Simple PPTP, L2TP/IPsec, OpenVPN installers for fast, user-friendly deployment.

• PPTP, OpenVPN, IPsec VPN support
• User-friendly installation and configuration process
• VPN client-side configs and script generating
• Backup and uninstallion support
• Users control (add, check, delete) scripts, autorestarting, iptables automation.

• Ubuntu (tested on Ubuntu 16.04, Ubuntu 17.04)
• Debian (tested on Debian 9)
• CentOS (tested on CentOS 7)

Download: git clone --depth=1 https://github.com/bedefaced/vpn-install.git

And then some of (under root or using sudo):

• vpn-install/pptp/install.sh
• vpn-install/openvpn/install.sh
• vpn-install/ipsec/install.sh

These "wizards" will install required packages, generate necessary config files, update network configurations (to enable routing), add iptables rules, add cron jobs (for restarting servers, restoring iptables rules after reboot).

You will be answered for login-passwords of VPN users, some network information, preferred DNS-resolvers, client-to-client routing possibility.

Only MS-CHAP v2 with MPPE-128 encryption is allowed.

Note that PPTP is NOT recommended for transmission secret data, because all strong PPTP authentication algorithms have been already hacked: see link for more information.

By default (see pptpd.conf.dist and env.sh) it uses 172.16.0.0/24 subnet.

• adduser.sh - script for user-friendly chap-secrets file editing and client-side setup script generating.
• autostart.sh - script for adding cron jobs (iptables restoring after boot and server running state checking).
• backup.sh - script for backuping system config files, parameters, services and packages statuses and uninstall script generating.
• checkserver.sh - script for cron job, which check server running state.
• checkuser.sh - script for user-friendly chap-secrets file existing user checking.
• deluser.sh - script for user-friendly chap-secrets file existing user removing.
• dns.sh - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
• env.sh - common for all scripts config variables (packet manager, subnet, ip, config files paths).
• install.sh - main installation script (wizard).
• iptables-setup.sh - iptables configuration script.
• options.pptp.dist - PPP options template.
• pptpd.conf.dist - PPTPD config template.
• setup.sh.dist - client-side connection installer script template.
• sysctl.sh - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).

On Linux:

During VPN server installation (more precisely: during adding user procedure) it will generate client-side setup.sh script in %username% directory. Client-side setup script was tested on Ubuntu 16.04.

You can also use Ubuntu standard Network Manager for PPTP VPN connection.

On Windows:

Create new VPN-connection using standart 'Set up a new connection or network' wizard, select PPTP VPN and provide host, login and password information. In the 'Security' tab of created connection check only MS-CHAP v2 protocol.

IPsec over L2TP VPN server with pre-shared key.

Only MS-CHAP v2 is allowed on L2TP.

IPsec implementation: strongSwan.

L2TP implementation: xl2tpd.

By default (see xl2tpd.conf.dist and env.sh) it uses 172.18.0.0/24 subnet.

IKE encryption algorithms: see ipsec.conf.dist.

• adduser.sh - script for user-friendly chap-secrets file editing and client-side setup script generating.
• autostart.sh - script for adding cron jobs (iptables restoring after boot and server running state checking).
• backup.sh - script for backuping system config files, parameters, services and packages statuses and uninstall script generating.
• checkserver.sh - script for cron job, which check servers running state.
• checkuser.sh - script for user-friendly chap-secrets file existing user checking.
• client-options.xl2tpd.dist - client-side ppp connection template.
• client-xl2tpd.conf.dist - client-side xl2tpd config template.
• connect.sh.dist - client-side connect script template.
• deluser.sh - script for user-friendly chap-secrets file existing user removing.
• disconnect.sh.dist - client-side disconnect script template.
• dns.sh - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
• env.sh - common for all scripts config variables (subnet, ip, config files paths).
• install.sh - main installation script (wizard).
• ipsec.conf.dist - IPsec (strongSwan) config file template.
• iptables-setup.sh - iptables configuration script.
• options.xl2tpd.dist - PPP options template.
• psk.sh - script for user-friendly creating pre-shared key in ipsec.secrets file.
• setup.sh.dist - client-side connection installer script template.
• sysctl.sh - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).
• xl2tpd.conf.dist - xl2tpd config file template.

On Linux:

During VPN server installation (more precisely: during adding user procedure) it will generate client-side setup.sh script in %username% directory with necessary config files and connect.sh and disconnect.sh scripts. Client-side scripts was tested on Ubuntu 16.04.

You can also use Ubuntu standard Network Manager for IPsec VPN connection if you install network-manager-l2tp plugin.

On Windows:

Create new VPN-connection using standart 'Set up a new connection or network' wizard, select 'L2TP/IPsec with pre-shared key', provide host, login and password information.

In the 'Security' tab of created connection check only MS-CHAP v2 protocol, then enter to 'Advanced settings' and enter your pre-shared key.

Server and client certificates and TLS auth are used for authentication (generating using Easy-RSA package, see adduser.sh and install.sh).

Used cipher: AES-256-CBC (see openvpn-server.conf.dist).

By default (see openvpn-server.conf.dist and env.sh) it uses 172.20.0.0/24 subnet. Port 1194 (default).

• adduser.sh - script for user-friendly client config and key+certificate generating.
• autostart.sh - script for adding cron jobs (iptables restoring after boot and server running state checking).
• backup.sh - script for backuping system config files, parameters, services and packages statuses and uninstall script generating.
• checkserver.sh - script for cron job, which check server running state.
• checkuser.sh - script for user-friendly existing user checking.
• deluser.sh - script for user-friendly existing user removing (certificate revoking).
• dns.sh - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
• env.sh - common for all scripts config variables (subnet, ip, config files paths).
• install.sh - main installation script (wizard).
• iptables-setup.sh - iptables configuration script.
• openvpn-server-embedded.ovpn.dist - client config file with embedded keys and certificates template.
• openvpn-server.conf.dist - OpenVPN server config file template.
• openvpn-server.ovpn.dist - client config file template.
• sysctl.sh - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).

On Linux:

During VPN server installation (more precisely: during adding user procedure) it will generate client-side configs in %username% directory.

Then simply:

apt-get install openvpn
openvpn --config config.ovpn

You can also use Ubuntu standard Network Manager for OpenVPN connection if you install network-manager-openvpn-gnome plugin.

On Windows:

Download OpenVPV GUI client: https://openvpn.net/index.php/open-source/downloads.html.

Import config and connect, or run explorer context menu command.

During installation script will backup config files which are in system and will create uninstall script. So use some of (under root or using sudo):

• vpn-install/pptp/uninstall/uninstall.sh
• vpn-install/openvpn/uninstall/uninstall.sh
• vpn-install/ipsec/uninstall/uninstall.sh

These "wizards" will uninstall installed packages, restore system config files (which was before installation), remove added iptables rules and cron jobs.