greenido/vpn-post7-manageVPN.sh

## vpn-post7-manageVPN.sh
#!/bin/sh

# Edit these to match your project and setup
PROJECT=vpn-lab
NETWORK=gce-network
GATEWAY_NAME=vpn-gateway-1
TEST_INSTANCE_NAME=povm-1
TARGET_NETWORK="10.150.0.0/16"
MACHINE_TYPE=n1-standard-1
ZONE="us-central1-a"
REGION="us-central1"
PRESHARED_KEY="googtest"

# End editable params
IPSEC_TEMPLATE="ipsec.template"
GCUTIL=`which gcutil`
IMAGE="https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-7-wheezy-v20131120"


while getopts ":p:n:i:t:" opt; do
  case $opt in
    p)
      PROJECT=$OPTARG
      ;;
    n)
      NETWORK=$OPTARG
      ;;
    i)
      IMAGE=$OPTARG
      ;;
    t)
      TARGET_NETWORK=$OPTARG
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

PARAM=${@:$OPTIND:1}

if [ -z "$PARAM" ] ; then
  echo $0 "[start | shutdown]"
fi


if [ "$PARAM" = "start" ] ; then

  NETWORK_DETAILS=`$GCUTIL --project=$PROJECT listnetworks | grep $NETWORK`
  SOURCE_NETWORK=`echo $NETWORK_DETAILS | awk -F'|' '{print $3}' | tr -d ' '`
  SOURCE_GATEWAY=`echo $NETWORK_DETAILS | awk -F'|' '{print $4}' | tr -d ' '`

  $GCUTIL --project=$PROJECT addinstance $GATEWAY_NAME --can_ip_forward=true \
          --machine_type=$MACHINE_TYPE --persistent_boot_disk \
           --network $NETWORK --external_ip ephemeral \
           --zone $ZONE --image $IMAGE --tags vpn
  GATEWAY_IP=`$GCUTIL --project=$PROJECT getinstance $GATEWAY_NAME | grep ' ip' | awk -F'|' '{print $3}' | tr -d ' '`
  GATEWAY_EXTERNAL_IP=`gcutil --project=$PROJECT getinstance $GATEWAY_NAME | grep external-ip | awk -F'|' '{print $3}' | tr -d ' '`

  # Reserve the external ip
  $GCUTIL --project=$PROJECT reserveaddress --region=$REGION \
  --source_address=$GATEWAY_EXTERNAL_IP gatewayip

  # TODO: Set up the gateway software
  # `/bin/cat install.template | sed -e 's/<secret_key>/$PRESHARED_KEY' > install.sh`
  # $GCUTIL --project=$PROJECT put $GATEWAY_NAME install.sh .
  # $GCUTIL --project=$PROJECT ssh $GATEWAY_NAME ./install.sh

  $GCUTIL --project=$PROJECT addinstance $TEST_INSTANCE_NAME --network $NETWORK \
          --image $IMAGE --zone us-central1-a \
          --machine_type=$MACHINE_TYPE --persistent_boot_disk
  $GCUTIL --project=$PROJECT addroute --network $NETWORK \
          target-network-via-gateway $TARGET_NETWORK --next_hop_ip $GATEWAY_IP
  $GCUTIL --project=$PROJECT addfirewall vpn-ssh --allowed_ip_sources 0.0.0.0/0 --allowed 'tcp:22' --network $NETWORK
  $GCUTIL --project=$PROJECT addfirewall  vpn-allow-internal --allowed_ip_sources 10.0.0.0/8 \
          --allowed 'tcp:1-65535,udp:1-65535,icmp' \
          --network $NETWORK --target_tags vpn
  $GCUTIL --project=$PROJECT addfirewall vpn-allow-ipsec-nat --allowed_ip_sources $GATEWAY_EXTERNAL_IP/32 \
          --allowed 'udp:4500' --network $NETWORK --target_tags vpn
  $GCUTIL --project=$PROJECT addfirewall vpn-allow-all-peer --allowed_ip_sources $TARGET_NETWORK \
          --allowed 'tcp:1-65535,udp:1-65535,icmp' --network $NETWORK --target_tags vpn

  echo "EXTERNAL GATEWAY: $GATEWAY_EXTERNAL_IP"

elif [ "$PARAM" == "shutdown" ] ; then

  $GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $GATEWAY_NAME
  $GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $TEST_INSTANCE_NAME
  $GCUTIL --project=$PROJECT deleteroute -f target-network-via-gateway
  $GCUTIL --project=$PROJECT deletefirewall -f vpn-ssh
  $GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-internal
  $GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-ipsec-nat
  $GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-all-peer
  $GCUTIL --project=$PROJECT releaseaddress --region=$REGION gatewayip --force

else

  echo $0 "[start | shutdown ]"

fi
	#!/bin/sh

	# Edit these to match your project and setup
	PROJECT=vpn-lab
	NETWORK=gce-network
	GATEWAY_NAME=vpn-gateway-1
	TEST_INSTANCE_NAME=povm-1
	TARGET_NETWORK="10.150.0.0/16"
	MACHINE_TYPE=n1-standard-1
	ZONE="us-central1-a"
	REGION="us-central1"
	PRESHARED_KEY="googtest"

	# End editable params
	IPSEC_TEMPLATE="ipsec.template"
	GCUTIL=`which gcutil`
	IMAGE="https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-7-wheezy-v20131120"


	while getopts ":p:n:i:t:" opt; do
	case $opt in
	p)
	PROJECT=$OPTARG
	;;
	n)
	NETWORK=$OPTARG
	;;
	i)
	IMAGE=$OPTARG
	;;
	t)
	TARGET_NETWORK=$OPTARG
	;;
	\?)
	echo "Invalid option: -$OPTARG" >&2
	exit 1
	;;
	:)
	echo "Option -$OPTARG requires an argument." >&2
	exit 1
	;;
	esac
	done

	PARAM=${@:$OPTIND:1}

	if [ -z "$PARAM" ] ; then
	echo $0 "[start \| shutdown]"
	fi


	if [ "$PARAM" = "start" ] ; then

	NETWORK_DETAILS=`$GCUTIL --project=$PROJECT listnetworks \| grep $NETWORK`
	SOURCE_NETWORK=`echo $NETWORK_DETAILS \| awk -F'\|' '{print $3}' \| tr -d ' '`
	SOURCE_GATEWAY=`echo $NETWORK_DETAILS \| awk -F'\|' '{print $4}' \| tr -d ' '`

	$GCUTIL --project=$PROJECT addinstance $GATEWAY_NAME --can_ip_forward=true \
	--machine_type=$MACHINE_TYPE --persistent_boot_disk \
	--network $NETWORK --external_ip ephemeral \
	--zone $ZONE --image $IMAGE --tags vpn
	GATEWAY_IP=`$GCUTIL --project=$PROJECT getinstance $GATEWAY_NAME \| grep ' ip' \| awk -F'\|' '{print $3}' \| tr -d ' '`
	GATEWAY_EXTERNAL_IP=`gcutil --project=$PROJECT getinstance $GATEWAY_NAME \| grep external-ip \| awk -F'\|' '{print $3}' \| tr -d ' '`

	# Reserve the external ip
	$GCUTIL --project=$PROJECT reserveaddress --region=$REGION \
	--source_address=$GATEWAY_EXTERNAL_IP gatewayip

	# TODO: Set up the gateway software
	# `/bin/cat install.template \| sed -e 's/<secret_key>/$PRESHARED_KEY' > install.sh`
	# $GCUTIL --project=$PROJECT put $GATEWAY_NAME install.sh .
	# $GCUTIL --project=$PROJECT ssh $GATEWAY_NAME ./install.sh

	$GCUTIL --project=$PROJECT addinstance $TEST_INSTANCE_NAME --network $NETWORK \
	--image $IMAGE --zone us-central1-a \
	--machine_type=$MACHINE_TYPE --persistent_boot_disk
	$GCUTIL --project=$PROJECT addroute --network $NETWORK \
	target-network-via-gateway $TARGET_NETWORK --next_hop_ip $GATEWAY_IP
	$GCUTIL --project=$PROJECT addfirewall vpn-ssh --allowed_ip_sources 0.0.0.0/0 --allowed 'tcp:22' --network $NETWORK
	$GCUTIL --project=$PROJECT addfirewall vpn-allow-internal --allowed_ip_sources 10.0.0.0/8 \
	--allowed 'tcp:1-65535,udp:1-65535,icmp' \
	--network $NETWORK --target_tags vpn
	$GCUTIL --project=$PROJECT addfirewall vpn-allow-ipsec-nat --allowed_ip_sources $GATEWAY_EXTERNAL_IP/32 \
	--allowed 'udp:4500' --network $NETWORK --target_tags vpn
	$GCUTIL --project=$PROJECT addfirewall vpn-allow-all-peer --allowed_ip_sources $TARGET_NETWORK \
	--allowed 'tcp:1-65535,udp:1-65535,icmp' --network $NETWORK --target_tags vpn

	echo "EXTERNAL GATEWAY: $GATEWAY_EXTERNAL_IP"

	elif [ "$PARAM" == "shutdown" ] ; then

	$GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $GATEWAY_NAME
	$GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $TEST_INSTANCE_NAME
	$GCUTIL --project=$PROJECT deleteroute -f target-network-via-gateway
	$GCUTIL --project=$PROJECT deletefirewall -f vpn-ssh
	$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-internal
	$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-ipsec-nat
	$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-all-peer
	$GCUTIL --project=$PROJECT releaseaddress --region=$REGION gatewayip --force

	else

	echo $0 "[start \| shutdown ]"

	fi