mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 06:16:07 +03:00
Code Issues Projects Releases Wiki Activity

Improve setup

Browse Source 
- To make it easier for users to set up IKEv2, the IKEv2 helper script
  is now downloaded during VPN setup.
- Cleanup
This commit is contained in:
hwdsl2 2021-03-28 23:39:29 -05:00
parent e6c2cbcd96
commit cec1dde5e4
3 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
vpnsetup.sh
View File

@ -141,7 +141,6 @@ fi
bigecho "VPN setup in progress... Please be patient." bigecho "VPN setup in progress... Please be patient."
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1
@ -195,6 +194,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
apt-get -yqq install fail2ban >/dev/null apt-get -yqq install fail2ban >/dev/null
) || exiterr2 ) || exiterr2
bigecho "Downloading IKEv2 script..."
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
(
set -x
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
) || /bin/rm -f ikev2.sh
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.3
@ -424,9 +431,6 @@ if [ "$ipt_flag" = "1" ]; then
iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
# Uncomment to disallow traffic between VPN clients
# iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
# iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
iptables -A FORWARD -j DROP iptables -A FORWARD -j DROP
iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE

12
vpnsetup_amzn.sh
View File

@ -110,7 +110,6 @@ fi
bigecho "VPN setup in progress... Please be patient." bigecho "VPN setup in progress... Please be patient."
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1
@ -159,6 +158,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
yum --enablerepo=epel -y -q install fail2ban >/dev/null yum --enablerepo=epel -y -q install fail2ban >/dev/null
) || exiterr2 ) || exiterr2
bigecho "Downloading IKEv2 script..."
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
(
set -x
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
) || /bin/rm -f ikev2.sh
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.3
@ -385,9 +392,6 @@ if [ "$ipt_flag" = "1" ]; then
iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
# Uncomment to disallow traffic between VPN clients
# iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
# iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE" echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"

12
vpnsetup_centos.sh
View File

@ -123,7 +123,6 @@ fi
bigecho "VPN setup in progress... Please be patient." bigecho "VPN setup in progress... Please be patient."
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1
@ -207,6 +206,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
yum "$REPO1" -y -q install fail2ban >/dev/null yum "$REPO1" -y -q install fail2ban >/dev/null
) || exiterr2 ) || exiterr2
bigecho "Downloading IKEv2 script..."
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
(
set -x
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
) || /bin/rm -f ikev2.sh
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.3
@ -449,9 +456,6 @@ if [ "$ipt_flag" = "1" ]; then
iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
# Uncomment to disallow traffic between VPN clients
# iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
# iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE" echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"