S4ddik · October 10, 2020 23:31
diff --git a/IPsec_ikev2.sh b/IPsec_ikev2.sh
 #!/bin/bash
 # Script pour cree un IPsec ikv2 VPN Server 
 # Tested on Archlinux - ubuntu 14.4
 # Lundi 13 September 2020  
 # thanx to https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2
 _7mer=`tput setaf 1`
 _5dar=`tput setaf 2`
 _5chin=`tput bold`
 wali=`tput sgr0`

 ##var
 ipsec_conf="/etc/ipsec.conf"
 ipsec_pass="/etc/ipsec.secrets"
 kernel_param_file="/etc/sysctl.conf"

 pack_rediv4="net.ipv4.ip_forward = 1"
 pack_rediv6="net.ipv6.conf.all.forwarding = 1"
 dis_pack_acce="net.ipv4.conf.all.accept_redirects = 0"
 dis_pack_send="net.ipv4.conf.all.send_redirects = 0"
 
 os_name=$(cat /etc/os-release | awk -F '=' '/^NAME/{print $2}' | awk '{print $1}' | tr -d '"')



 if ! which ipsec > /dev/null; then
   echo -e "strongswan not installed , installer it  doka ? (y/n) \c"
   read
   if "$REPLY" = "y"; then
      if [ "$os_name" == "Ubuntu" ];
 		then
        echo "system is ubuntu"
 		 apt-get update  -y
 		 apt-get install strongswan  -y 
      fi


 if [ "$os_name" == "Arch"  ];
 then
    pacman -S strongswan

 fi
   fi
 fi


 function strongswaner {
 	if [  -f ipsec_conf ]; then
 	sudo mv /etc/ipsec.conf{,.original}
 	fi
 	sudo touch $ipsec_conf

 cat <<MSI >$ipsec_conf
 config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

 conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=$ipaddres
    leftcert=server-cert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.10.10.0/24
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never
    eap_identity=%identity


 MSI
 read -p "entre your username: " username
 read -p "entre your password : " passwd

 /bin/cat <<MSI >$ipsec_pass
 : RSA "server-key.pem"

 $username : EAP "$passwd"
 MSI
 systemctl restart strongswan
 ipsec restart
 infoDyawli
 }


 myip=
 	while IFS=$': \t' read -a line ;do
 		[ -z "${line%inet}" ] && ip=${line[${#line[1]}>4?1:2]} &&
 		[ "${ip#127.0.0.1}" ] && myip=$ip
 		done< <(LANG=C /sbin/ifconfig)
 		  

 function jibIP {
 	echo "
 	"
 	ip addr | awk '
 		/^[0-9]+:/ { 
 		  sub(/:/,"",$2); iface=$2 } 
 		/^[[:space:]]*inet / { 
 		  split($2, a, "/")
 		  print iface" : "a[1] 
 		}'  
 


 
 		echo "Default(${_5dar}${chin}"$myip"${wali})"


 }

 function AjouUser {
 echo "add new user :"
 read -p "user  ? " adduser
 read -p "password for ${adduser} ? " addpass

 echo "
 IP server [Host]  : $myip
 username : $adduser
 password     : $addpass" >> ~/IPsec/vpnINFO

 echo "${adduser} : EAP "$addpass"" >> $ipsec_pass
 echo "user : ${adduser} 
 pass : "$addpass"" 



 }

 function installer {




 while true
 do


  read -p "choice 1-3 ? " undeux
  case $undeux in
   ['1'] ) 

 		clear
 		init
 		strongswaner
 	    break;;
 	["2"] )
 		clear
 		AjouUser
 		break;;
   [3] ) 
 	echo "byee ^^"
 	exit;;

   * )
 	clear
 	rass
    echo ${_7mer}"choices 1-3 : "${wali};;
  esac
 done

 }


 function infoDyawli {
 	clear
 info=" VPN Server credentials :"
 infoH="IP server [Host]  : ${_5dar}$ipaddres${wali}"
 infoU="username : ${_5dar}$username${wali}"
 infoP="password     : ${_5dar}$passwd${wali}"

 echo ${info}
 echo ${infoH}
 echo ${infoU}
 echo ${infoP}
 	 
 if [ ! -f ~/IPsec ]; then
 	mkdir ~/IPsec
 	touch ~/IPsec/vpnINFO
 fi

 cp /etc/ipsec.d/cacerts/ca-cert.pem  ~/IPsec/ca-ipsec.pem

 echo "$info
 $infoH
 $infoU
 $infoP
 " >> ~/IPsec/vpnINFO
 

 echo "credentials  saved on : ~/IPsec/vpnINFO"

 echo "
 Certificates saved on : ~/IPsec/ca-ipsec.pem"
 }
 function init {




 	cert_dir=~/pki/
 	read -p "VPN Network name ? " dname

 	dirs=($cert_dir $cert_dir/cacerts $cert_dir/certs $cert_dir/private)
 	for dir in "${dirs[@]}"
 	do
 		if ! [[ -d $dir ]]
 		then
 			mkdir -p $dir
 		fi
 	done

