Last active
September 25, 2020 13:57
-
-
Save j3tm0t0/4411123 to your computer and use it in GitHub Desktop.
user-data file for cloud-init script to initialize openswan and xl2tpd for L2TP/IPsec on Amazon Linux AMI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
IPSEC_SECRET=SECRET | |
VPN_USERNAME=vpnusername | |
VPN_PASSWORD=vpnpassword | |
LOCAL_ADDRESS=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4` | |
# for radiko.jp etc... | |
# curl -s http://169.254.169.254/latest/meta-data/public-ipv4 | grep ^175\. && echo OK || shutdown -h now | |
yum install -y --enablerepo=epel openswan xl2tpd | |
cat <<EOF > /etc/ipsec.conf | |
version 2.0 # conforms to second version of ipsec.conf specification | |
config setup | |
protostack=netkey | |
nat_traversal=yes | |
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:100.64.0.0/10 | |
oe=off | |
conn L2TP-PSK-NAT | |
rightsubnet=vhost:%priv | |
also=L2TP-PSK-noNAT | |
conn L2TP-PSK-noNAT | |
authby=secret | |
pfs=no | |
auto=add | |
keyingtries=3 | |
rekey=no | |
dpddelay=30 | |
dpdtimeout=120 | |
dpdaction=clear | |
ikelifetime=8h | |
keylife=1h | |
type=transport | |
left=$LOCAL_ADDRESS | |
leftprotoport=17/1701 | |
right=%any | |
rightprotoport=17/0 | |
EOF | |
printf ': PSK "%s"\n' $IPSEC_SECRET > /etc/ipsec.secrets | |
cat <<EOF > /etc/xl2tpd/xl2tpd.conf | |
[global] | |
[lns default] | |
ip range = 192.168.254.1-192.168.254.253 | |
local ip = 192.168.254.254 | |
refuse pap = yes | |
require authentication = yes | |
name = LinuxVPNserver | |
ppp debug = yes | |
pppoptfile = /etc/ppp/options.xl2tpd | |
length bit = yes | |
EOF | |
printf '%s * "%s" *\n' $VPN_USERNAME $VPN_PASSWORD > /etc/ppp/chap-secrets | |
cat <<EOF > /etc/xl2tpd/options.xl2tpd | |
ipcp-accept-local | |
ipcp-accept-remote | |
ms-dns 8.8.8.8 | |
noccp | |
auth | |
crtscts | |
idle 1800 | |
mtu 1410 | |
mru 1410 | |
nodefaultroute | |
debug | |
lock | |
proxyarp | |
connect-delay 5000 | |
refuse-pap | |
refuse-chap | |
refuse-mschap | |
require-mschap-v2 | |
logfile /var/log/xl2tpd.l2tp-ipsec.log | |
EOF | |
service ipsec start | |
service xl2tpd start | |
chkconfig ipsec on | |
chkconfig xl2tpd on | |
cat <<EOF >> /etc/rc.local | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
EOF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Olá obrigada por responder, Minha intensão é conectar o centos 7 (cliente) a um servidor Mikrotik L2TP, mais não consegui usando esse scrip