来自于 https://teddysun.com/448.html

#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=======================================================================#
#   System Supported:  CentOS 6+ / Debian 7+ / Ubuntu 12+               #
#   Description: L2TP VPN Auto Installer                                #
#   Author: Teddysun <i@teddysun.com>                                   #
#   Intro:  https://teddysun.com/448.html                               #
#=======================================================================#
cur_dir=`pwd`libreswan_filename="libreswan-3.20"rootness(){if [[ $EUID -ne 0 ]]; thenecho "Error:This script must be run as root!" 1>&2exit 1fi
}tunavailable(){if [[ ! -e /dev/net/tun ]]; thenecho "Error:TUN/TAP is not available!" 1>&2exit 1fi
}disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; thensed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configsetenforce 0
fi
}get_opsy(){[ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return[ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return[ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
}get_os_info(){IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )local cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )local cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )local freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )local tram=$( free -m | awk '/Mem/ {print $2}' )local swap=$( free -m | awk '/Swap/ {print $2}' )local up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime )local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' )local opsy=$( get_opsy )local arch=$( uname -m )local lbit=$( getconf LONG_BIT )local host=$( hostname )local kern=$( uname -r )echo "########## System Information ##########"echo echo "CPU model            : ${cname}"echo "Number of cores      : ${cores}"echo "CPU frequency        : ${freq} MHz"echo "Total amount of ram  : ${tram} MB"echo "Total amount of swap : ${swap} MB"echo "System uptime        : ${up}"echo "Load average         : ${load}"echo "OS                   : ${opsy}"echo "Arch                 : ${arch} (${lbit} Bit)"echo "Kernel               : ${kern}"echo "Hostname             : ${host}"echo "IPv4 address         : ${IP}"echo echo "########################################"
}check_sys(){local checkType=$1local value=$2local release=''local systemPackage=''if [[ -f /etc/redhat-release ]]; thenrelease="centos"systemPackage="yum"elif cat /etc/issue | grep -Eqi "debian"; thenrelease="debian"systemPackage="apt"elif cat /etc/issue | grep -Eqi "ubuntu"; thenrelease="ubuntu"systemPackage="apt"elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; thenrelease="centos"systemPackage="yum"elif cat /proc/version | grep -Eqi "debian"; thenrelease="debian"systemPackage="apt"elif cat /proc/version | grep -Eqi "ubuntu"; thenrelease="ubuntu"systemPackage="apt"elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; thenrelease="centos"systemPackage="yum"fiif [[ ${checkType} == "sysRelease" ]]; thenif [ "$value" == "$release" ];thenreturn 0elsereturn 1fielif [[ ${checkType} == "packageManager" ]]; thenif [ "$value" == "$systemPackage" ];thenreturn 0elsereturn 1fifi
}rand(){index=0str=""for i in {a..z}; do arr[index]=${i}; index=`expr ${index} + 1`; donefor i in {A..Z}; do arr[index]=${i}; index=`expr ${index} + 1`; donefor i in {0..9}; do arr[index]=${i}; index=`expr ${index} + 1`; donefor i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; doneecho ${str}
}is_64bit(){if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; thenreturn 0elsereturn 1fi
}download_file(){local download_root_url="http://dl.teddysun.com/files"if [ -s ${1} ]; thenecho "$1 [found]"elseecho "$1 not found!!!download now..."if ! wget -c -t3 -T60 ${download_root_url}/${1}; thenecho "Failed to download $1, please download it to ${cur_dir} directory manually and try again."exit 1fifi
}versionget(){if [[ -s /etc/redhat-release ]];thengrep -oE  "[0-9.]+" /etc/redhat-releaseelsegrep -oE  "[0-9.]+" /etc/issuefi
}centosversion(){if check_sys sysRelease centos;thenlocal code=${1}local version="`versionget`"local main_ver=${version%%.*}if [ "${main_ver}" == "${code}" ];thenreturn 0elsereturn 1fielsereturn 1fi
}debianversion(){if check_sys sysRelease debian;thenlocal version=$( get_opsy )local code=${1}local main_ver=$( echo ${version} | sed 's/[^0-9]//g')if [ "${main_ver}" == "${code}" ];thenreturn 0elsereturn 1fielsereturn 1fi
}version_check(){if check_sys packageManager yum; thenif centosversion 5; thenecho "Error: CentOS 5 is not supported, Please re-install OS and try again."exit 1fifi
}get_char(){SAVEDSTTY=`stty -g`stty -echostty cbreakdd if=/dev/tty bs=1 count=1 2> /dev/nullstty -rawstty echostty $SAVEDSTTY
}preinstall_l2tp(){echoif [ -d "/proc/vz" ]; thenecho -e "\033[41;37m WARNING: \033[0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel."echo "Continue installation? (y/n)"read -p "(Default: n)" agree[ -z ${agree} ] && agree="n"if [ "${agree}" == "n" ]; thenechoecho "L2TP installation cancelled."echoexit 0fifiechoecho "Please enter IP-Range:"read -p "(Default Range: 192.168.18):" iprange[ -z ${iprange} ] && iprange="192.168.18"echo "Please enter PSK:"read -p "(Default PSK: teddysun.com):" mypsk[ -z ${mypsk} ] && mypsk="teddysun.com"echo "Please enter Username:"read -p "(Default Username: teddysun):" username[ -z ${username} ] && username="teddysun"password=`rand`echo "Please enter ${username}'s password:"read -p "(Default Password: ${password}):" tmppassword[ ! -z ${tmppassword} ] && password=${tmppassword}echoecho "ServerIP:${IP}"echo "Server Local IP:${iprange}.1"echo "Client Remote IP Range:${iprange}.2-${iprange}.254"echo "PSK:${mypsk}"echoecho "Press any key to start... or press Ctrl + C to cancel."char=`get_char`}install_l2tp(){mknod /dev/random c 1 9if check_sys packageManager apt; thenapt-get -y updateif debianversion 7; thenif is_64bit; thenlocal libnspr4_filename1="libnspr4_4.10.7-1_amd64.deb"local libnspr4_filename2="libnspr4-0d_4.10.7-1_amd64.deb"local libnspr4_filename3="libnspr4-dev_4.10.7-1_amd64.deb"local libnspr4_filename4="libnspr4-dbg_4.10.7-1_amd64.deb"local libnss3_filename1="libnss3_3.17.2-1.1_amd64.deb"local libnss3_filename2="libnss3-1d_3.17.2-1.1_amd64.deb"local libnss3_filename3="libnss3-tools_3.17.2-1.1_amd64.deb"local libnss3_filename4="libnss3-dev_3.17.2-1.1_amd64.deb"local libnss3_filename5="libnss3-dbg_3.17.2-1.1_amd64.deb"elselocal libnspr4_filename1="libnspr4_4.10.7-1_i386.deb"local libnspr4_filename2="libnspr4-0d_4.10.7-1_i386.deb"local libnspr4_filename3="libnspr4-dev_4.10.7-1_i386.deb"local libnspr4_filename4="libnspr4-dbg_4.10.7-1_i386.deb"local libnss3_filename1="libnss3_3.17.2-1.1_i386.deb"local libnss3_filename2="libnss3-1d_3.17.2-1.1_i386.deb"local libnss3_filename3="libnss3-tools_3.17.2-1.1_i386.deb"local libnss3_filename4="libnss3-dev_3.17.2-1.1_i386.deb"local libnss3_filename5="libnss3-dbg_3.17.2-1.1_i386.deb"firm -rf ${cur_dir}/l2tpmkdir -p ${cur_dir}/l2tpcd ${cur_dir}/l2tpdownload_file "${libnspr4_filename1}"download_file "${libnspr4_filename2}"download_file "${libnspr4_filename3}"download_file "${libnspr4_filename4}"download_file "${libnss3_filename1}"download_file "${libnss3_filename2}"download_file "${libnss3_filename3}"download_file "${libnss3_filename4}"download_file "${libnss3_filename5}"dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4}dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5}apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-develseapt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \libevent-dev libcurl4-nss-dev libsystemd-devfiapt-get -y --no-install-recommends install xmltoapt-get -y install xl2tpdcompile_installelif check_sys packageManager yum; thenecho "Adding the EPEL repository..."yum -y install epel-release yum-utils[ ! -f /etc/yum.repos.d/epel.repo ] && echo "Install EPEL repository failed, please check it." && exit 1yum-config-manager --enable epelecho "Adding the EPEL repository complete..."if centosversion 7; thenyum -y install ppp libreswan xl2tpd firewalldyum_installelif centosversion 6; thenyum -y remove libevent-develyum -y install libevent2-develyum -y install nss-devel nspr-devel pkgconfig pam-devel \libcap-ng-devel libselinux-devel lsof \curl-devel flex bison gcc ppp make iptables gmp-devel \fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpdcompile_installfifi}config_install(){cat > /etc/ipsec.conf<<EOF
version 2.0config setupprotostack=netkeynhelpers=0uniqueids=nointerfaces=%defaultroutevirtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${iprange}.0/24conn l2tp-pskrightsubnet=vhost:%privalso=l2tp-psk-nonatconn l2tp-psk-nonatauthby=secretpfs=noauto=addkeyingtries=3rekey=noikelifetime=8hkeylife=1htype=transportleft=%defaultrouteleftid=${IP}leftprotoport=17/1701right=%anyrightprotoport=17/%anydpddelay=40dpdtimeout=130dpdaction=clearsha2-truncbug=yes
EOFcat > /etc/ipsec.secrets<<EOF
%any %any : PSK "${mypsk}"
EOFcat > /etc/xl2tpd/xl2tpd.conf<<EOF
[global]
port = 1701[lns default]
ip range = ${iprange}.2-${iprange}.254
local ip = ${iprange}.1
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOFcat > /etc/ppp/options.xl2tpd<<EOF
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
proxyarp
connect-delay 5000
EOFrm -f /etc/ppp/chap-secretscat > /etc/ppp/chap-secrets<<EOF
# Secrets for authentication using CHAP
# client    server    secret    IP addresses
${username}    l2tpd    ${password}       *
EOF}compile_install(){rm -rf ${cur_dir}/l2tpmkdir -p ${cur_dir}/l2tpcd ${cur_dir}/l2tpdownload_file "${libreswan_filename}.tar.gz"tar -zxf ${libreswan_filename}.tar.gzcd ${cur_dir}/l2tp/${libreswan_filename}echo "WERROR_CFLAGS =" > Makefile.inc.localmake programs && make install/usr/local/sbin/ipsec --version >/dev/null 2>&1if [ $? -ne 0 ]; thenecho "${libreswan_filename} install failed."exit 1ficonfig_installcp -pf /etc/sysctl.conf /etc/sysctl.conf.baksed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conffor each in `ls /proc/sys/net/ipv4/conf/`; doecho "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.confdonesysctl -pif centosversion 6; then[ -f /etc/sysconfig/iptables ] && cp -pf /etc/sysconfig/iptables /etc/sysconfig/iptables.old.`date +%Y%m%d`if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; thencat > /etc/sysconfig/iptables <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24  -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOFelseiptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPTiptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -I FORWARD -s ${iprange}.0/24  -j ACCEPTiptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}/etc/init.d/iptables savefiif [ ! -f /etc/ipsec.d/cert9.db ]; thenecho > /var/tmp/libreswan-nss-pwdcertutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.drm -f /var/tmp/libreswan-nss-pwdfichkconfig --add iptableschkconfig iptables onchkconfig --add ipsecchkconfig ipsec onchkconfig --add xl2tpdchkconfig xl2tpd on/etc/init.d/iptables restart/etc/init.d/ipsec start/etc/init.d/xl2tpd startelse[ -f /etc/iptables.rules ] && cp -pf /etc/iptables.rules /etc/iptables.rules.old.`date +%Y%m%d`if [ "`iptables -L -n | grep -c '\-\-'`" == "0" ]; thencat > /etc/iptables.rules <<EOF
