Created
December 18, 2019 18:50
-
-
Save egeneralov/882716108e052d46b1ccafcac869e676 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ================================================================================================================================================================= | |
| # all | |
| echo "1" > /proc/sys/net/ipv4/ip_forward | |
| apt-get update -q | |
| apt-get install -yq strongswan lxc | |
| # ================================================================================================================================================================= | |
| # node1 | |
| cat << EOF > /etc/default/lxc-net | |
| USE_LXC_BRIDGE="true" | |
| LXC_BRIDGE="lxcbr0" | |
| LXC_ADDR="10.0.3.1" | |
| LXC_NETMASK="255.255.255.0" | |
| LXC_NETWORK="10.0.3.0/24" | |
| LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" | |
| LXC_DHCP_MAX="253" | |
| LXC_DHCP_CONFILE="" | |
| LXC_DOMAIN="" | |
| EOF | |
| systemctl restart lxc lxc-net | |
| iptunnel add gre2 mode gre local ${FIRST_IP} remote ${SECOND_IP} ttl 255 | |
| ip addr add 172.0.0.1/30 dev gre2 | |
| ip link set gre2 up | |
| cat << EOF > /etc/ipsec.conf | |
| config setup | |
| charondebug="all" | |
| uniqueids=yes | |
| strictcrlpolicy=no | |
| conn mytunnel | |
| leftid=172.0.0.1 | |
| left=172.0.0.1 | |
| rightid=172.0.0.2 | |
| right=172.0.0.2 | |
| authby=secret | |
| auto=start | |
| EOF | |
| echo '172.0.0.1 172.0.0.2 : PSK "BWiJSnqYSijoEC2Os6LK48VFGQZ1"' >> /etc/ipsec.secrets | |
| systemctl restart ipsec && journalctl -f | |
| ip route add 10.0.4.0/24 via 172.0.0.2 | |
| # ================================================================================================================================================================= | |
| # node2 | |
| cat << EOF > /etc/default/lxc-net | |
| USE_LXC_BRIDGE="true" | |
| LXC_BRIDGE="lxcbr0" | |
| LXC_ADDR="10.0.4.1" | |
| LXC_NETMASK="255.255.255.0" | |
| LXC_NETWORK="10.0.4.0/24" | |
| LXC_DHCP_RANGE="10.0.4.2,10.0.4.254" | |
| LXC_DHCP_MAX="253" | |
| LXC_DHCP_CONFILE="" | |
| LXC_DOMAIN="" | |
| EOF | |
| systemctl restart lxc lxc-net | |
| iptunnel add gre2 mode gre local ${SECOND_IP} remote ${FIRST_IP} ttl 255 | |
| ip addr add 172.0.0.2/30 dev gre2 | |
| ip link set gre2 up | |
| cat << EOF > /etc/ipsec.conf | |
| config setup | |
| charondebug="all" | |
| uniqueids=yes | |
| strictcrlpolicy=no | |
| conn mytunnel | |
| leftid=172.0.0.2 | |
| left=172.0.0.2 | |
| rightid=172.0.0.1 | |
| right=172.0.0.1 | |
| authby=secret | |
| auto=start | |
| dpdaction=restart | |
| EOF | |
| echo '172.0.0.2 172.0.0.1 : PSK "BWiJSnqYSijoEC2Os6LK48VFGQZ1"' >> /etc/ipsec.secrets | |
| systemctl restart ipsec && journalctl -f | |
| ip route add 10.0.3.0/24 via 172.0.0.2 | |
| # ================================================================================================================================================================= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment