binarylane's VPC: IPSEC VPN endpoint

Supports: Ubuntu 14.04 LTS (64-bit)

Source Code

#!/bin/bash
# <?env name="localnet" Label="Local Network" default="192.168.1.0/24" example="Your local corporate network that will be accessible to the VPC" ?>
# <?env name="psk" Label="Pre-Shared Key" default="My Long Passphrase Goes Here" example="The pre-shared key is used to authenticate the connection between your Binary Lane VPN endpoint and your local corporate VPN endpoint" ?>
 
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
echo net.ipv4.conf.eth0.send_redirects=0 >> /etc/sysctl.conf
echo net.ipv4.conf.eth0.accept_redirects=0 >> /etc/sysctl.conf
start procps
 
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y openswan 
 
echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf
 
echo '%any %any: PSK "'"$PSK"'"' >> /etc/ipsec.secrets
 
cat > /etc/ipsec.d/vpc.conf <<EOT
conn vpc
 type=tunnel
 authby=secret
 left=$VPS_PRIVATEIP
 leftid=$VPS_PUBLICIP
 leftsubnet=10.240.0.0/16
 right=%any
 rightsubnet=$LOCALNET
 keyexchange=ike
 ike=aes192-sha1
 phase2alg=aes192-sha1
 salifetime=43200s
 pfs=yes
 auto=start
EOT
 
service ipsec restart
 
iptables -t nat -A POSTROUTING -s 10.240.0.0/16 -j SNAT --to-source $VPS_PRIVATEIP
DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent  # say 'yes' when asked whether to save existing rules