# Added by L2TP VPN script
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s ${iprange}.0/24  -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}
COMMIT
EOFelseiptables -I INPUT -p udp -m multiport --dports 500,4500,1701 -j ACCEPTiptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -I FORWARD -s ${iprange}.0/24  -j ACCEPTiptables -t nat -A POSTROUTING -s ${iprange}.0/24 -j SNAT --to-source ${IP}/sbin/iptables-save > /etc/iptables.rulesficat > /etc/network/if-up.d/iptables <<EOF
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.rules
EOFchmod +x /etc/network/if-up.d/iptablesif [ ! -f /etc/ipsec.d/cert9.db ]; thenecho > /var/tmp/libreswan-nss-pwdcertutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.drm -f /var/tmp/libreswan-nss-pwdfiupdate-rc.d -f xl2tpd defaultscp -f /etc/rc.local /etc/rc.local.old.`date +%Y%m%d`sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.localcat >> /etc/rc.local <<EOF# Added by L2TP VPN script
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/service ipsec start
exit 0
EOFchmod +x /etc/rc.localecho 1 > /proc/sys/net/ipv4/ip_forward/sbin/iptables-restore < /etc/iptables.rules/usr/sbin/service ipsec start/usr/sbin/service xl2tpd restartfi}yum_install(){config_installcp -pf /etc/sysctl.conf /etc/sysctl.conf.bakecho "# Added by L2TP VPN" >> /etc/sysctl.confecho "net.ipv4.ip_forward=1" >> /etc/sysctl.confecho "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.confecho "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.confecho "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conffor each in `ls /proc/sys/net/ipv4/conf/`; doecho "net.ipv4.conf.${each}.accept_source_route=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.accept_redirects=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.send_redirects=0" >> /etc/sysctl.confecho "net.ipv4.conf.${each}.rp_filter=0" >> /etc/sysctl.confdonesysctl -pcat > /etc/firewalld/services/xl2tpd.xml<<EOF
<?xml version="1.0" encoding="utf-8"?>
<service><short>xl2tpd</short><description>L2TP IPSec</description><port protocol="udp" port="4500"/><port protocol="udp" port="1701"/>
</service>
EOFchmod 640 /etc/firewalld/services/xl2tpd.xmlsystemctl enable ipsecsystemctl enable xl2tpdsystemctl enable firewalldsystemctl status firewalld > /dev/null 2>&1if [ $? -eq 0 ]; thenfirewall-cmd --reloadecho "Checking firewalld status..."firewall-cmd --list-allecho "add firewalld rules..."firewall-cmd --permanent --add-service=ipsecfirewall-cmd --permanent --add-service=xl2tpdfirewall-cmd --permanent --add-masqueradefirewall-cmd --reloadelseecho "Firewalld looks like not running, trying to start..."systemctl start firewalldif [ $? -eq 0 ]; thenecho "Firewalld start successfully..."firewall-cmd --reloadecho "Checking firewalld status..."firewall-cmd --list-allecho "adding firewalld rules..."firewall-cmd --permanent --add-service=ipsecfirewall-cmd --permanent --add-service=xl2tpdfirewall-cmd --permanent --add-masqueradefirewall-cmd --reloadelseecho "Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary."fifisystemctl restart ipsecsystemctl restart xl2tpdecho "Checking ipsec status..."systemctl -a | grep ipsececho "Checking xl2tpd status..."systemctl -a | grep xl2tpdecho "Checking firewalld status..."firewall-cmd --list-all}finally(){cd ${cur_dir}rm -fr ${cur_dir}/l2tp# create l2tp commandcp -f ${cur_dir}/`basename $0` /usr/bin/l2tpecho "Please wait a moment..."sleep 5ipsec verifyechoecho "###############################################################"echo "# L2TP VPN Auto Installer                                     #"echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+        #"echo "# Intro: https://teddysun.com/448.html                        #"echo "# Author: Teddysun <i@teddysun.com>                           #"echo "###############################################################"echo "If there is no [FAILED] above, you can connect to your L2TP "echo "VPN Server with the default Username/Password is below:"echoecho "Server IP: ${IP}"echo "PSK      : ${mypsk}"echo "Username : ${username}"echo "Password : ${password}"echoecho "If you want to modify user settings, please use below command(s):"echo "l2tp -a (Add a user)"echo "l2tp -d (Delete a user)"echo "l2tp -l (List all users)"echo "l2tp -m (Modify a user password)"echoecho "Welcome to visit our website: https://teddysun.com/448.html"echo "Enjoy it!"echo
}l2tp(){clearechoecho "###############################################################"echo "# L2TP VPN Auto Installer                                     #"echo "# System Supported: CentOS 6+ / Debian 7+ / Ubuntu 12+        #"echo "# Intro: https://teddysun.com/448.html                        #"echo "# Author: Teddysun <i@teddysun.com>                           #"echo "###############################################################"echorootnesstunavailabledisable_selinuxversion_checkget_os_infopreinstall_l2tpinstall_l2tpfinally
}list_users(){if [ ! -f /etc/ppp/chap-secrets ];thenecho "Error: /etc/ppp/chap-secrets file not found."exit 1filocal line="+-------------------------------------------+\n"local string=%20sprintf "${line}|${string} |${string} |\n${line}" Username Passwordgrep -v "^#" /etc/ppp/chap-secrets | awk '{printf "|'${string}' |'${string}' |\n", $1,$3}'printf ${line}
}add_user(){while :doread -p "Please input your Username:" userif [ -z ${user} ]; thenecho "Username can not be empty"elsegrep -w "${user}" /etc/ppp/chap-secrets > /dev/null 2>&1if [ $? -eq 0 ];thenecho "Username (${user}) already exists. Please re-enter your username."elsebreakfifidonepass=`rand`echo "Please input ${user}'s password:"read -p "(Default Password: ${pass}):" tmppass[ ! -z ${tmppass} ] && pass=${tmppass}echo "${user}    l2tpd    ${pass}       *" >> /etc/ppp/chap-secretsecho "Username (${user}) add completed."
}del_user(){while :doread -p "Please input Username you want to delete it:" userif [ -z ${user} ]; thenecho "Username can not be empty"elsegrep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1if [ $? -eq 0 ];thenbreakelseecho "Username (${user}) is not exists. Please re-enter your username."fifidonesed -i "/^\<${user}\>/d" /etc/ppp/chap-secretsecho "Username (${user}) delete completed."
}mod_user(){while :doread -p "Please input Username you want to change password:" userif [ -z ${user} ]; thenecho "Username can not be empty"elsegrep -w "${user}" /etc/ppp/chap-secrets >/dev/null 2>&1if [ $? -eq 0 ];thenbreakelseecho "Username (${user}) is not exists. Please re-enter your username."fifidonepass=`rand`echo "Please input ${user}'s new password:"read -p "(Default Password: ${pass}):" tmppass[ ! -z ${tmppass} ] && pass=${tmppass}sed -i "/^\<${user}\>/d" /etc/ppp/chap-secretsecho "${user}    l2tpd    ${pass}       *" >> /etc/ppp/chap-secretsecho "Username ${user}'s password has been changed."
}# Main process
action=$1
if [ -z ${action} ] && [ "`basename $0`" != "l2tp" ]; thenaction=install
ficase ${action} ininstall)l2tp 2>&1 | tee ${cur_dir}/l2tp.log;;-l|--list)list_users;;-a|--add)add_user;;-d|--del)del_user;;-m|--mod)mod_user;;-h|--help)echo "Usage: `basename $0` -l,--list   List all users"echo "       `basename $0` -a,--add    Add a user"echo "       `basename $0` -d,--del    Delete a user"echo "       `basename $0` -m,--mod    Modify a user password"echo "       `basename $0` -h,--help   Print this help information";;*)echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit;;
esac