aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNeodarZ <neodarz@neodarz.net>2017-07-06 23:20:04 +0200
committerNeodarZ <neodarz@neodarz.net>2017-07-06 23:20:04 +0200
commitcded819c74e40c2f43c155e19a1f84340c2987a2 (patch)
tree1ffdbd22518ba5ba5b6c03201859473ed9b3d297
downloadEphermalVPN-cded819c74e40c2f43c155e19a1f84340c2987a2.tar.xz
EphermalVPN-cded819c74e40c2f43c155e19a1f84340c2987a2.zip
Initial commitHEADmaster
-rw-r--r--README.md50
-rw-r--r--client_config_archlinux.sh.sample71
-rwxr-xr-xclient_install_archlinux.sh4
-rwxr-xr-xinstall_srv.sh44
-rwxr-xr-xserver_create.sh15
-rwxr-xr-xserver_install.sh.sample23
-rwxr-xr-xserver_remove.sh25
7 files changed, 232 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e196363
--- /dev/null
+++ b/README.md
@@ -0,0 +1,50 @@
+# EphermalVPN
+
+EphermalVPN is a simply set of scrits to manage an aphermal vpn for scaleway
+provider.
+
+For the moment you MUST read each script to understand what each script do !
+
+This set of scripts use the set of scripts of
+[setup-ipsec-vpn](https://github.com/hwdsl2/setup-ipsec-vpn).
+
+The objectif is to automate the installation and the configuration of a VPN on
+the server and on the client. For now the server and the client are configured
+to use a IPsec/LTP VPN.
+
+# Script list
+
+## install_srv.sh
+This script is the first script to lauch, it set the psk key, the user and the
+password, create and launch a vpn server and configure the client.
+
+**NOTE: This script launch the script of configure the client who is on
+archlinux ! If your an note on archlinux, edit the script before !**
+
+## server_instal.sh.sample
+This script install and configure the VPN server. For now it just install the
+IPsec/LTP VPN via the set of the of
+[setup-ipsec-vpn](https://github.com/hwdsl2/setup-ipsec-vpn). No rule of
+security is added !
+
+**NOTE: The variable `VPN_IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD` are
+modified by the install_srv.sh script !**
+
+## client_config_archlinux.sh.sample
+This script configure the client. You must run `client_install_archlinux.sh`
+before for install the required package. And this two script works only with
+archlinux.
+
+## server_remove.sh
+This script stop and remove a server. Only this script have some comments if
+you don't used correctly.
+
+Usage exemple:
+
+```sh
+sh remove_server.sh 429ab1dc
+```
+
+## server_create.sh
+This script is an old test script for create a server. But some command are
+replaced by the scaleway API. It not used for now.
diff --git a/client_config_archlinux.sh.sample b/client_config_archlinux.sh.sample
new file mode 100644
index 0000000..13cfe04
--- /dev/null
+++ b/client_config_archlinux.sh.sample
@@ -0,0 +1,71 @@
+#!/bin/sh
+VPN_SERVER_IP='vpn_ip'
+VPN_IPSEC_PSK='vpn_psk_key'
+VPN_USER='vpn_user'
+VPN_PASSWORD='vpn_pass'
+
+sudo cat > /etc/ipsec.conf <<EOF
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+ # strictcrlpolicy=yes
+ # uniqueids = no
+
+# Add connections here.
+
+# Sample VPN connections
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1i
+ keyexchange=ikev1
+ authby=secret
+ ike=aes128-sha1-modp1024,3des-sha1-modp1024!
+ esp=aes128-sha1-modp1024,3des-sha1-modp1024!
+conn myvpn
+ keyexchange=ikev1
+ left=%defaultroute
+ auto=add
+ authby=secret
+ type=transport
+ leftprotoport=17/1701
+ rightprotoport=17/1701
+ right=$VPN_SERVER_IP
+EOF
+
+sudo cat > /etc/ipsec.secrets <<EOF
+: PSK "$VPN_IPSEC_PSK"
+EOF
+
+sudo chmod 600 /etc/ipsec.secrets
+
+cat > /etc/xl2tpd/xl2tpd.conf <<EOF
+[lac myvpn]
+lns = $VPN_SERVER_IP
+ppp debug = yes
+pppoptfile = /etc/ppp/options.l2tpd.client
+length bit = yes
+EOF
+
+sudo cat > /etc/ppp/options.l2tpd.client <<EOF
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+require-chap
+noccp
+noauth
+mtu 1280
+mru 1280
+noipdefault
+defaultroute
+usepeerdns
+connect-delay 5000
+name $VPN_USER
+password $VPN_PASSWORD
+EOF
+
+sudo chmod 600 /etc/ppp/options.l2tpd.client
diff --git a/client_install_archlinux.sh b/client_install_archlinux.sh
new file mode 100755
index 0000000..18924d2
--- /dev/null
+++ b/client_install_archlinux.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+yaourt -i strongswan
+sudo pacman -S xl2tpd
+
diff --git a/install_srv.sh b/install_srv.sh
new file mode 100755
index 0000000..b4da8b1
--- /dev/null
+++ b/install_srv.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+ROOT="/home/neodarz/vpn_auto"
+CLIENT_CONF_FILE="$ROOT/client_config_archlinux.sh.sample"
+
+function genUrandom
+{
+ DATA="-"
+ while [[ $DATA =~ .*-.* ]]; do
+ DATA=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-17};echo;)
+ done
+ echo $DATA
+}
+
+VPN_PSK_KEY=$(genUrandom)
+VPN_USER=$(genUrandom)
+VPN_PASS=$(genUrandom)
+
+rm $ROOT/server_install.sh
+cp $ROOT/server_install.sh.sample $ROOT/server_install.sh
+sed -i "s/vpn_psk_key/$VPN_PSK_KEY/g" $ROOT/server_install.sh
+sed -i "s/vpn_user/$VPN_USER/g" $ROOT/server_install.sh
+sed -i "s/vpn_pass/$VPN_PASS/g" $ROOT/server_install.sh
+
+echo "Creating a new server..."
+SERVER_ID=$(echo $(scw create --commercial-type=VC1S 5fc9990a-d274-49b8-afac-42af22b42a71) | cut -d'-' -f1)
+echo "Starting the server $(scw start $SERVER_ID)..."
+
+cat $ROOT/server_install.sh | scw exec --wait $SERVER_ID "cat > /root/server_install.sh && chmod +x /root/server_install.sh && sh /root/server_install.sh"
+
+scw ps -a > /dev/null
+
+SERVER_IP=$(scw inspect $SERVER_ID | jq '.[0].public_ip.address' | cut -d'"' -f2)
+
+rm $ROOT/client_config.sh
+cp $CLIENT_CONF_FILE $ROOT/client_config.sh
+sed -i "s/vpn_ip/$SERVER_IP/g" $ROOT/client_config.sh
+sed -i "s/vpn_psk_key/$VPN_PSK_KEY/g" $ROOT/client_config.sh
+sed -i "s/vpn_user/$VPN_USER/g" $ROOT/client_config.sh
+sed -i "s/vpn_pass/$VPN_PASS/g" $ROOT/client_config.sh
+
+sudo sh $ROOT/client_config.sh
+
+rm $ROOT/server_install.sh
+rm $ROOT/client_config.sh
diff --git a/server_create.sh b/server_create.sh
new file mode 100755
index 0000000..19ed7a1
--- /dev/null
+++ b/server_create.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+ID=$(echo $(scw create --commercial-type=VC1S 5fc9990a-d274-49b8-afac-42af22b42a71) | cut -d'-' -f1)
+
+echo $ID
+scw start $ID
+scw attach $ID
+while [[ $(scw ps -a | awk "/$ID.*(running).*/") == "" ]]; do
+ sleep 30
+done
+echo "Runnig ! => $(scw ps -a | awk "/$ID.*(running).*/") "
+
+cat > ip <<EOF
+$(scw inspect $ID | jq '.[0].public_ip.address' | cut -d'"' -f2)
+EOF
+
diff --git a/server_install.sh.sample b/server_install.sh.sample
new file mode 100755
index 0000000..80cedbc
--- /dev/null
+++ b/server_install.sh.sample
@@ -0,0 +1,23 @@
+#!/bin/bash
+VPN_SERVER_IP="$(curl -s https://api.ipify.org)"
+VPN_IPSEC_PSK="vpn_psk_key"
+VPN_USER="vpn_user"
+VPN_PASSWORD="vpn_pass"
+wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
+VPN_IPSEC_PSK="$VPN_IPSEC_PSK" \
+VPN_USER="$VPN_USER" \
+VPN_PASSWORD="$VPN_PASSWORD" sh vpnsetup.sh
+
+#wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
+
+#systemctl enable ipsec.service
+#systemctl restart ipsec.service
+#systemctl restart xl2tpd.service
+#vim /etc/ppp/chap-secrets
+#systemctl restart ipsec.service
+
+
+#vim /etc/ssh/sshd_config
+#systemctl restart ssh.service
+#apt install ufw
+#reboot
diff --git a/server_remove.sh b/server_remove.sh
new file mode 100755
index 0000000..5e45843
--- /dev/null
+++ b/server_remove.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# TODO: Test if $1 is OK before run this command !
+
+SERVER_ID=$1
+SERVER_LIST="9fc55cd0|82b5bdd4|011b7885"
+
+if [[ $1 =~ ^[a-zA-Z0-9]{8,} && $(echo $@ | wc -w) == 1 ]]; then
+ scw stop $(echo $SERVER_ID)
+ scw wait $(echo $SERVER_ID)
+ scw rm $(echo $SERVER_ID)
+elif [[ $1 == "all" ]]; then
+ SERVER_TO_RM=$(scw ps -a | awk "!/.*($SERVER_LIST).*/ {print \$1}" | awk '/^[a-zA-Z0-9]{8,}$/' | sed ':a;N;$!ba;s/\n/ /g')
+ scw stop $SERVER_TO_RM
+ scw wait $SERVER_TO_RM
+ scw rm $SERVER_TO_RM
+else
+ echo "Syntax error !"
+ echo "Correct syntax => remove_server.sh [OPTION] SERVER_ID"
+ echo "The length of SERVER_ID is 1 word of 8 caractere"
+ echo "Option list"
+ echo " all Remove all server but not the server id who match with : $SERVER_LIST"
+fi
+
+