Skip to content

Instantly share code, notes, and snippets.

@kurochan
Last active August 29, 2015 14:10
Show Gist options
  • Save kurochan/391fedbb2f63cdb2da04 to your computer and use it in GitHub Desktop.
Save kurochan/391fedbb2f63cdb2da04 to your computer and use it in GitHub Desktop.
さくらのクラウド上のVyOSでVPNを立ち上げるスクリプト
#!/bin/sh
USER_NAME="vpnuser"
PASSWORD="vpnvpn"
DNS1="133.242.0.3"
DNS2="133.242.0.4"
CMD="/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper"
OUTSIDE_ADDRESS=$(ip addr show eth0 | grep inet[^6] | sed 's/.*inet[^6][^0-9]*\([0-9.]*\)[^0-9]*.*/\1/')
OUTSIDE_NEXTHOP=$(ip route | grep default | cut -d ' ' -f 3)
$CMD begin
$CMD set interfaces ethernet eth1 address 10.123.0.1/24
$CMD set nat source rule 999 outbound-interface eth0
$CMD set nat source rule 999 translation address masquerade
$CMD set vpn ipsec ipsec-interfaces interface eth0
$CMD set vpn ipsec nat-networks allowed-network 0.0.0.0/0
$CMD set vpn ipsec nat-traversal enable
$CMD set vpn l2tp remote-access authentication local-users username $USER_NAME password $PASSWORD
$CMD set vpn l2tp remote-access authentication mode local
$CMD set vpn l2tp remote-access client-ip-pool start 10.123.0.100
$CMD set vpn l2tp remote-access client-ip-pool stop 10.123.0.200
$CMD set vpn l2tp remote-access dns-servers server-1 $DNS1
$CMD set vpn l2tp remote-access dns-servers server-2 $DNS2
$CMD set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
$CMD set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret $PASSWORD
$CMD set vpn l2tp remote-access mtu 1280
$CMD set vpn l2tp remote-access outside-address $OUTSIDE_ADDRESS
$CMD set vpn l2tp remote-access outside-nexthop $OUTSIDE_NEXTHOP
$CMD commit
# $CMD save
$CMD end
echo "User: $USER_NAME"
echo "Pass: $PASSWORD"
echo "Address: $OUTSIDE_ADDRESS"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment