Last active
November 16, 2020 18:15
-
-
Save laztname/602ba10208c75c10c9454fbcfdc2b933 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env bash | |
# reqiured packages: strongswan xl2tpd net-tools | |
# adjust with your credentials given from ISP | |
VPN_SERVER_IP='your_vpn_server_ip' | |
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' | |
VPN_USER='your_vpn_username' | |
VPN_PASSWORD='your_vpn_password' | |
# routing data needed | |
GATEWAY_IP=$(ip route | grep via | awk -F\ {'print $3'}) | |
LOCAL_PUBLIC_IP=$(curl https://api.ipify.org) | |
cat > /etc/ipsec.conf <<EOF | |
# ipsec.conf - strongSwan IPsec configuration file | |
# basic configuration | |
config setup | |
# strictcrlpolicy=yes | |
# uniqueids = no | |
# Add connections here. | |
# Sample VPN connections | |
conn %default | |
ikelifetime=60m | |
keylife=20m | |
rekeymargin=3m | |
keyingtries=1 | |
keyexchange=ike | |
authby=secret | |
ike=3des-sha1-modp1024 | |
esp=3des-sha1 | |
conn myvpn | |
keyexchange=ike | |
left=%defaultroute | |
auto=add | |
authby=secret | |
type=transport | |
leftprotoport=17/1701 | |
rightprotoport=17/1701 | |
#right=103.150.150.1 | |
right=$VPN_SERVER_IP | |
EOF | |
cat > /etc/ipsec.secrets <<EOF | |
: PSK "$VPN_IPSEC_PSK" | |
EOF | |
chmod 600 /etc/ipsec.secrets | |
# xl2tpd configuration | |
cat > /etc/xl2tpd/xl2tpd.conf <<EOF | |
[lac myvpn] | |
lns = $VPN_SERVER_IP | |
ppp debug = yes | |
pppoptfile = /etc/ppp/options.l2tpd.client | |
length bit = yes | |
EOF | |
cat > /etc/ppp/options.l2tpd.client <<EOF | |
ipcp-accept-local | |
ipcp-accept-remote | |
refuse-eap | |
require-chap | |
noccp | |
noauth | |
mtu 1280 | |
mru 1280 | |
noipdefault | |
defaultroute | |
usepeerdns | |
connect-delay 5000 | |
name $VPN_USER | |
password $VPN_PASSWORD | |
EOF | |
chmod 600 /etc/ppp/options.l2tpd.client | |
mkdir -p /var/run/xl2tpd | |
touch /var/run/xl2tpd/l2tp-control | |
# configuration done | |
# start your ipsec first | |
ipsec up myvpn || systemctl start ipsec | |
# start your l2tp connection | |
echo "c myvpn" > /var/run/xl2tpd/l2tp-control | |
# routing | |
INTERFACE_NAME=$(ip -oneline -4 addr show scope global | tr -s ' ' | tr '/' ' ' | cut -f 2,4 -d ' ' | awk -F \ {'print $1'} | tail -1) | |
route add $VPN_SERVER_IP gw $GATEWAY_IP | |
route add $LOCAL_PUBLIC_IP gw $GATEWAY_IP | |
route add default dev $INTERFACE_NAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment