random

- collection of un-sorted bollocks
git clone git://git.acid.vegas/random.git
Log | Files | Refs | Archive

vpstun.md (1412B)

      1 ## 1. Set up the GRE Tunnel
      2 ###### Source
      3 ```shell
      4 ip tunnel add gre1 mode gre remote [VPS2_PUBLIC_IP] local [VPS1_PUBLIC_IP] ttl 255
      5 ip link set gre1 up
      6 ip addr add [LOCAL_TUNNEL_IP1]/32 dev gre1
      7 ```
      8 
      9 ###### Destination
     10 ```shell
     11 ip tunnel add gre1 mode gre remote [VPS1_PUBLIC_IP] local [VPS2_PUBLIC_IP] ttl 255
     12 ip link set gre1 up
     13 ip addr add [LOCAL_TUNNEL_IP2]/32 dev gre1
     14 ```
     15 
     16 ## 2. Set up IPsec
     17 This is for securing the GRE tunnel. StrongSwan is a popular tool for IPsec.
     18 1. `nano /etc/ipsec.conf` *(Both servers)*
     19 ```
     20 conn gre-tunnel
     21     left=[VPS1_PUBLIC_IP]
     22     leftsubnet=[VPS1_LOCAL_NETWORK]
     23     right=[VPS2_PUBLIC_IP]
     24     rightsubnet=[VPS2_LOCAL_NETWORK]
     25     authby=secret
     26     keyexchange=ikev2
     27     ikelifetime=1h
     28     keylife=20m
     29     keyingtries=3
     30     auto=start
     31     esp=aes128-sha1-modp1024!
     32     ike=aes128-sha1-modp1024!
     33 ```
     34 
     35 2. `nano /etc/ipsec.secrets`
     36 ```
     37 [VPS1_PUBLIC_IP] [VPS2_PUBLIC_IP] : PSK "YourStrongSecretKey"
     38 ```
     39 
     40 3. `systemctl restart strongswan`
     41 
     42 ## 3. Forward Traffic
     43 ###### Source
     44 ```shell
     45 iptables -t nat -A POSTROUTING -o gre1 -j MASQUERADE
     46 iptables -A FORWARD -i gre1 -j ACCEPT
     47 ```
     48 
     49 ###### Destination
     50 ```shell
     51 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     52 iptables -A FORWARD -i gre1 -j ACCEPT
     53 ```
     54 
     55 ###### Both servers
     56 `echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf` *(Permanent)*
     57 
     58 or..
     59 
     60 `echo 1 > /proc/sys/net/ipv4/ip_forward` *(Temporary)*
     61 
     62 and then run `sysctl -p`