Skip to content

Instantly share code, notes, and snippets.

@andrejmaya
Created July 8, 2018 07:31
Show Gist options
  • Save andrejmaya/845338a939747739ef1fe913c43ec448 to your computer and use it in GitHub Desktop.
Save andrejmaya/845338a939747739ef1fe913c43ec448 to your computer and use it in GitHub Desktop.
Setup Site-to-Site VPN connection with Strongswan. Execute this script on each gateway and change switch the variables accordingly
export LEFT_GW_IP=35.157.246.157
export LEFT_CIDR=10.1.1.0/24
export RIGHT_GW_IP=35.158.110.212
export RIGHT_CIDR=10.2.1.0/24
sudo su
apt-get update -y
apt-get install -y strongswan
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
EOF
sysctl -p /etc/sysctl.conf
cat >> /etc/ipsec.secrets << EOF
$RIGHT_GW_IP $LEFT_GW_IP : PSK “loremipsum"
EOF
cat >> /etc/ipsec.conf << EOF
# basic configuration
config setup
charondebug="all”
uniqueids=yes
strictcrlpolicy=no
# connection to amsterdam datacenter
conn right-to-left
authby=secret
left=%defaultroute
leftid=$RIGHT_GW_IP
leftsubnet=$RIGHT_CIDR
right=$LEFT_GW_IP
rightsubnet=$LEFT_CIDR
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
EOF
iptables -t nat -A POSTROUTING -s $LEFT_CIDR -d $RIGHT_CIDR -j MASQUERADE
systemctl enable strongswan
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment