mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-03-13 16:26:06 +03:00
Code Issues Projects Releases Wiki Activity

Merge serveral revisions

Browse Source
This commit is contained in:
hwdsl2 2015-07-13 15:46:16 -07:00
parent 734f561494
commit d541f0d9b4
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vpnsetup.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#
# Amazon EC2 user-data file for automatic configuration of IPsec/L2TP VPN
# on a Ubuntu server instance. Tested with 14.04 (Trusty) AND 12.04 (Precise).
# Amazon EC2 user-data file for automatic configuration of IPsec/L2TP VPN server
# on a Ubuntu or Debian instance. Tested with Ubuntu 14.04 & 12.04 and Debian 8 & 7.
# With minor modifications, this script *can also be used* on dedicated servers
# or any KVM- or XEN-based Virtual Private Server (VPS) from other providers.
#
@ -30,8 +30,8 @@ if [ "$(uname)" = "Darwin" ]; then
exit
fi
if [ "$(lsb_release -si)" != "Ubuntu" ]; then
echo "Looks like you aren't running this script on a Ubuntu system."
if [ "$(lsb_release -si)" != "Ubuntu" ] && [ "$(lsb_release -si)" != "Debian" ]; then
echo "Looks like you aren't running this script on a Ubuntu or Debian system."
exit
fi
@ -184,7 +184,7 @@ cat > /etc/ppp/chap-secrets <<EOF
$VPN_USER l2tpd $VPN_PASSWORD *
EOF
/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.old-$(date +%Y-%m-%d-%H:%M:%S)
/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.old-$(date +%Y-%m-%d-%H:%M:%S) 2>/dev/null
cat > /etc/sysctl.conf <<EOF
kernel.sysrq = 0
kernel.core_uses_pid = 1
@ -217,7 +217,7 @@ net.ipv4.tcp_rmem= 10240 87380 12582912
net.ipv4.tcp_wmem= 10240 87380 12582912
EOF
/bin/cp -f /etc/iptables.rules /etc/iptables.rules.old-$(date +%Y-%m-%d-%H:%M:%S)
/bin/cp -f /etc/iptables.rules /etc/iptables.rules.old-$(date +%Y-%m-%d-%H:%M:%S) 2>/dev/null
cat > /etc/iptables.rules <<EOF
*filter
:INPUT ACCEPT [0:0]
@ -238,7 +238,7 @@ cat > /etc/iptables.rules <<EOF
-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
-A FORWARD -j DROP
-A ICMPALL -p icmp -f -j DROP
-A ICMPALL -p icmp -f -j DROP
-A ICMPALL -p icmp --icmp-type 0 -j ACCEPT
-A ICMPALL -p icmp --icmp-type 3 -j ACCEPT
-A ICMPALL -p icmp --icmp-type 4 -j ACCEPT
@ -261,7 +261,7 @@ cat > /etc/network/if-pre-up.d/iptablesload <<EOF
exit 0
EOF
/bin/cp -f /etc/rc.local /etc/rc.local.old-$(date +%Y-%m-%d-%H:%M:%S)
/bin/cp -f /etc/rc.local /etc/rc.local.old-$(date +%Y-%m-%d-%H:%M:%S) 2>/dev/null
cat > /etc/rc.local <<EOF
#!/bin/sh -e
#