-
-
Save Open-Sec/485856a3b7b886628aec6e1121b1c830 to your computer and use it in GitHub Desktop.
Setup Site-to-Site VPN connection with Strongswan. Execute this script on each gateway and change switch the variables accordingly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export LEFT_GW_IP=35.157.246.157 | |
export LEFT_CIDR=10.1.1.0/24 | |
export RIGHT_GW_IP=35.158.110.212 | |
export RIGHT_CIDR=10.2.1.0/24 | |
sudo su | |
apt-get update -y | |
apt-get install -y strongswan | |
cat >> /etc/sysctl.conf << EOF | |
net.ipv4.ip_forward = 1 | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv4.conf.all.send_redirects = 0 | |
EOF | |
sysctl -p /etc/sysctl.conf | |
cat >> /etc/ipsec.secrets << EOF | |
$RIGHT_GW_IP $LEFT_GW_IP : PSK “loremipsum" | |
EOF | |
cat >> /etc/ipsec.conf << EOF | |
# basic configuration | |
config setup | |
charondebug="all” | |
uniqueids=yes | |
strictcrlpolicy=no | |
# connection to amsterdam datacenter | |
conn right-to-left | |
authby=secret | |
left=%defaultroute | |
leftid=$RIGHT_GW_IP | |
leftsubnet=$RIGHT_CIDR | |
right=$LEFT_GW_IP | |
rightsubnet=$LEFT_CIDR | |
ike=aes256-sha2_256-modp1024! | |
esp=aes256-sha2_256! | |
keyingtries=0 | |
ikelifetime=1h | |
lifetime=8h | |
dpddelay=30 | |
dpdtimeout=120 | |
dpdaction=restart | |
auto=start | |
EOF | |
iptables -t nat -A POSTROUTING -s $LEFT_CIDR -d $RIGHT_CIDR -j MASQUERADE | |
systemctl enable strongswan |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment