Linux Vpn: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 12: Line 12:


[http://www.google.ca/url?sa=t&source=web&cd=2&ved=0CCAQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fproducts%2Fsw%2Fsecursw%2Fps2308%2Fproducts_user_guide_book09186a00801728a1.html&rct=j&q=linux%20to%20cisco%20vpn&ei=IaBRTaCXJoOB8gbxpoSiCg&usg=AFQjCNG7aliU0hsv54ykeGitE3Q2JhwF4g&sig2=u9sGirf4bhOiBm8jtk9gsA&cad=rja docs]
[http://www.google.ca/url?sa=t&source=web&cd=2&ved=0CCAQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fproducts%2Fsw%2Fsecursw%2Fps2308%2Fproducts_user_guide_book09186a00801728a1.html&rct=j&q=linux%20to%20cisco%20vpn&ei=IaBRTaCXJoOB8gbxpoSiCg&usg=AFQjCNG7aliU0hsv54ykeGitE3Q2JhwF4g&sig2=u9sGirf4bhOiBm8jtk9gsA&cad=rja docs]
== Scripted setup ==
https://github.com/hwdsl2/setup-ipsec-vpn
req ports:
UDP 1500
UDP 500
UDP 4500
<pre>
resource "aws_instance" "vpn-server" {
  ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1
  instance_type = "t2.medium"
  availability_zone      = "${data.aws_subnet.subnet1.availability_zone}"
  key_name              = "${var.keypair_name}"
  vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"]
  subnet_id              = "${data.aws_subnet.subnet1.id}"
  user_data              = "${data.template_file.vpn-server-init.rendered}"
  lifecycle {
    # ignore_changes = ["user_data"]
  }
  tags {
    name      = "vpn-${var.env}"
    env      = "${var.env}"
    managedby = "terraform"
  }
}
data "template_file" "vpn-server-init" {
  template = "${file("templates/vpn-server-init.tpl")}"
  vars {
    hostname = "vpn.${var.domain}"
  }
}
resource "aws_route53_record" "vpn" {
  zone_id = "${data.aws_route53_zone.zone.zone_id}"
  name    = "vpn.${data.aws_route53_zone.zone.name}"
  type    = "A"
  ttl    = "300"
  records = ["${aws_instance.vpn-server.public_ip}"]
}
</pre>
cloud-init
<pre>
hostname: ${hostname}
runcmd:
    - [ 'export', 'VPN_USER=username']
    - [ 'export', 'VPN_PASSWORD=password']
    - [ 'export', 'VPN_IPSEC_PSK=PSK']
    - [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"]
    - [ 'chmod', '755', '/tmp/vpnsetup.sh']
    - [ '/tmp/vpnsetup.sh']
</pre>

Latest revision as of 20:34, 3 June 2019

Far end is Cisco

you need :

  • IPSEC gateway: the hostname or IP of the VPN server
  • IPSEC ID: the groupname
  • IPSEC secret: the shared password for the group
  • your username
  • your password

notes

docs


Scripted setup

https://github.com/hwdsl2/setup-ipsec-vpn

req ports:

UDP 1500
UDP 500
UDP 4500
resource "aws_instance" "vpn-server" {
  ami = "ami-01b60a3259250381b" # ubuntu 18 ca-central-1
  instance_type = "t2.medium"
  availability_zone      = "${data.aws_subnet.subnet1.availability_zone}"
  key_name               = "${var.keypair_name}"
  vpc_security_group_ids = ["${aws_security_group.vpn_server_sg.id}"]
  subnet_id              = "${data.aws_subnet.subnet1.id}"
  user_data              = "${data.template_file.vpn-server-init.rendered}"
  lifecycle {
    # ignore_changes = ["user_data"]
  }

  tags {
    name      = "vpn-${var.env}"
    env       = "${var.env}"
    managedby = "terraform"
  }
}

data "template_file" "vpn-server-init" {
  template = "${file("templates/vpn-server-init.tpl")}"

  vars {
    hostname = "vpn.${var.domain}"
  }
}

resource "aws_route53_record" "vpn" {
  zone_id = "${data.aws_route53_zone.zone.zone_id}"
  name    = "vpn.${data.aws_route53_zone.zone.name}"
  type    = "A" 
  ttl     = "300"
  records = ["${aws_instance.vpn-server.public_ip}"]
}

cloud-init

hostname: ${hostname}

runcmd:
    - [ 'export', 'VPN_USER=username']
    - [ 'export', 'VPN_PASSWORD=password']
    - [ 'export', 'VPN_IPSEC_PSK=PSK']
    - [ 'wget', "https://git.io/vpnsetup", "-O", "/tmp/vpnsetup.sh"]
    - [ 'chmod', '755', '/tmp/vpnsetup.sh']
    - [ '/tmp/vpnsetup.sh']