-
-
Save neca7/018ddccd7f1157a74a4c081ace2ca471 to your computer and use it in GitHub Desktop.
Script to set up an ipsec tunnel between two machinesFor Example: ./tunnel.sh 10.10.10.1 10.10.10.2 192.168.0.1 192.168.0.2 would set up an ipsec tunnel over 10.10.10.1 address using 192.168.0.1 as a virtual addresspasswordless sudo required for user on remote machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$4" == "" ]; then | |
| echo "usage: $0 <local_ip> <remote_ip> <overlay_local_ip> <overlay_remote_ip>" | |
| echo "creates an ipsec tunnel between two machines" | |
| exit 1 | |
| fi | |
| SRC="$1"; shift | |
| DST="$1"; shift | |
| LOCAL="$1"; shift | |
| REMOTE="$1"; shift | |
| KEY1=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64` | |
| KEY2=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64` | |
| ID=0x`dd if=/dev/urandom count=4 bs=1 2> /dev/null| xxd -p -c 8` | |
| echo "spdflush; flush;" | setkey -c | |
| ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2 | |
| ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2 | |
| ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel | |
| ip xfrm policy add src $REMOTE dst $LOCAL dir in tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel | |
| ip addr add $LOCAL dev lo | |
| ip route add $REMOTE dev eth0 src $LOCAL | |
| ssh $DST /bin/bash << EOF | |
| echo "spdflush; flush;" | setkey -c | |
| ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2 | |
| ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2 | |
| ip xfrm policy add src $REMOTE dst $LOCAL dir out tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel | |
| ip xfrm policy add src $LOCAL dst $REMOTE dir in tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel | |
| ip addr add $REMOTE dev lo | |
| ip route add $LOCAL dev eth0 src $REMOTE | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment