-
Notifications
You must be signed in to change notification settings - Fork 1
/
install.sh
153 lines (127 loc) · 4.43 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/bash
# exit on any error
set -eo pipefail
function usage () {
printf "Usage: ${0##*/} [-k IPSEC_PSK] [-p PRIMARY_DNS] [-s SECONDARY_DNS]\n"
printf "OPTIONS\n"
printf "\t[-k IPSEC_PSK]\n\n"
printf "\tIPsec Pre-Shared Key, default is 'SharedSecret'.\n\n"
printf "\t[-p PRIMARY_DNS]\n\n"
printf "\tPrimary DNS, default is '8.8.8.8'.\n\n"
printf "\t[-s SECONDARY_DNS]\n\n"
printf "\tSecondary DNS, default is '8.8.4.4'.\n\n"
exit 255
}
while getopts k:p:s:h opt; do
case $opt in
k)
IPSEC_PSK=$OPTARG
;;
p)
PRIMARY_DNS=$OPTARG
;;
s)
SECONDARY_DNS=$OPTARG
;;
*|h)
usage
;;
esac
done
[[ -z $IPSEC_PSK ]] && IPSEC_PSK="SharedSecret"
[[ -z $PRIMARY_DNS ]] && PRIMARY_DNS="8.8.8.8"
[[ -z $SECONDARY_DNS ]] && SECONDARY_DNS="8.8.4.4"
L2TP_VIRTUAL_IP=192.168.42.1
L2TP_DHCP_CIDR=192.168.42.0/24
L2TP_DHCP_BEGIN=192.168.42.10
L2TP_DHCP_END=192.168.42.250
# retrieve the IP addresses
SERVER_PRIVATE_IP=`curl http://169.254.169.254/latest/meta-data/local-ipv4`
SERVER_PUBLIC_IP=`curl http://169.254.169.254/latest/meta-data/public-ipv4`
function if-yum-repo-exist () {
# Usage: if-yum-repo-exist <repo>; echo $?
[[ "$(yum repolist "${1:?}" | awk 'END {print $NF}')" > 0 ]]
}
function amazon-linux-extra-safe () {
repo=${1:?}
if type amazon-linux-extras >/dev/null 2>&1; then
if ! if-yum-repo-exist "$repo"; then
# Amazon Linux 2 AMI needs this
echo "installing repo: $repo ..."
amazon-linux-extras install -y "$repo"
fi
else
echo 'amazon-linux-extra: not found the command, continue' >&2
fi
}
# epel
amazon-linux-extra-safe epel
# openswan
echo 'installing openswan ...'
yum install -y --enablerepo=epel openswan
# xl2tpd
echo 'installing xl2tpd ...'
yum install -y --enablerepo=epel xl2tpd
# ipsec.conf
echo 'installing /etc/ipsec.conf ...'
/bin/cp -a ${0%/*}/conf/ipsec.conf /etc/ipsec.conf
sed -i "s/<SERVER_PRIVATE_IP>/$SERVER_PRIVATE_IP/" /etc/ipsec.conf
sed -i "s/<SERVER_PUBLIC_IP>/$SERVER_PUBLIC_IP/" /etc/ipsec.conf
# ipsec.secrets
echo 'installing /etc/ipsec.secrets ...'
/bin/cp -a ${0%/*}/conf/ipsec.secrets /etc/ipsec.secrets
sed -i "s/<SERVER_PUBLIC_IP>/$SERVER_PUBLIC_IP/" /etc/ipsec.secrets
sed -i "s/<IPSEC_PSK>/$IPSEC_PSK/" /etc/ipsec.secrets
chmod 600 /etc/ipsec.secrets
# xl2tpd.conf
echo 'installing /etc/xl2tpd/xl2tpd.conf ...'
/bin/cp -a ${0%/*}/conf/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf
sed -i "s/<L2TP_VIRTUAL_IP>/$L2TP_VIRTUAL_IP/" /etc/xl2tpd/xl2tpd.conf
sed -i "s/<L2TP_DHCP_BEGIN>/$L2TP_DHCP_BEGIN/" /etc/xl2tpd/xl2tpd.conf
sed -i "s/<L2TP_DHCP_END>/$L2TP_DHCP_END/" /etc/xl2tpd/xl2tpd.conf
# options.xl2tpd
echo 'installing /etc/ppp/options.xl2tpd ...'
/bin/cp -a ${0%/*}/conf/options.xl2tpd /etc/ppp/options.xl2tpd
sed -i "s/<PRIMARY_DNS>/$PRIMARY_DNS/" /etc/ppp/options.xl2tpd
sed -i "s/<SECONDARY_DNS>/$SECONDARY_DNS/" /etc/ppp/options.xl2tpd
# char-secrets
echo 'installing /etc/ppp/char-secrets ...'
/bin/cp -a ${0%/*}/conf/chap-secrets /etc/ppp/char-secrets
chmod 600 /etc/ppp/char-secrets
function sysctl-write-and-save () {
# Usage: sysctl-write-and-save <key>=<value>
local key=${1%%=*}
local value=${1#*=}
sed -i "/^$key = /d" /etc/sysctl.conf
sysctl -w "$key=$value" | tee -a /etc/sysctl.conf
}
# echo 'updating sysctl settings ...'
sysctl-write-and-save 'net.ipv4.ip_forward=1'
sysctl-write-and-save 'net.ipv4.conf.all.accept_redirects=0'
sysctl-write-and-save 'net.ipv4.conf.all.send_redirects=0'
sysctl-write-and-save 'net.ipv4.conf.default.accept_redirects=0'
sysctl-write-and-save 'net.ipv4.conf.default.send_redirects=0'
sysctl-write-and-save 'net.ipv4.conf.eth0.accept_redirects=0'
sysctl-write-and-save 'net.ipv4.conf.eth0.send_redirects=0'
# iptables-services
if ! service iptables status >/dev/null 2>&1; then
echo 'installing iptables-services ...'
yum install -y iptables-services
fi
# iptables
IPTABLES_OPTIONS="-t nat -s $L2TP_DHCP_CIDR -o eth0 -j MASQUERADE"
if ! iptables -C POSTROUTING $IPTABLES_OPTIONS 2>/dev/null; then
echo 'updating iptables rules ...'
iptables -A POSTROUTING $IPTABLES_OPTIONS
service iptables save
fi
echo 'verifying ipsec ...'
ipsec verify || :
echo 'restarting ipsec service ...'
service ipsec restart
echo 'restarting xl2tpd service ...'
service xl2tpd restart
echo 'updating chkconfig ...'
chkconfig ipsec on
chkconfig xl2tpd on
exit