Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-26 23:55:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
694a006102
setup-ipsec-vpn/README.md
Lin Song 694a006102 Update README.md
2016-01-08 03:17:50 -06:00

4.6 KiB
Raw Blame History

IPsec/L2TP VPN Server Auto Setup Scripts

Note: This repository was created from and replaces these GitHub Gists:

Scripts for automatic configuration of IPsec/L2TP VPN server on Ubuntu 14.04 & 12.04, Debian 8 and CentOS/RHEL 6 & 7. All you need to do is provide your own values for IPSEC_PSK, VPN_USER and VPN_PASSWORD, and they will handle the rest. These scripts can also be directly used as the Amazon EC2 "user-data" when creating a new instance.

We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider.

My VPN tutorial with detailed usage instructions

Requirements

A newly created Amazon EC2 instance, using these AMIs: (See the link above for usage instructions)

OR

A dedicated server or any KVM- or XEN-based Virtual Private Server (VPS), with freshly installed:

  • Ubuntu 14.04 (Trusty) or 12.04 (Precise)
  • Debian 8 (Jessie)
  • Debian 7 (Wheezy) - A workaround is required. See below.
  • CentOS or Red Hat Enterprise Linux (RHEL) 6 or 7

OpenVZ VPS users should instead use Nyr's OpenVPN script.

Note: Do NOT run these scripts on your PC or Mac! They are meant to be run on a dedicated server or VPS!

Installation

For Ubuntu and Debian:

wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh -O vpnsetup.sh
nano -w vpnsetup.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values]
/bin/sh vpnsetup.sh

Workaround required for Debian 7 (Wheezy) ONLY: (Run these commands first)

wget https://gist.github.com/hwdsl2/5a769b2c4436cdf02a90/raw -O vpnsetup-workaround.sh
/bin/sh vpnsetup-workaround.sh

For CentOS and RHEL:

yum -y install wget nano
wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup_centos.sh -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values]
/bin/sh vpnsetup_centos.sh

Upgrading Libreswan

You may use the scripts vpnupgrade_Libreswan.sh (for Ubuntu/Debian) and vpnupgrade_Libreswan_centos.sh (for CentOS/RHEL) to upgrade Libreswan to a newer version.

Important Notes

Learn how to enable multiple VPN users with different credentials.

For Windows users, a one-time registry change is required for connections to a VPN server behind NAT (e.g. Amazon EC2).

If using Amazon EC2, these ports must be open in the security group of your VPN server: UDP ports 500 & 4500, and TCP port 22 (optional, for SSH).

If your server uses a custom SSH port (not 22), or if you wish to allow other services through IPTables, be sure to edit the IPTables rules in the scripts before using.

The scripts will backup /etc/rc.local, /etc/sysctl.conf, /etc/iptables.rules and /etc/sysconfig/iptables before overwriting them. Backups can be found under the same folder with .old suffix.

Copyright and license

Copyright (C) 2014 Lin Song   View my profile on LinkedIn
Based on the work of Thomas Sarlandie (Copyright 2012)

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License
Attribution required: please include my name in any derivative and let me know how you have improved it!