Last active
October 10, 2020 23:31
-
-
Save S4ddik/58be3f309591ec8ad6b29ae60b67adab to your computer and use it in GitHub Desktop.
IPsec IKEv2 server Installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Script pour cree un IPsec ikv2 VPN Server | |
# Tested on Archlinux - ubuntu 14.4 | |
# Lundi 13 September 2020 | |
# thanx to https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 | |
_7mer=`tput setaf 1` | |
_5dar=`tput setaf 2` | |
_5chin=`tput bold` | |
wali=`tput sgr0` | |
##var | |
ipsec_conf="/etc/ipsec.conf" | |
ipsec_pass="/etc/ipsec.secrets" | |
kernel_param_file="/etc/sysctl.conf" | |
pack_rediv4="net.ipv4.ip_forward = 1" | |
pack_rediv6="net.ipv6.conf.all.forwarding = 1" | |
dis_pack_acce="net.ipv4.conf.all.accept_redirects = 0" | |
dis_pack_send="net.ipv4.conf.all.send_redirects = 0" | |
os_name=$(cat /etc/os-release | awk -F '=' '/^NAME/{print $2}' | awk '{print $1}' | tr -d '"') | |
if ! which ipsec > /dev/null; then | |
echo -e "strongswan not installed , installer it doka ? (y/n) \c" | |
read | |
if "$REPLY" = "y"; then | |
if [ "$os_name" == "Ubuntu" ]; | |
then | |
echo "system is ubuntu" | |
apt-get update -y | |
apt-get install strongswan -y | |
fi | |
if [ "$os_name" == "Arch" ]; | |
then | |
pacman -S strongswan | |
fi | |
fi | |
fi | |
function strongswaner { | |
if [ -f ipsec_conf ]; then | |
sudo mv /etc/ipsec.conf{,.original} | |
fi | |
sudo touch $ipsec_conf | |
cat <<MSI >$ipsec_conf | |
config setup | |
charondebug="ike 1, knl 1, cfg 0" | |
uniqueids=no | |
conn ikev2-vpn | |
auto=add | |
compress=no | |
type=tunnel | |
keyexchange=ikev2 | |
fragmentation=yes | |
forceencaps=yes | |
dpdaction=clear | |
dpddelay=300s | |
rekey=no | |
left=%any | |
leftid=$ipaddres | |
leftcert=server-cert.pem | |
leftsendcert=always | |
leftsubnet=0.0.0.0/0 | |
right=%any | |
rightid=%any | |
rightauth=eap-mschapv2 | |
rightsourceip=10.10.10.0/24 | |
rightdns=8.8.8.8,8.8.4.4 | |
rightsendcert=never | |
eap_identity=%identity | |
MSI | |
read -p "entre your username: " username | |
read -p "entre your password : " passwd | |
/bin/cat <<MSI >$ipsec_pass | |
: RSA "server-key.pem" | |
$username : EAP "$passwd" | |
MSI | |
systemctl restart strongswan | |
ipsec restart | |
infoDyawli | |
} | |
myip= | |
while IFS=$': \t' read -a line ;do | |
[ -z "${line%inet}" ] && ip=${line[${#line[1]}>4?1:2]} && | |
[ "${ip#127.0.0.1}" ] && myip=$ip | |
done< <(LANG=C /sbin/ifconfig) | |
function jibIP { | |
echo " | |
" | |
ip addr | awk ' | |
/^[0-9]+:/ { | |
sub(/:/,"",$2); iface=$2 } | |
/^[[:space:]]*inet / { | |
split($2, a, "/") | |
print iface" : "a[1] | |
}' | |
echo "Default(${_5dar}${chin}"$myip"${wali})" | |
} | |
function AjouUser { | |
echo "add new user :" | |
read -p "user ? " adduser | |
read -p "password for ${adduser} ? " addpass | |
echo " | |
IP server [Host] : $myip | |
username : $adduser | |
password : $addpass" >> ~/IPsec/vpnINFO | |
echo "${adduser} : EAP "$addpass"" >> $ipsec_pass | |
echo "user : ${adduser} | |
pass : "$addpass"" | |
