mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-28 15:56:01 +03:00
Code Issues Projects Releases Wiki Activity

- add copyright banner

Browse Source 
- add S3 bucket for storing ikev2 credentials post-deployment
- add output section for downloading the credentials from the bucket
This commit is contained in:
Scottpedia 2023-08-01 16:35:16 +08:00
parent 3e343f9d3c
commit a36314bc0d
1 changed files with 147 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
aws/cloudformation-template-ipsec.json
View File

@ -1,32 +1,135 @@
{
"Metadata": {
"README": {
"Fn::Join": [
"\n",
[
"",
"AWS Cloudformation Template for deploying IPSec VPN Servers on AWS EC2,",
"based on the work of Lin Song <linsongui@gmail.com> : https://github.com/hwdsl2/setup-ipsec-vpn",
"The latest verstion of this template can be found at : https://github.com/hwdsl2/setup-ipsec-vpn/aws",
"",
"Copyright (C) 2020-2023 Scott X. Liang <scott.liang@pm.me>",
"",
"This work is licensed under the Creative Commons Attribution-ShareAlike 3.0",
"Unported License: http://creativecommons.org/licenses/by-sa/3.0/",
"",
"Attribution required: Please include my name in any derivative and let me",
"know how you have improved it!",
""
]
]
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Mappings": {
"OS": {
"Ubuntu2004": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip zip awscli\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"Ubuntu2204": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip zip awscli\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"Debian10": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip zip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"Debian11": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip zip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"Debian12": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\nrm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\nrm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED\napt-get -yq update\napt-get -yq install python3-pip zip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"CentOS7": {
"HelperInstallationCommands": "yum -y install python3 wget\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
"HelperInstallationCommands": "yum -y install python3 wget zip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
},
"AmazonLinux2": {
"HelperInstallationCommands": "export PATH=\"$PATH:/opt/aws/bin\"\n"
}
}
},
"Metadata": {},
"Resources": {
"IAMInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"InstanceProfileName": {
"Fn::GetAtt": [
"KeyPairInfo",
"KeyName"
]
},
"Path": "/setup-ipsec-vpn/",
"Roles": [
{
"Ref": "LambdaExecutionRole"
}
]
},
"DependsOn": [
"LambdaExecutionRole",
"KeyPairInfo"
]
},
"Ikev2S3Bucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": false,
"BlockPublicPolicy": false,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": false
},
"LifecycleConfiguration": {
"Rules": [
{
"Id": "DeletionAfterOneDay",
"Status": "Enabled",
"ExpirationInDays": 1
}
]
},
"BucketName": {
"Fn::GetAtt": [
"KeyPairInfo",
"KeyName"
]
}
},
"Metadata": {},
"DependsOn": [
"KeyPairInfo"
]
},
"OpenBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "Ikev2S3Bucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "Ikev2S3Bucket"
},
"/*"
]
]
}
}
]
}
}
},
"VpnVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
@ -95,6 +198,9 @@
}
},
"Properties": {
"IamInstanceProfile": {
"Ref": "IAMInstanceProfile"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
@ -139,6 +245,18 @@
"'\n",
"wget -t 3 -T 30 -nv -O vpn.sh https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh\n",
"sh vpn.sh\n",
"mkdir /root/profiles\n",
"cp /root/vpnclient* /root/profiles\n",
"zip -er --password '",
{
"Ref": "VpnPassword"
},
"' /root/profiles.zip /root/profiles\n",
"aws s3 cp /root/profiles.zip s3://",
{
"Ref": "Ikev2S3Bucket"
},
"/\n",
"cfn-signal -e 0 ",
" --stack ",
{
@ -195,7 +313,9 @@
"VpnServerVolume",
"KeyPairCreation",
"AMIInfoFunction",
"VpnSecurityGroup"
"VpnSecurityGroup",
"Ikev2S3Bucket",
"IAMInstanceProfile"
]
},
"VpnSecurityGroup": {
@ -297,7 +417,7 @@
"'''",
"def handler(event, context):",
" try:",
" keyName = 'setup-ipsec-vpn-' + ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(10))",
" keyName = 'setup-ipsec-vpn-' + ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(10)).lower()",
" region = event['ResourceProperties']['Region']",
" ec2 = boto3.client('ec2',region)",
" response = ec2.create_key_pair(",
@ -577,6 +697,24 @@
"WarningForDebianUsers": {
"Description": "Please be noted that due to Debian images on AWS EC2 using cloud kernels, you are unable to use IPSec/L2TP mode if your server is running Debian. For more information, please refer to the link to the left.",
"Value": "https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#debian-kernel"
},
"RetrieveYourIkev2Credentials": {
"Description": "Please use the following link to download your IKEv2 connection credentials. The password to the ZIP file that stores the credentials, is the same password used to connect to your VPN server. The download link for the credentials will expire in ONE day.",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"Ikev2S3Bucket",
"RegionalDomainName"
]
},
"/profiles.zip"
]
]
}
}
}
}