Linux Vpn: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
[http://www.google.ca/url?sa=t&source=web&cd=2&ved=0CCAQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fproducts%2Fsw%2Fsecursw%2Fps2308%2Fproducts_user_guide_book09186a00801728a1.html&rct=j&q=linux%20to%20cisco%20vpn&ei=IaBRTaCXJoOB8gbxpoSiCg&usg=AFQjCNG7aliU0hsv54ykeGitE3Q2JhwF4g&sig2=u9sGirf4bhOiBm8jtk9gsA&cad=rja docs] | [http://www.google.ca/url?sa=t&source=web&cd=2&ved=0CCAQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fproducts%2Fsw%2Fsecursw%2Fps2308%2Fproducts_user_guide_book09186a00801728a1.html&rct=j&q=linux%20to%20cisco%20vpn&ei=IaBRTaCXJoOB8gbxpoSiCg&usg=AFQjCNG7aliU0hsv54ykeGitE3Q2JhwF4g&sig2=u9sGirf4bhOiBm8jtk9gsA&cad=rja docs] | ||
== Scripted setup == | |||
https://github.com/hwdsl2/setup-ipsec-vpn | |||
req ports: | |||
UDP 1500 | |||
UDP 500 | |||
UDP 4500 | |||
<pre> | |||
resource "aws_instance" "vpn-server" { | |||
ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1 | |||
instance_type = "t2.medium" | |||
availability_zone = "${data.aws_subnet.subnet1.availability_zone}" | |||
key_name = "${var.keypair_name}" | |||
vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"] | |||
subnet_id = "${data.aws_subnet.subnet1.id}" | |||
user_data = "${data.template_file.vpn-server-init.rendered}" | |||
lifecycle { | |||
# ignore_changes = ["user_data"] | |||
} | |||
tags { | |||
name = "vpn-${var.env}" | |||
env = "${var.env}" | |||
managedby = "terraform" | |||
} | |||
} | |||
data "template_file" "vpn-server-init" { | |||
template = "${file("templates/vpn-server-init.tpl")}" | |||
vars { | |||
hostname = "vpn.${var.domain}" | |||
} | |||
} | |||
resource "aws_route53_record" "vpn" { | |||
zone_id = "${data.aws_route53_zone.zone.zone_id}" | |||
name = "vpn.${data.aws_route53_zone.zone.name}" | |||
type = "A" | |||
ttl = "300" | |||
records = ["${aws_instance.vpn-server.public_ip}"] | |||
} | |||
</pre> | |||
cloud-init | |||
<pre> | |||
hostname: ${hostname} | |||
runcmd: | |||
- [ 'export', 'VPN_USER=username'] | |||
- [ 'export', 'VPN_PASSWORD=password'] | |||
- [ 'export', 'VPN_IPSEC_PSK=PSK'] | |||
- [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"] | |||
- [ 'chmod', '755', '/tmp/vpnsetup.sh'] | |||
- [ '/tmp/vpnsetup.sh'] | |||
</pre> |
Latest revision as of 20:34, 3 June 2019
Far end is Cisco
you need :
- IPSEC gateway: the hostname or IP of the VPN server
- IPSEC ID: the groupname
- IPSEC secret: the shared password for the group
- your username
- your password
Scripted setup
https://github.com/hwdsl2/setup-ipsec-vpn
req ports:
UDP 1500 UDP 500 UDP 4500
resource "aws_instance" "vpn-server" { ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1 instance_type = "t2.medium" availability_zone = "${data.aws_subnet.subnet1.availability_zone}" key_name = "${var.keypair_name}" vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"] subnet_id = "${data.aws_subnet.subnet1.id}" user_data = "${data.template_file.vpn-server-init.rendered}" lifecycle { # ignore_changes = ["user_data"] } tags { name = "vpn-${var.env}" env = "${var.env}" managedby = "terraform" } } data "template_file" "vpn-server-init" { template = "${file("templates/vpn-server-init.tpl")}" vars { hostname = "vpn.${var.domain}" } } resource "aws_route53_record" "vpn" { zone_id = "${data.aws_route53_zone.zone.zone_id}" name = "vpn.${data.aws_route53_zone.zone.name}" type = "A" ttl = "300" records = ["${aws_instance.vpn-server.public_ip}"] }
cloud-init
hostname: ${hostname} runcmd: - [ 'export', 'VPN_USER=username'] - [ 'export', 'VPN_PASSWORD=password'] - [ 'export', 'VPN_IPSEC_PSK=PSK'] - [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"] - [ 'chmod', '755', '/tmp/vpnsetup.sh'] - [ '/tmp/vpnsetup.sh']