OpenSource
/
vpn-install
mirror of https://github.com/bedefaced/vpn-install.git
1
0
Fork 0
Code Releases Wiki Activity
Simple PPTP, L2TP/IPsec, OpenVPN installers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
2 Branches
0 Tags
124 KiB
 
Tag: Branch: Tree: f0c9312a89
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f0c9312a89'
${ noResults }
vpn-install/pptp/iptables-setup.sh

79 lines
2.1 KiB
Raw Blame History

#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ ! -e $IPTABLES ]]; then
touch $IPTABLES
fi
if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
echo "$IPTABLES is not exist or not accessible (are you root?)"
exit 1
fi
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -4qO- "http://whatismyip.akamai.com/")
fi
# backup and remove rules with $LOCALIP
iptables-save > $IPTABLES.backup
IFS=$'\n'
iptablesclear=$(iptables -S -t nat | sed -n -e '/$LOCALPREFIX/p' | sed -e 's/-A/-D/g')
for line in $iptablesclear
do
cmd="iptables -t nat $line"
eval $cmd
done
# detect default gateway interface
echo "Found next network interfaces:"
ifconfig -a | sed 's/[ \t].*//;/^\(lo\|\)$/d'
echo
GATE=$(route | grep '^default' | grep -o '[^ ]*$')
read -p "Enter your external network interface: " -i $GATE -e GATE
STATIC="yes"
read -p "Your external IP is $IP. Is this IP static? [yes] " ANSIP
: ${ANSIP:=$STATIC}
if [ "$STATIC" == "$ANSIP" ]; then
# SNAT
iptables -t nat -A POSTROUTING -s $LOCALIPMASK -o $GATE -j SNAT --to-source $IP
else
# MASQUERADE
iptables -t nat -A POSTROUTING -o $GATE -j MASQUERADE
fi
DROP="yes"
read -p "Would you want to disable client-to-client routing? [yes] " ANSDROP
: ${ANSDROP:=$DROP}
if [ "$DROP" == "$ANSDROP" ]; then
# disable forwarding
iptables -I FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
else
echo "Deleting DROP rule if exists..."
iptables -D FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
fi
# MSS Clamping
iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# PPP
iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT
# PPTP
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
# GRE
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F
iptables-restore < $IPTABLES