initial commit

vpn-ec2-install.sh

@@ -0,0 +1,110 @@
+#!/bin/sh
+
+# Please define your own values for those variables
+IPSEC_PSK=SharedSecret
+VPN_USER=username
+VPN_PASSWORD=password
+
+# Those two variables will be found automatically
+PRIVATE_IP=`wget -q -O - 'http://instance-data/latest/meta-data/local-ipv4'`
+PUBLIC_IP=`wget -q -O - 'http://instance-data/latest/meta-data/public-ipv4'`
+
+yum install -y --enablerepo=epel openswan xl2tpd
+
+cat > /etc/ipsec.conf <<EOF
+version 2.0
+
+config setup
+  dumpdir=/var/run/pluto/
+  nat_traversal=yes
+  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
+  oe=off
+  protostack=netkey
+  nhelpers=0
+  interfaces=%defaultroute
+
+conn vpnpsk
+  auto=add
+  left=$PRIVATE_IP
+  leftid=$PUBLIC_IP
+  leftsubnet=$PRIVATE_IP/32
+  leftnexthop=%defaultroute
+  leftprotoport=17/1701
+  rightprotoport=17/%any
+  right=%any
+  rightsubnetwithin=0.0.0.0/0
+  forceencaps=yes
+  authby=secret
+  pfs=no
+  type=transport
+  auth=esp
+  ike=3des-sha1
+  phase2alg=3des-sha1
+  dpddelay=30
+  dpdtimeout=120
+  dpdaction=clear
+EOF
+
+cat > /etc/ipsec.secrets <<EOF
+$PUBLIC_IP  %any  : PSK "$IPSEC_PSK"
+EOF
+
+cat > /etc/xl2tpd/xl2tpd.conf <<EOF
+[global]
+port = 1701
+
+;debug avp = yes
+;debug network = yes
+;debug state = yes
+;debug tunnel = yes
+
+[lns default]
+ip range = 192.168.42.10-192.168.42.250
+local ip = 192.168.42.1
+require chap = yes
+refuse pap = yes
+require authentication = yes
+name = l2tpd
+;ppp debug = yes
+pppoptfile = /etc/ppp/options.xl2tpd
+length bit = yes
+EOF
+
+cat > /etc/ppp/options.xl2tpd <<EOF
+ipcp-accept-local
+ipcp-accept-remote
+ms-dns 8.8.8.8
+ms-dns 8.8.4.4
+noccp
+auth
+crtscts
+idle 1800
+mtu 1280
+mru 1280
+lock
+connect-delay 5000
+EOF
+
+cat > /etc/ppp/chap-secrets <<EOF
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+$VPN_USER	l2tpd   $VPN_PASSWORD   *
+EOF
+
+iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+iptables-save > /etc/iptables.rules
+
+cat > /etc/network/if-pre-up.d/iptablesload <<EOF
+#!/bin/sh
+iptables-restore < /etc/iptables.rules
+echo 1 > /proc/sys/net/ipv4/ip_forward
+exit 0
+EOF
+
+service ipsec start
+service xl2tpd start
+chkconfig ipsec on
+chkconfig xl2tpd on

vpn-ec2-start.sh

@@ -0,0 +1,36 @@
+
+#to be run on my laptop
+
+
+# create and start an instance
+#AMI = AMZN Linux 64 Bits
+#AMI_DESCRIPTION="amazon/amzn-ami-pv-2012.09.0.x86_64-ebs"
+AMI_ID=ami-c37474b7
+KEY_ID=sst-ec2
+SEC_ID=OpenVPN
+BOOTSTRAP_SCRIPT=vpn-ec2-install.sh 
+
+echo "Starting Instance..."
+INSTANCE_DETAILS=`$EC2_HOME/bin/ec2-run-instances $AMI_ID -k $KEY_ID -t t1.micro -g $SEC_ID -f $BOOTSTRAP_SCRIPT | grep INSTANCE`
+echo $INSTANCE_DETAILS
+
+AVAILABILITY_ZONE=`echo $INSTANCE_DETAILS | awk '{print $9}'`
+INSTANCE_ID=`echo $INSTANCE_DETAILS | awk '{print $2}'`
+echo $INSTANCE_ID > $HOME/vpn-ec2.id 
+
+# wait for instance to be started
+DNS_NAME=`$EC2_HOME/bin/ec2-describe-instances --filter "image-id=$AMI_ID" --filter "instance-state-name=running" | grep INSTANCE | awk '{print $4}'`
+
+while [ -z "$DNS_NAME" ]
+do
+    echo "Waiting for instance to start...."
+    sleep 5
+    DNS_NAME=`$EC2_HOME/bin/ec2-describe-instances --filter "image-id=$AMI_ID" --filter "instance-state-name=running" | grep INSTANCE | awk '{print $4}'`
+done
+
+echo "Instance started"
+
+echo "Instance ID = " $INSTANCE_ID
+echo "DNS = " $DNS_NAME " in availability zone " $AVAILABILITY_ZONE
+
+

vpn-ec2-terminate.sh

@@ -0,0 +1,27 @@
+
+#to be run on my laptop
+
+
+# create and start an instance
+
+INSTANCE_FILE=$HOME/vpn-ec2.id
+
+if [ ! -e $INSTANCE_FILE ]
+then
+    echo Missing $INSTANCE_FILE file
+    exit -1
+fi
+
+
+echo "Terminating Instance..."
+INSTANCE_ID=`cat $INSTANCE_FILE`
+
+if [ -z $INSTANCE_ID ]
+then
+    echo Missing instance ID in $INSTANCE_FILE
+    exit -1
+fi
+
+$EC2_HOME/bin/ec2-terminate-instances $INSTANCE_ID
+rm $INSTANCE_FILE
+

vpn-ec2.id

@@ -0,0 +1 @@
+i-2e357364