Linux Vpn
From Federal Burro of Information
Jump to navigationJump to search
Far end is Cisco
you need :
- IPSEC gateway: the hostname or IP of the VPN server
- IPSEC ID: the groupname
- IPSEC secret: the shared password for the group
- your username
- your password
Scripted setup
https://github.com/hwdsl2/setup-ipsec-vpn
req ports:
UDP 1500 UDP 500 UDP 4500
resource "aws_instance" "vpn-server" {
ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1
instance_type = "t2.medium"
availability_zone = "${data.aws_subnet.subnet1.availability_zone}"
key_name = "${var.keypair_name}"
vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"]
subnet_id = "${data.aws_subnet.subnet1.id}"
user_data = "${data.template_file.vpn-server-init.rendered}"
lifecycle {
# ignore_changes = ["user_data"]
}
tags {
name = "vpn-${var.env}"
env = "${var.env}"
managedby = "terraform"
}
}
data "template_file" "vpn-server-init" {
template = "${file("templates/vpn-server-init.tpl")}"
vars {
hostname = "vpn.${var.domain}"
}
}
resource "aws_route53_record" "vpn" {
zone_id = "${data.aws_route53_zone.zone.zone_id}"
name = "vpn.${data.aws_route53_zone.zone.name}"
type = "A"
ttl = "300"
records = ["${aws_instance.vpn-server.public_ip}"]
}
cloud-init
hostname: ${hostname}
runcmd:
- [ 'export', 'VPN_USER=username']
- [ 'export', 'VPN_PASSWORD=password']
- [ 'export', 'VPN_IPSEC_PSK=PSK']
- [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"]
- [ 'chmod', '755', '/tmp/vpnsetup.sh']
- [ '/tmp/vpnsetup.sh']