 	echo ${_5dar}"Initialiser Certificate Authority "${wali}
 
 	ipsec pki --gen --type rsa --size 4096 --outform pem >> $cert_dir/private/ca-key.pem
 	ipsec pki --self --ca --lifetime 3650 --in ~/pki/private/ca-key.pem \
    --type rsa --dn "CN=$dname" --outform pem > ~/pki/cacerts/ca-cert.pem
 	ipsec pki --gen --type rsa --size 4096 --outform pem > $cert_dir/private/server-key.pem
 	####
 	jibIP

 	read -p "entre your IP address :" ipaddres
 	
 	ipsec pki --pub --in ~/pki/private/server-key.pem --type rsa \
    | ipsec pki --issue --lifetime 1825 \
        --cacert ~/pki/cacerts/ca-cert.pem \
        --cakey ~/pki/private/ca-key.pem \
        --dn "CN=$ipaddres" --san "$ipaddres" \
        --flag serverAuth --flag ikeIntermediate --outform pem \
    >  ~/pki/certs/server-cert.pem
 sudo cp -r -f  ~/pki/* /etc/ipsec.d/

 	mv -f $kernel_param_file "$kernel_param_file_.backup"
 cat <<MSI >$kernel_param_file
 $pack_rediv4
 $pack_rediv6
 $dis_pack_acce
 $dis_pack_send
 MSI
 sysctl -p >/dev/null
 }

 function rass {

 echo ${_5chin}'      ___  ___ _____  _____ 
      |  \/  |/  ___||_   _|
      | .  . |\ `--.   | |  
      | |\/| | `--. \  | |  
      | |  | |/\__/ / _| |_   
      \_|  |_/\____/  \___/  

      IPsec VPN server installer

 by : S4ddik '${wali}

 echo ' 1 -  Install IPsec VPN'
 echo ' 2 -  add users'
 echo ' 3 -  die'
 }

 while true
 do

 clear
  read -p "Do you want to install IPsec VPN server on your machine ? Y/N" answer
  case $answer in
   ['y''Y''O''Oui'] ) 
 rass
 installer
 	           break;;

   ['n''N']) 
 	echo ${_7mer}"byee"${wali}
 	exit;;

   * )   
  
 echo "${_7mer}yes || NO ? :${wali} ";;
  esac
 done

 #VPN #IKE #IKEv2 #IPsec #strongswan #implementation
	#!/bin/bash
	# Script pour cree un IPsec ikv2 VPN Server
	# Tested on Archlinux - ubuntu 14.4
	# Lundi 13 September 2020
	# thanx to https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2
	_7mer=`tput setaf 1`
	_5dar=`tput setaf 2`
	_5chin=`tput bold`
	wali=`tput sgr0`

	##var
	ipsec_conf="/etc/ipsec.conf"
	ipsec_pass="/etc/ipsec.secrets"
	kernel_param_file="/etc/sysctl.conf"

	pack_rediv4="net.ipv4.ip_forward = 1"
	pack_rediv6="net.ipv6.conf.all.forwarding = 1"
	dis_pack_acce="net.ipv4.conf.all.accept_redirects = 0"
	dis_pack_send="net.ipv4.conf.all.send_redirects = 0"

	os_name=$(cat /etc/os-release \| awk -F '=' '/^NAME/{print $2}' \| awk '{print $1}' \| tr -d '"')



	if ! which ipsec > /dev/null; then
	echo -e "strongswan not installed , installer it doka ? (y/n) \c"
	read
	if "$REPLY" = "y"; then
	if [ "$os_name" == "Ubuntu" ];
	then
	echo "system is ubuntu"
	apt-get update -y
	apt-get install strongswan -y
	fi


	if [ "$os_name" == "Arch" ];
	then
	pacman -S strongswan

	fi
	fi
	fi


	function strongswaner {
	if [ -f ipsec_conf ]; then
	sudo mv /etc/ipsec.conf{,.original}
	fi
	sudo touch $ipsec_conf

	cat <<MSI >$ipsec_conf
	config setup
	charondebug="ike 1, knl 1, cfg 0"
	uniqueids=no

	conn ikev2-vpn
	auto=add
	compress=no
	type=tunnel
	keyexchange=ikev2
	fragmentation=yes
	forceencaps=yes
	dpdaction=clear
	dpddelay=300s
	rekey=no
	left=%any
	leftid=$ipaddres
	leftcert=server-cert.pem
	leftsendcert=always
	leftsubnet=0.0.0.0/0
	right=%any
	rightid=%any
	rightauth=eap-mschapv2
	rightsourceip=10.10.10.0/24
	rightdns=8.8.8.8,8.8.4.4
	rightsendcert=never
	eap_identity=%identity


	MSI
	read -p "entre your username: " username
	read -p "entre your password : " passwd

	/bin/cat <<MSI >$ipsec_pass
	: RSA "server-key.pem"

