Last active
July 10, 2016 15:27
-
-
Save bblincoe/6576c21b18b6483f931ec28964e51256 to your computer and use it in GitHub Desktop.
OpenSwan acting as VPN IPSec endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "OpenSwan acting as VPN IPSec endpoint", | |
| "Parameters": { | |
| "KeyName": { | |
| "Description": "Key for SSH access", | |
| "Type": "AWS::EC2::KeyPair::KeyName", | |
| "ConstraintDescription": "Must be the name of an existing key pair." | |
| }, | |
| "VPC": { | |
| "Description": "Select a VPC.", | |
| "Type": "AWS::EC2::VPC::Id" | |
| }, | |
| "Subnet": { | |
| "Description": "Select an available subnet.", | |
| "Type": "AWS::EC2::Subnet::Id" | |
| }, | |
| "IPSecSharedSecret": { | |
| "Description": "The shared secret key for IPSec.", | |
| "Type": "String" | |
| }, | |
| "VPNUser": { | |
| "Description": "The VPN user.", | |
| "Type": "String" | |
| }, | |
| "VPNPassword": { | |
| "Description": "The VPN password.", | |
| "Type": "String" | |
| } | |
| }, | |
| "Mappings": { | |
| "EC2RegionMap": { | |
| "us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"}, | |
| } | |
| }, | |
| "Resources": { | |
| "EC2Instance": { | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "InstanceType": "t2.micro", | |
| "SecurityGroupIds": [{"Ref": "InstanceSecurityGroup"}], | |
| "KeyName": {"Ref": "KeyName"}, | |
| "ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]}, | |
| "SubnetId": {"Ref": "Subnet"}, | |
| "UserData": {"Fn::Base64": {"Fn::Join": ["", [ | |
| "#!/bin/bash -ex\n", | |
| "export IPSEC_PSK=", {"Ref": "IPSecSharedSecret"}, "\n", | |
| "export VPN_USER=", {"Ref": "VPNUser"}, "\n", | |
| "export VPN_PASSWORD=", {"Ref": "VPNPassword"}, "\n", | |
| "export STACK_NAME=", {"Ref": "AWS::StackName"}, "\n", | |
| "export REGION=", {"Ref": "AWS::Region"}, "\n", | |
| "curl -s https://raw.githubusercontent.com/AWSinAction/code/master/chapter5/vpn-setup.sh | bash -ex\n" | |
| ]]}} | |
| } | |
| }, | |
| "InstanceSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "Enable access to VPN server", | |
| "VpcId": {"Ref": "VPC"}, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "udp", | |
| "FromPort": "500", | |
| "ToPort": "500", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "udp", | |
| "FromPort": "1701", | |
| "ToPort": "1701", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "udp", | |
| "FromPort": "4500", | |
| "ToPort": "4500", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "ServerIP": { | |
| "Description": "Public IP address of the vpn server", | |
| "Value": {"Fn::GetAtt": ["EC2Instance", "PublicIp"]} | |
| }, | |
| "IPSecSharedSecret": { | |
| "Description": "The shared key for the VPN connection (IPSec)", | |
| "Value": {"Ref": "IPSecSharedSecret"} | |
| }, | |
| "VPNUser": { | |
| "Description": "The username for the vpn connection", | |
| "Value": {"Ref": "VPNUser"} | |
| }, | |
| "VPNPassword": { | |
| "Description": "The password for the vpn connection", | |
| "Value": {"Ref": "VPNPassword"} | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment