This script configures an Ubuntu server to act as a remote IPSEC VPN endpoint. If this will be a dedicated VPN server, we recommend using this with the ns.micro plan .
Deploy this script (requires existing VPS)
The settings below are requested when deploying the script:
Local Network: |
Optional Your local corporate network that will be accessible to the VPC |
---|---|
Pre-Shared Key: |
Optional The pre-shared key is used to authenticate the connection between your Mammoth VPN endpoint and your local corporate VPN endpoint |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | #!/bin/bash # <?env name="localnet" Label="Local Network" default="192.168.1.0/24" example="Your local corporate network that will be accessible to the VPC" ?> # <?env name="psk" Label="Pre-Shared Key" default="My Long Passphrase Goes Here" example="The pre-shared key is used to authenticate the connection between your Mammoth VPN endpoint and your local corporate VPN endpoint" ?> cat >> /etc/sysctl .conf << 'EOT' net.ipv4.ip_forward=1 net.ipv4.conf.default.send_redirects=0 net.ipv4.conf.eth0.send_redirects=0 net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.eth0.accept_redirects=0 net.ipv4.conf.all.accept_redirects=0 EOT start procps apt-get update DEBIAN_FRONTEND=noninteractive apt-get install -y openswan lsof echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec .conf echo '%any %any: PSK "' "$PSK "'" ' >> /etc/ipsec .secrets cat > /etc/ipsec .d /vpc .conf <<EOT conn vpc type =tunnel authby=secret left=$VPS_PRIVATEIP leftid=$VPS_PUBLICIP leftsubnet=10.240.0.0 /16 right=%any rightsubnet=$LOCALNET keyexchange=ike ike=aes192-sha1 phase2alg=aes192-sha1 salifetime=43200s pfs= yes auto=start EOT service ipsec restart iptables -t nat -A POSTROUTING -s 10.240.0.0 /16 -j SNAT --to- source $VPS_PRIVATEIP DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent # say 'yes' when asked whether to save existing rules |