} | |
function installer { | |
while true | |
do | |
read -p "choice 1-3 ? " undeux | |
case $undeux in | |
['1'] ) | |
clear | |
init | |
strongswaner | |
break;; | |
["2"] ) | |
clear | |
AjouUser | |
break;; | |
[3] ) | |
echo "byee ^^" | |
exit;; | |
* ) | |
clear | |
rass | |
echo ${_7mer}"choices 1-3 : "${wali};; | |
esac | |
done | |
} | |
function infoDyawli { | |
clear | |
info=" VPN Server credentials :" | |
infoH="IP server [Host] : ${_5dar}$ipaddres${wali}" | |
infoU="username : ${_5dar}$username${wali}" | |
infoP="password : ${_5dar}$passwd${wali}" | |
echo ${info} | |
echo ${infoH} | |
echo ${infoU} | |
echo ${infoP} | |
if [ ! -f ~/IPsec ]; then | |
mkdir ~/IPsec | |
touch ~/IPsec/vpnINFO | |
fi | |
cp /etc/ipsec.d/cacerts/ca-cert.pem ~/IPsec/ca-ipsec.pem | |
echo "$info | |
$infoH | |
$infoU | |
$infoP | |
" >> ~/IPsec/vpnINFO | |
echo "credentials saved on : ~/IPsec/vpnINFO" | |
echo " | |
Certificates saved on : ~/IPsec/ca-ipsec.pem" | |
} | |
function init { | |
cert_dir=~/pki/ | |
read -p "VPN Network name ? " dname | |
dirs=($cert_dir $cert_dir/cacerts $cert_dir/certs $cert_dir/private) | |
for dir in "${dirs[@]}" | |
do | |
if ! [[ -d $dir ]] | |
then | |
mkdir -p $dir | |
fi | |
done | |
echo ${_5dar}"Initialiser Certificate Authority "${wali} | |
ipsec pki --gen --type rsa --size 4096 --outform pem >> $cert_dir/private/ca-key.pem | |
ipsec pki --self --ca --lifetime 3650 --in ~/pki/private/ca-key.pem \ | |
--type rsa --dn "CN=$dname" --outform pem > ~/pki/cacerts/ca-cert.pem | |
ipsec pki --gen --type rsa --size 4096 --outform pem > $cert_dir/private/server-key.pem | |
#### | |
jibIP | |
read -p "entre your IP address :" ipaddres | |
ipsec pki --pub --in ~/pki/private/server-key.pem --type rsa \ | |
| ipsec pki --issue --lifetime 1825 \ | |
--cacert ~/pki/cacerts/ca-cert.pem \ | |
--cakey ~/pki/private/ca-key.pem \ | |
--dn "CN=$ipaddres" --san "$ipaddres" \ | |
--flag serverAuth --flag ikeIntermediate --outform pem \ | |
> ~/pki/certs/server-cert.pem | |
sudo cp -r -f ~/pki/* /etc/ipsec.d/ | |
mv -f $kernel_param_file "$kernel_param_file_.backup" | |
cat <<MSI >$kernel_param_file | |
$pack_rediv4 | |
$pack_rediv6 | |
$dis_pack_acce | |
$dis_pack_send | |
MSI | |
sysctl -p >/dev/null | |
} | |
function rass { | |
echo ${_5chin}' ___ ___ _____ _____ | |
| \/ |/ ___||_ _| | |
| . . |\ `--. | | | |
| |\/| | `--. \ | | | |
| | | |/\__/ / _| |_ | |
\_| |_/\____/ \___/ | |
IPsec VPN server installer | |
by : S4ddik '${wali} | |
echo ' 1 - Install IPsec VPN' | |
echo ' 2 - add users' | |
echo ' 3 - die' | |
} | |
while true | |
do | |
clear | |
read -p "Do you want to install IPsec VPN server on your machine ? Y/N" answer | |
case $answer in | |
['y''Y''O''Oui'] ) | |
rass | |
installer | |
break;; | |
['n''N']) | |
echo ${_7mer}"byee"${wali} | |
exit;; | |
* ) | |
echo "${_7mer}yes || NO ? :${wali} ";; | |
esac | |
done | |
#VPN #IKE #IKEv2 #IPsec #strongswan #implementation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment