awk -F= '{print $2}'))
    if [ "$os" = "" ]; then
        os=$(trim $(lsb_release -i 2>/dev/null | awk -F: '{print $2}'))
    fi
    if [ ! "$os" = "" ]; then
        os=$(echo $os | tr '[A-Z]' '[a-z]')
    fi
}

###
# 具体业务逻辑
###
case "$(os)" in
    ubuntu)
        SYSTEM_TYPE="ubuntu"
        ;;
    centos)
        SYSTEM_TYPE="centos"
        ;;
    alpine)
        SYSTEM_TYPE="alpine"
        echo "This System Is Not Support"
        exit 0
        ;;
    *)
        echo Unknow OS $OS, exit!
        exit 0
        ;;
esac

SSH_Port=`cat /etc/ssh/sshd_config |grep Port | grep 22| tail -1`
SSH_Port=${SSH_Port/"Port "/""}

printhelp() {

echo "
Usage: ./CentOS7-pptp-host1plus.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you. 
If you trying set password only. It will generate Default user with Random password. 
example: ./CentOS7-pptp-host1plus.sh -u myusr -p mypass
Use without parameter [ ./CentOS7-pptp-host1plus.sh ] to use default username and Random password
  -u,    --username             Enter the Username
  -p,    --password             Enter the Password
"
}

while [ "$1" != "" ]; do
  case "$1" in
    -u    | --username )             NAME=$2; shift 2 ;;
    -p    | --password )             PASS=$2; shift 2 ;;
    -h    | --help )            echo "$(printhelp)"; exit; shift; break ;;
  esac
done

# Check if user is root
[ $(id -u) != "0" ] && { echo -e "\033[31mError: You must be root to run this script\033[0m"; exit 1; } 

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear

yum -y update
yum -y install epel-release
yum -y install firewalld net-tools curl ppp pptpd

echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p

#no liI10oO chars in password

LEN=$(echo ${#PASS})

if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME"]
then
   P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   PASS="$P1$P2$P3"
fi

if [ -z "$NAME" ]
then
   NAME="PPTPUser"
fi

cat >> /etc/ppp/chap-secrets <<END
$NAME pptpd $PASS *
END

cat >/etc/pptpd.conf <<END
option /etc/ppp/options.pptpd
logwtmp
localip 10.10.10.1
remoteip 10.10.10.10-100
stimeout 172800
END

cat >/etc/ppp/options.pptpd <<END
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 209.244.0.3
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
END

ETH=`route | grep default | awk '{print $NF}'`

# Firewalld Config
systemctl restart firewalld.service
systemctl enable firewalld.service
firewall-cmd --set-default-zone=public
firewall-cmd --add-interface=$ETH
firewall-cmd --add-port=$SSH_Port/tcp --permanent
firewall-cmd --add-port=1723/tcp --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i $ETH -p gre -j ACCEPT
firewall-cmd --reload

# # iptables Config
yum install iptables-services
systemctl disbale iptables
systemctl stop iptables
# iptables -I INPUT -p tcp --dport ${SSH_Port} -j ACCEPT
# iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 1723 -j ACCEPT
# #这里一定看清楚，里面的ip“192.168.1.0/24”要和 /etc/pptpd.conf 的“localip”配置网段对应，还要注意网卡eth0，如果你的网卡不是eth0，就改成你相应的网卡名
# #OpenVZ系统用此命令,1.1.1.1为你的VPS的IP地址
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o $ETH -j SNAT --to 1.1.1.1
# #XEN系统用这个命令
# # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o $ETH -j MASQUERADE
# service iptables save
# service iptables restart
# systemctl enable iptables.service
# systemctl restart iptables.service



cat > /etc/ppp/ip-up.local << END
/sbin/ifconfig $1 mtu 1400
END
chmod +x /etc/ppp/ip-up.local
systemctl restart pptpd.service
systemctl enable pptpd.service

VPN_IP=`curl ipv4.icanhazip.com`
echo -e "This System Is ${SYSTEM_TYPE}"
echo -e "You PPTP VPN Server Via This external IP \033[32m${VPN_IP}\033[0m"
echo -e "PPTP User: \033[32m${NAME}\033[0m"
echo -e "PPTP Pass: \033[32m${PASS}\033[0m"