mammoth's VPC: IPSEC VPN endpoint

Supports: Ubuntu 14.04 LTS/16.04 LTS (64-bit)

Source Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
# <?env name="localnet" Label="Local Network" default="192.168.1.0/24" example="Your local corporate network that will be accessible to the VPC" ?>
# <?env name="psk" Label="Pre-Shared Key" default="My Long Passphrase Goes Here" example="The pre-shared key is used to authenticate the connection between your Mammoth VPN endpoint and your local corporate VPN endpoint" ?>
 
cat >> /etc/sysctl.conf <<'EOT'
net.ipv4.ip_forward=1
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.eth0.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0
EOT
 
start procps
 
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y openswan lsof
 
echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf
 
echo '%any %any: PSK "'"$PSK"'"' >> /etc/ipsec.secrets
 
cat > /etc/ipsec.d/vpc.conf <<EOT
conn vpc
 type=tunnel
 authby=secret
 left=$VPS_PRIVATEIP
 leftid=$VPS_PUBLICIP
 leftsubnet=10.240.0.0/16
 right=%any
 rightsubnet=$LOCALNET
 keyexchange=ike
 ike=aes192-sha1
 phase2alg=aes192-sha1
 salifetime=43200s
 pfs=yes
 auto=start
EOT
 
service ipsec restart
 
iptables -t nat -A POSTROUTING -s 10.240.0.0/16 -j SNAT --to-source $VPS_PRIVATEIP
DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent  # say 'yes' when asked whether to save existing rules
Preload Preload Preload