Linux Vpn

From Federal Burro of Information
Jump to navigationJump to search

Far end is Cisco

you need :

  • IPSEC gateway: the hostname or IP of the VPN server
  • IPSEC ID: the groupname
  • IPSEC secret: the shared password for the group
  • your username
  • your password

notes

docs


Scripted setup

https://github.com/hwdsl2/setup-ipsec-vpn

req ports:

UDP 1500
UDP 500
UDP 4500
resource "aws_instance" "vpn-server" {
  ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1
  instance_type = "t2.medium"
  availability_zone      = "${data.aws_subnet.subnet1.availability_zone}"
  key_name               = "${var.keypair_name}"
  vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"]
  subnet_id              = "${data.aws_subnet.subnet1.id}"
  user_data              = "${data.template_file.vpn-server-init.rendered}"
  lifecycle {
    # ignore_changes = ["user_data"]
  }

  tags {
    name      = "vpn-${var.env}"
    env       = "${var.env}"
    managedby = "terraform"
  }
}

data "template_file" "vpn-server-init" {
  template = "${file("templates/vpn-server-init.tpl")}"

  vars {
    hostname = "vpn.${var.domain}"
  }
}

resource "aws_route53_record" "vpn" {
  zone_id = "${data.aws_route53_zone.zone.zone_id}"
  name    = "vpn.${data.aws_route53_zone.zone.name}"
  type    = "A" 
  ttl     = "300"
  records = ["${aws_instance.vpn-server.public_ip}"]
}

cloud-init

hostname: ${hostname}

runcmd:
    - [ 'export', 'VPN_USER=username']
    - [ 'export', 'VPN_PASSWORD=password']
    - [ 'export', 'VPN_IPSEC_PSK=PSK']
    - [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"]
    - [ 'chmod', '755', '/tmp/vpnsetup.sh']
    - [ '/tmp/vpnsetup.sh']