mammoth's VPC: IPSEC VPN endpoint

Supports: Ubuntu 14.04 LTS/16.04 LTS (64-bit)

Source Code

#!/bin/bash
# <?env name="localnet" Label="Local Network" default="192.168.1.0/24" example="Your local corporate network that will be accessible to the VPC" ?>
# <?env name="psk" Label="Pre-Shared Key" default="My Long Passphrase Goes Here" example="The pre-shared key is used to authenticate the connection between your Mammoth VPN endpoint and your local corporate VPN endpoint" ?>

cat >> /etc/sysctl.conf <<'EOT'
net.ipv4.ip_forward=1
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.eth0.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0
EOT

start procps

apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y openswan lsof

echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf

echo '%any %any: PSK "'"$PSK"'"' >> /etc/ipsec.secrets

cat > /etc/ipsec.d/vpc.conf <<EOT
conn vpc
 type=tunnel
 authby=secret
 left=$VPS_PRIVATEIP
 leftid=$VPS_PUBLICIP
 leftsubnet=10.240.0.0/16
 right=%any
 rightsubnet=$LOCALNET
 keyexchange=ike
 ike=aes192-sha1
 phase2alg=aes192-sha1
 salifetime=43200s
 pfs=yes
 auto=start
EOT

service ipsec restart

iptables -t nat -A POSTROUTING -s 10.240.0.0/16 -j SNAT --to-source $VPS_PRIVATEIP
DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent  # say 'yes' when asked whether to save existing rules
Preload Preload Preload