j3tm0t0/initvpn.sh

## initvpn.sh
#!/bin/sh
IPSEC_SECRET=SECRET
VPN_USERNAME=vpnusername
VPN_PASSWORD=vpnpassword

LOCAL_ADDRESS=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

# for radiko.jp etc...
# curl -s http://169.254.169.254/latest/meta-data/public-ipv4 | grep ^175\. && echo OK || shutdown -h now

yum install -y --enablerepo=epel openswan xl2tpd

cat <<EOF > /etc/ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification
config setup
	protostack=netkey
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:100.64.0.0/10
	oe=off
conn L2TP-PSK-NAT
	rightsubnet=vhost:%priv
	also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	dpddelay=30
	dpdtimeout=120
	dpdaction=clear
	ikelifetime=8h
	keylife=1h
	type=transport
	left=$LOCAL_ADDRESS
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/0
EOF

printf ': PSK "%s"\n' $IPSEC_SECRET > /etc/ipsec.secrets

cat <<EOF > /etc/xl2tpd/xl2tpd.conf
[global]
[lns default]
ip range = 192.168.254.1-192.168.254.253
local ip = 192.168.254.254
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF

printf '%s * "%s" *\n' $VPN_USERNAME $VPN_PASSWORD > /etc/ppp/chap-secrets

cat <<EOF > /etc/xl2tpd/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
logfile /var/log/xl2tpd.l2tp-ipsec.log
EOF

service ipsec start
service xl2tpd start
chkconfig ipsec on
chkconfig xl2tpd on

cat <<EOF >> /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
EOF
	#!/bin/sh
	IPSEC_SECRET=SECRET
	VPN_USERNAME=vpnusername
	VPN_PASSWORD=vpnpassword

	LOCAL_ADDRESS=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

	# for radiko.jp etc...
	# curl -s http://169.254.169.254/latest/meta-data/public-ipv4 \| grep ^175\. && echo OK \|\| shutdown -h now

	yum install -y --enablerepo=epel openswan xl2tpd

	cat <<EOF > /etc/ipsec.conf
	version 2.0 # conforms to second version of ipsec.conf specification
	config setup
	protostack=netkey
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:100.64.0.0/10
	oe=off
	conn L2TP-PSK-NAT
	rightsubnet=vhost:%priv
	also=L2TP-PSK-noNAT
	conn L2TP-PSK-noNAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	dpddelay=30
	dpdtimeout=120
	dpdaction=clear
	ikelifetime=8h
	keylife=1h
	type=transport
	left=$LOCAL_ADDRESS
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/0
	EOF

	printf ': PSK "%s"\n' $IPSEC_SECRET > /etc/ipsec.secrets

	cat <<EOF > /etc/xl2tpd/xl2tpd.conf
	[global]
	[lns default]
	ip range = 192.168.254.1-192.168.254.253
	local ip = 192.168.254.254
	refuse pap = yes
	require authentication = yes
	name = LinuxVPNserver
	ppp debug = yes
	pppoptfile = /etc/ppp/options.xl2tpd
	length bit = yes
	EOF

	printf '%s * "%s" *\n' $VPN_USERNAME $VPN_PASSWORD > /etc/ppp/chap-secrets

	cat <<EOF > /etc/xl2tpd/options.xl2tpd
	ipcp-accept-local
	ipcp-accept-remote
	ms-dns 8.8.8.8
	noccp
	auth
	crtscts
	idle 1800
	mtu 1410
	mru 1410
	nodefaultroute
	debug
	lock
	proxyarp
	connect-delay 5000
	refuse-pap
	refuse-chap
	refuse-mschap
	require-mschap-v2
	logfile /var/log/xl2tpd.l2tp-ipsec.log
	EOF

	service ipsec start
	service xl2tpd start
	chkconfig ipsec on
	chkconfig xl2tpd on

	cat <<EOF >> /etc/rc.local
	echo 1 > /proc/sys/net/ipv4/ip_forward
	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	EOF