Created
April 9, 2014 08:25
-
-
Save greenido/10241110 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Edit these to match your project and setup | |
PROJECT=vpn-lab | |
NETWORK=gce-network | |
GATEWAY_NAME=vpn-gateway-1 | |
TEST_INSTANCE_NAME=povm-1 | |
TARGET_NETWORK="10.150.0.0/16" | |
MACHINE_TYPE=n1-standard-1 | |
ZONE="us-central1-a" | |
REGION="us-central1" | |
PRESHARED_KEY="googtest" | |
# End editable params | |
IPSEC_TEMPLATE="ipsec.template" | |
GCUTIL=`which gcutil` | |
IMAGE="https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-7-wheezy-v20131120" | |
while getopts ":p:n:i:t:" opt; do | |
case $opt in | |
p) | |
PROJECT=$OPTARG | |
;; | |
n) | |
NETWORK=$OPTARG | |
;; | |
i) | |
IMAGE=$OPTARG | |
;; | |
t) | |
TARGET_NETWORK=$OPTARG | |
;; | |
\?) | |
echo "Invalid option: -$OPTARG" >&2 | |
exit 1 | |
;; | |
:) | |
echo "Option -$OPTARG requires an argument." >&2 | |
exit 1 | |
;; | |
esac | |
done | |
PARAM=${@:$OPTIND:1} | |
if [ -z "$PARAM" ] ; then | |
echo $0 "[start | shutdown]" | |
fi | |
if [ "$PARAM" = "start" ] ; then | |
NETWORK_DETAILS=`$GCUTIL --project=$PROJECT listnetworks | grep $NETWORK` | |
SOURCE_NETWORK=`echo $NETWORK_DETAILS | awk -F'|' '{print $3}' | tr -d ' '` | |
SOURCE_GATEWAY=`echo $NETWORK_DETAILS | awk -F'|' '{print $4}' | tr -d ' '` | |
$GCUTIL --project=$PROJECT addinstance $GATEWAY_NAME --can_ip_forward=true \ | |
--machine_type=$MACHINE_TYPE --persistent_boot_disk \ | |
--network $NETWORK --external_ip ephemeral \ | |
--zone $ZONE --image $IMAGE --tags vpn | |
GATEWAY_IP=`$GCUTIL --project=$PROJECT getinstance $GATEWAY_NAME | grep ' ip' | awk -F'|' '{print $3}' | tr -d ' '` | |
GATEWAY_EXTERNAL_IP=`gcutil --project=$PROJECT getinstance $GATEWAY_NAME | grep external-ip | awk -F'|' '{print $3}' | tr -d ' '` | |
# Reserve the external ip | |
$GCUTIL --project=$PROJECT reserveaddress --region=$REGION \ | |
--source_address=$GATEWAY_EXTERNAL_IP gatewayip | |
# TODO: Set up the gateway software | |
# `/bin/cat install.template | sed -e 's/<secret_key>/$PRESHARED_KEY' > install.sh` | |
# $GCUTIL --project=$PROJECT put $GATEWAY_NAME install.sh . | |
# $GCUTIL --project=$PROJECT ssh $GATEWAY_NAME ./install.sh | |
$GCUTIL --project=$PROJECT addinstance $TEST_INSTANCE_NAME --network $NETWORK \ | |
--image $IMAGE --zone us-central1-a \ | |
--machine_type=$MACHINE_TYPE --persistent_boot_disk | |
$GCUTIL --project=$PROJECT addroute --network $NETWORK \ | |
target-network-via-gateway $TARGET_NETWORK --next_hop_ip $GATEWAY_IP | |
$GCUTIL --project=$PROJECT addfirewall vpn-ssh --allowed_ip_sources 0.0.0.0/0 --allowed 'tcp:22' --network $NETWORK | |
$GCUTIL --project=$PROJECT addfirewall vpn-allow-internal --allowed_ip_sources 10.0.0.0/8 \ | |
--allowed 'tcp:1-65535,udp:1-65535,icmp' \ | |
--network $NETWORK --target_tags vpn | |
$GCUTIL --project=$PROJECT addfirewall vpn-allow-ipsec-nat --allowed_ip_sources $GATEWAY_EXTERNAL_IP/32 \ | |
--allowed 'udp:4500' --network $NETWORK --target_tags vpn | |
$GCUTIL --project=$PROJECT addfirewall vpn-allow-all-peer --allowed_ip_sources $TARGET_NETWORK \ | |
--allowed 'tcp:1-65535,udp:1-65535,icmp' --network $NETWORK --target_tags vpn | |
echo "EXTERNAL GATEWAY: $GATEWAY_EXTERNAL_IP" | |
elif [ "$PARAM" == "shutdown" ] ; then | |
$GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $GATEWAY_NAME | |
$GCUTIL --project=$PROJECT deleteinstance -f --delete_boot_pd $TEST_INSTANCE_NAME | |
$GCUTIL --project=$PROJECT deleteroute -f target-network-via-gateway | |
$GCUTIL --project=$PROJECT deletefirewall -f vpn-ssh | |
$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-internal | |
$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-ipsec-nat | |
$GCUTIL --project=$PROJECT deletefirewall -f vpn-allow-all-peer | |
$GCUTIL --project=$PROJECT releaseaddress --region=$REGION gatewayip --force | |
else | |
echo $0 "[start | shutdown ]" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment