diff options
| -rw-r--r-- | README.md | 50 | ||||
| -rw-r--r-- | client_config_archlinux.sh.sample | 71 | ||||
| -rwxr-xr-x | client_install_archlinux.sh | 4 | ||||
| -rwxr-xr-x | install_srv.sh | 44 | ||||
| -rwxr-xr-x | server_create.sh | 15 | ||||
| -rwxr-xr-x | server_install.sh.sample | 23 | ||||
| -rwxr-xr-x | server_remove.sh | 25 |
7 files changed, 232 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..e196363 --- /dev/null +++ b/README.md @@ -0,0 +1,50 @@ +# EphermalVPN + +EphermalVPN is a simply set of scrits to manage an aphermal vpn for scaleway +provider. + +For the moment you MUST read each script to understand what each script do ! + +This set of scripts use the set of scripts of +[setup-ipsec-vpn](https://github.com/hwdsl2/setup-ipsec-vpn). + +The objectif is to automate the installation and the configuration of a VPN on +the server and on the client. For now the server and the client are configured +to use a IPsec/LTP VPN. + +# Script list + +## install_srv.sh +This script is the first script to lauch, it set the psk key, the user and the +password, create and launch a vpn server and configure the client. + +**NOTE: This script launch the script of configure the client who is on +archlinux ! If your an note on archlinux, edit the script before !** + +## server_instal.sh.sample +This script install and configure the VPN server. For now it just install the +IPsec/LTP VPN via the set of the of +[setup-ipsec-vpn](https://github.com/hwdsl2/setup-ipsec-vpn). No rule of +security is added ! + +**NOTE: The variable `VPN_IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD` are +modified by the install_srv.sh script !** + +## client_config_archlinux.sh.sample +This script configure the client. You must run `client_install_archlinux.sh` +before for install the required package. And this two script works only with +archlinux. + +## server_remove.sh +This script stop and remove a server. Only this script have some comments if +you don't used correctly. + +Usage exemple: + +```sh +sh remove_server.sh 429ab1dc +``` + +## server_create.sh +This script is an old test script for create a server. But some command are +replaced by the scaleway API. It not used for now. diff --git a/client_config_archlinux.sh.sample b/client_config_archlinux.sh.sample new file mode 100644 index 0000000..13cfe04 --- /dev/null +++ b/client_config_archlinux.sh.sample @@ -0,0 +1,71 @@ +#!/bin/sh +VPN_SERVER_IP='vpn_ip' +VPN_IPSEC_PSK='vpn_psk_key' +VPN_USER='vpn_user' +VPN_PASSWORD='vpn_pass' + +sudo cat > /etc/ipsec.conf <<EOF +# ipsec.conf - strongSwan IPsec configuration file + +# basic configuration + +config setup + # strictcrlpolicy=yes + # uniqueids = no + +# Add connections here. + +# Sample VPN connections + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1i + keyexchange=ikev1 + authby=secret + ike=aes128-sha1-modp1024,3des-sha1-modp1024! + esp=aes128-sha1-modp1024,3des-sha1-modp1024! +conn myvpn + keyexchange=ikev1 + left=%defaultroute + auto=add + authby=secret + type=transport + leftprotoport=17/1701 + rightprotoport=17/1701 + right=$VPN_SERVER_IP +EOF + +sudo cat > /etc/ipsec.secrets <<EOF +: PSK "$VPN_IPSEC_PSK" +EOF + +sudo chmod 600 /etc/ipsec.secrets + +cat > /etc/xl2tpd/xl2tpd.conf <<EOF +[lac myvpn] +lns = $VPN_SERVER_IP +ppp debug = yes +pppoptfile = /etc/ppp/options.l2tpd.client +length bit = yes +EOF + +sudo cat > /etc/ppp/options.l2tpd.client <<EOF +ipcp-accept-local +ipcp-accept-remote +refuse-eap +require-chap +noccp +noauth +mtu 1280 +mru 1280 +noipdefault +defaultroute +usepeerdns +connect-delay 5000 +name $VPN_USER +password $VPN_PASSWORD +EOF + +sudo chmod 600 /etc/ppp/options.l2tpd.client diff --git a/client_install_archlinux.sh b/client_install_archlinux.sh new file mode 100755 index 0000000..18924d2 --- /dev/null +++ b/client_install_archlinux.sh @@ -0,0 +1,4 @@ +#!/bin/sh +yaourt -i strongswan +sudo pacman -S xl2tpd + diff --git a/install_srv.sh b/install_srv.sh new file mode 100755 index 0000000..b4da8b1 --- /dev/null +++ b/install_srv.sh @@ -0,0 +1,44 @@ +#!/bin/sh +ROOT="/home/neodarz/vpn_auto" +CLIENT_CONF_FILE="$ROOT/client_config_archlinux.sh.sample" + +function genUrandom +{ + DATA="-" + while [[ $DATA =~ .*-.* ]]; do + DATA=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-17};echo;) + done + echo $DATA +} + +VPN_PSK_KEY=$(genUrandom) +VPN_USER=$(genUrandom) +VPN_PASS=$(genUrandom) + +rm $ROOT/server_install.sh +cp $ROOT/server_install.sh.sample $ROOT/server_install.sh +sed -i "s/vpn_psk_key/$VPN_PSK_KEY/g" $ROOT/server_install.sh +sed -i "s/vpn_user/$VPN_USER/g" $ROOT/server_install.sh +sed -i "s/vpn_pass/$VPN_PASS/g" $ROOT/server_install.sh + +echo "Creating a new server..." +SERVER_ID=$(echo $(scw create --commercial-type=VC1S 5fc9990a-d274-49b8-afac-42af22b42a71) | cut -d'-' -f1) +echo "Starting the server $(scw start $SERVER_ID)..." + +cat $ROOT/server_install.sh | scw exec --wait $SERVER_ID "cat > /root/server_install.sh && chmod +x /root/server_install.sh && sh /root/server_install.sh" + +scw ps -a > /dev/null + +SERVER_IP=$(scw inspect $SERVER_ID | jq '.[0].public_ip.address' | cut -d'"' -f2) + +rm $ROOT/client_config.sh +cp $CLIENT_CONF_FILE $ROOT/client_config.sh +sed -i "s/vpn_ip/$SERVER_IP/g" $ROOT/client_config.sh +sed -i "s/vpn_psk_key/$VPN_PSK_KEY/g" $ROOT/client_config.sh +sed -i "s/vpn_user/$VPN_USER/g" $ROOT/client_config.sh +sed -i "s/vpn_pass/$VPN_PASS/g" $ROOT/client_config.sh + +sudo sh $ROOT/client_config.sh + +rm $ROOT/server_install.sh +rm $ROOT/client_config.sh diff --git a/server_create.sh b/server_create.sh new file mode 100755 index 0000000..19ed7a1 --- /dev/null +++ b/server_create.sh @@ -0,0 +1,15 @@ +#!/bin/sh +ID=$(echo $(scw create --commercial-type=VC1S 5fc9990a-d274-49b8-afac-42af22b42a71) | cut -d'-' -f1) + +echo $ID +scw start $ID +scw attach $ID +while [[ $(scw ps -a | awk "/$ID.*(running).*/") == "" ]]; do + sleep 30 +done +echo "Runnig ! => $(scw ps -a | awk "/$ID.*(running).*/") " + +cat > ip <<EOF +$(scw inspect $ID | jq '.[0].public_ip.address' | cut -d'"' -f2) +EOF + diff --git a/server_install.sh.sample b/server_install.sh.sample new file mode 100755 index 0000000..80cedbc --- /dev/null +++ b/server_install.sh.sample @@ -0,0 +1,23 @@ +#!/bin/bash +VPN_SERVER_IP="$(curl -s https://api.ipify.org)" +VPN_IPSEC_PSK="vpn_psk_key" +VPN_USER="vpn_user" +VPN_PASSWORD="vpn_pass" +wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \ +VPN_IPSEC_PSK="$VPN_IPSEC_PSK" \ +VPN_USER="$VPN_USER" \ +VPN_PASSWORD="$VPN_PASSWORD" sh vpnsetup.sh + +#wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh + +#systemctl enable ipsec.service +#systemctl restart ipsec.service +#systemctl restart xl2tpd.service +#vim /etc/ppp/chap-secrets +#systemctl restart ipsec.service + + +#vim /etc/ssh/sshd_config +#systemctl restart ssh.service +#apt install ufw +#reboot diff --git a/server_remove.sh b/server_remove.sh new file mode 100755 index 0000000..5e45843 --- /dev/null +++ b/server_remove.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# TODO: Test if $1 is OK before run this command ! + +SERVER_ID=$1 +SERVER_LIST="9fc55cd0|82b5bdd4|011b7885" + +if [[ $1 =~ ^[a-zA-Z0-9]{8,} && $(echo $@ | wc -w) == 1 ]]; then + scw stop $(echo $SERVER_ID) + scw wait $(echo $SERVER_ID) + scw rm $(echo $SERVER_ID) +elif [[ $1 == "all" ]]; then + SERVER_TO_RM=$(scw ps -a | awk "!/.*($SERVER_LIST).*/ {print \$1}" | awk '/^[a-zA-Z0-9]{8,}$/' | sed ':a;N;$!ba;s/\n/ /g') + scw stop $SERVER_TO_RM + scw wait $SERVER_TO_RM + scw rm $SERVER_TO_RM +else + echo "Syntax error !" + echo "Correct syntax => remove_server.sh [OPTION] SERVER_ID" + echo "The length of SERVER_ID is 1 word of 8 caractere" + echo "Option list" + echo " all Remove all server but not the server id who match with : $SERVER_LIST" +fi + + |