random- collection of un-sorted bollocks |
git clone git://git.acid.vegas/random.git |
Log | Files | Refs | Archive |
vpstun.md (1412B)
1 ## 1. Set up the GRE Tunnel 2 ###### Source 3 ```shell 4 ip tunnel add gre1 mode gre remote [VPS2_PUBLIC_IP] local [VPS1_PUBLIC_IP] ttl 255 5 ip link set gre1 up 6 ip addr add [LOCAL_TUNNEL_IP1]/32 dev gre1 7 ``` 8 9 ###### Destination 10 ```shell 11 ip tunnel add gre1 mode gre remote [VPS1_PUBLIC_IP] local [VPS2_PUBLIC_IP] ttl 255 12 ip link set gre1 up 13 ip addr add [LOCAL_TUNNEL_IP2]/32 dev gre1 14 ``` 15 16 ## 2. Set up IPsec 17 This is for securing the GRE tunnel. StrongSwan is a popular tool for IPsec. 18 1. `nano /etc/ipsec.conf` *(Both servers)* 19 ``` 20 conn gre-tunnel 21 left=[VPS1_PUBLIC_IP] 22 leftsubnet=[VPS1_LOCAL_NETWORK] 23 right=[VPS2_PUBLIC_IP] 24 rightsubnet=[VPS2_LOCAL_NETWORK] 25 authby=secret 26 keyexchange=ikev2 27 ikelifetime=1h 28 keylife=20m 29 keyingtries=3 30 auto=start 31 esp=aes128-sha1-modp1024! 32 ike=aes128-sha1-modp1024! 33 ``` 34 35 2. `nano /etc/ipsec.secrets` 36 ``` 37 [VPS1_PUBLIC_IP] [VPS2_PUBLIC_IP] : PSK "YourStrongSecretKey" 38 ``` 39 40 3. `systemctl restart strongswan` 41 42 ## 3. Forward Traffic 43 ###### Source 44 ```shell 45 iptables -t nat -A POSTROUTING -o gre1 -j MASQUERADE 46 iptables -A FORWARD -i gre1 -j ACCEPT 47 ``` 48 49 ###### Destination 50 ```shell 51 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 52 iptables -A FORWARD -i gre1 -j ACCEPT 53 ``` 54 55 ###### Both servers 56 `echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf` *(Permanent)* 57 58 or.. 59 60 `echo 1 > /proc/sys/net/ipv4/ip_forward` *(Temporary)* 61 62 and then run `sysctl -p`