Table of contents
Subscribe to our newsletter.
No spam
100% Great content
Special deals
Subscribe now

L2TP VPN installer script (Ubuntu 20.04, OpenVZ)

Published on 25 April 2022

The L2TP installer was developed and tested on Ubuntu 20.04 inside an OpenVZ container. PPP module is required to be enabled on the host machine in order for this to work. This software is used every time a new L2TP Dedicated VPN is activated.

 

#!/bin/bash 

#Variables
IP=$(hostname -I | awk '{print $2}')
PasswordGenerator=$(</dev/urandom tr -dc '[:alnum:]' | head -c15; echo "")
PSK=$(openssl rand -base64 24)
export DEBIAN_FRONTEND=noninteractive

#Set proper mirrors
mv /etc/apt/sources.list /etc/apt/sources.list_backup
tee /etc/apt/sources.list <<EOF
deb https://mirrors.neterra.net/ubuntu/ focal main restricted universe
deb https://mirrors.neterra.net/ubuntu/ focal-updates main restricted universe
deb https://mirrors.neterra.net/ubuntu/ focal-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu focal partner
EOF

#Install Software and upgrade the server
apt-get -yq --allow-releaseinfo-change update
apt-get install -y ppp xl2tpd strongswan libcharon-extra-plugins strongswan-pki iptables-persistent curl

tee -a /etc/ipsec.secrets <<EOF
$IP %any : PSK $PSK
EOF

tee /etc/ipsec.conf <<EOF
config setup
		logip=no
		audit-log=no
conn vpnserver
        type=transport
        authby=secret
        rekey=no
        keyingtries=1
        left=%any
        leftprotoport=udp/l2tp
        leftid=$IP
        right=%any
        rightprotoport=udp/%any
        auto=add
EOF
chmod 664 /etc/ipsec.secrets

tee /etc/strongswan.d/charon-logging.conf <<EOF
charon {
    syslog {
        daemon {
            default = -1
       }
   }
}

charon-systemd : charon {
    journal {
        default = -1
   }
}
EOF


wget http://files.vps.bg/vpn/l2tp/00-vpn.conf -P /etc/rsyslog.d/ 
systemctl restart rsyslog 

#Configure L2TP
iptables -t nat -A POSTROUTING -j SNAT --to-source $IP -o venet0
iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

#Save rules
systemctl enable netfilter-persistent.service
iptables-save > /etc/iptables/rules.v4

#Cron job
echo "@reboot mknod /dev/ppp c 108 0" >> cronxl2tpd
echo "@reboot systemctl restart l2tpd" >> cronxl2tpd
crontab cronxl2tpd
rm cronxl2tpd

#Configurations
tee /etc/xl2tpd/xl2tpd.conf <<EOF
[global]
port = 1701
access control = no
 
[lns default]
ip range = 10.0.3.2-10.0.3.254
local ip = 10.0.3.1
require authentication = yes
name = dedicatedvpn
pppoptfile = /etc/ppp/options.xl2tpd
EOF

tee /etc/ppp/options.xl2tpd <<EOF
require-mschap-v2
ms-dns 9.9.9.9
ms-dns 149.112.112.112
mtu 1420
EOF

#Configure PPP
tee /etc/ppp/chap-secrets <<EOF
dedicatedvpn          *       $PasswordGenerator           *
EOF

#Apply configuration
systemctl enable strongswan-starter.service
systemctl enable xl2tpd.service
systemctl restart xl2tpd.service
systemctl restart strongswan-starter.service

#Configure SSH.
sed -i "s/#Port 22/Port 22000/g" /etc/ssh/sshd_config
systemctl restart sshd

#User management software
mkdir /root/tools/
wget http://files.vps.bg/vpn/l2tp/user_management -P /root/tools/
chmod +x /root/tools/user_management

#VPSBG Credentials
curl -X POST --data-urlencode "token=XXXXXXXXXXXX" --data-urlencode "username=dedicatedvpn" --data-urlencode "password=$PasswordGenerator" --data-urlencode "psk=$PSK" "https://secure.vpsbg.eu/XXXXXXXX"

#Remove bloatware
apt-get remove exim* apache2* python* pwgen tcpdump telnet -y
apt-get clean

Choose your service now with instant activation.

Get started with no risk - we offer 30-day moneyback guarantee.

Get started