	$username : EAP "$passwd"
	MSI
	systemctl restart strongswan
	ipsec restart
	infoDyawli
	}


	myip=
	while IFS=$': \t' read -a line ;do
	[ -z "${line%inet}" ] && ip=${line[${#line[1]}>4?1:2]} &&
	[ "${ip#127.0.0.1}" ] && myip=$ip
	done< <(LANG=C /sbin/ifconfig)


	function jibIP {
	echo "
	"
	ip addr \| awk '
	/^[0-9]+:/ {
	sub(/:/,"",$2); iface=$2 }
	/^[[:space:]]*inet / {
	split($2, a, "/")
	print iface" : "a[1]
	}'




	echo "Default(${_5dar}${chin}"$myip"${wali})"


	}

	function AjouUser {
	echo "add new user :"
	read -p "user ? " adduser
	read -p "password for ${adduser} ? " addpass

	echo "
	IP server [Host] : $myip
	username : $adduser
	password : $addpass" >> ~/IPsec/vpnINFO

	echo "${adduser} : EAP "$addpass"" >> $ipsec_pass
	echo "user : ${adduser}
	pass : "$addpass""



	}

	function installer {




	while true
	do


	read -p "choice 1-3 ? " undeux
	case $undeux in
	['1'] )

	clear
	init
	strongswaner
	break;;
	["2"] )
	clear
	AjouUser
	break;;
	[3] )
	echo "byee ^^"
	exit;;

	* )
	clear
	rass
	echo ${_7mer}"choices 1-3 : "${wali};;
	esac
	done

	}


	function infoDyawli {
	clear
	info=" VPN Server credentials :"
	infoH="IP server [Host] : ${_5dar}$ipaddres${wali}"
	infoU="username : ${_5dar}$username${wali}"
	infoP="password : ${_5dar}$passwd${wali}"

	echo ${info}
	echo ${infoH}
	echo ${infoU}
	echo ${infoP}

	if [ ! -f ~/IPsec ]; then
	mkdir ~/IPsec
	touch ~/IPsec/vpnINFO
	fi

	cp /etc/ipsec.d/cacerts/ca-cert.pem ~/IPsec/ca-ipsec.pem

	echo "$info
	$infoH
	$infoU
	$infoP
	" >> ~/IPsec/vpnINFO


	echo "credentials saved on : ~/IPsec/vpnINFO"

	echo "
	Certificates saved on : ~/IPsec/ca-ipsec.pem"
	}
	function init {




	cert_dir=~/pki/
	read -p "VPN Network name ? " dname

	dirs=($cert_dir $cert_dir/cacerts $cert_dir/certs $cert_dir/private)
	for dir in "${dirs[@]}"
	do
	if ! [[ -d $dir ]]
	then
	mkdir -p $dir
	fi
	done

	echo ${_5dar}"Initialiser Certificate Authority "${wali}

	ipsec pki --gen --type rsa --size 4096 --outform pem >> $cert_dir/private/ca-key.pem
	ipsec pki --self --ca --lifetime 3650 --in ~/pki/private/ca-key.pem \
	--type rsa --dn "CN=$dname" --outform pem > ~/pki/cacerts/ca-cert.pem
	ipsec pki --gen --type rsa --size 4096 --outform pem > $cert_dir/private/server-key.pem
	####
	jibIP

	read -p "entre your IP address :" ipaddres

	ipsec pki --pub --in ~/pki/private/server-key.pem --type rsa \
	\| ipsec pki --issue --lifetime 1825 \
	--cacert ~/pki/cacerts/ca-cert.pem \
	--cakey ~/pki/private/ca-key.pem \
	--dn "CN=$ipaddres" --san "$ipaddres" \
	--flag serverAuth --flag ikeIntermediate --outform pem \
	> ~/pki/certs/server-cert.pem
	sudo cp -r -f ~/pki/* /etc/ipsec.d/

	mv -f $kernel_param_file "$kernel_param_file_.backup"
	cat <<MSI >$kernel_param_file
	$pack_rediv4
	$pack_rediv6
	$dis_pack_acce
	$dis_pack_send
	MSI
	sysctl -p >/dev/null
	}

	function rass {

	echo ${_5chin}' ___ ___ _____ _____
	\| \/ \|/ ___\|\|_ _\|
	\| . . \|\ `--. \| \|
	\| \|\/\| \| `--. \ \| \|
	\| \| \| \|/\__/ / _\| \|_
	\_\| \|_/\____/ \___/

	IPsec VPN server installer

	by : S4ddik '${wali}

	echo ' 1 - Install IPsec VPN'
	echo ' 2 - add users'
	echo ' 3 - die'
	}

	while true
	do

	clear
	read -p "Do you want to install IPsec VPN server on your machine ? Y/N" answer
	case $answer in
	['y''Y''O''Oui'] )
	rass
	installer
	break;;

	['n''N'])
	echo ${_7mer}"byee"${wali}
	exit;;

	* )

	echo "${_7mer}yes \|\| NO ? :${wali} ";;
	esac
	done

	#VPN #IKE #IKEv2 #IPsec #strongswan #implementation