API tools faq
paste
Advertisement
joemccray

IPSec VPN Setup

joemccray
May 2nd, 2024 (edited)
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # Site-to-site VPN setup script for Ubuntu 22.04 with FortiGate firewall using IPsec
  3. # This script sets up the required IPsec configurations, firewall rules, and port forwarding.
  4.  
  5. # Define IP addresses and ranges
  6. PUBLIC_IP="101.46.51.126"
  7. PRIVATE_IP="192.168.0.95"
  8. FORTIGATE_PUBLIC_IP="185.109.177.249"
  9. FORTIGATE_INTERNAL_IPS="172.16.2.0/24,172.16.3.0/24,172.16.4.0/24,172.16.5.0/24,172.16.6.0/24,172.16.7.0/24,172.16.8.0/24"
  10. TARGET_IP="192.168.220.10"
  11. PSK="P@ssw0rd!@#$"
  12.  
  13. # Ensure the script is run as root
  14. if [ "$(id -u)" -ne 0 ]; then
  15. echo "This script must be run as root."
  16. exit 1
  17. fi
  18.  
  19. # Install necessary packages
  20. install_packages() {
  21. echo "Installing necessary packages..."
  22. apt-get update
  23. apt-get install -y libreswan iptables-persistent
  24. }
  25.  
  26. # Configure IPsec
  27. configure_ipsec() {
  28. echo "Configuring IPsec for site-to-site VPN..."
  29.  
  30. # Create IPsec configuration
  31. cat > /etc/ipsec.conf <<EOF
  32. config setup
  33. virtual-private=%v4:${PRIVATE_IP}/24,%v4:${FORTIGATE_INTERNAL_IPS}
  34. nat-traversal=yes
  35. protostack=netkey
  36. interfaces=%defaultroute
  37.  
  38. conn site-to-site
  39. authby=secret
  40. auto=start
  41. type=tunnel
  42. ike=aes256-sha1;modp1024
  43. phase2alg=aes256-sha1;modp1024
  44. left=${PUBLIC_IP}
  45. leftid=${PUBLIC_IP}
  46. leftsubnet=${PRIVATE_IP}/24
  47. right=${FORTIGATE_PUBLIC_IP}
  48. rightsubnet=${FORTIGATE_INTERNAL_IPS}
  49. pfs=yes
  50. EOF
  51.  
  52. # Create IPsec secrets
  53. cat > /etc/ipsec.secrets <<EOF
  54. ${PUBLIC_IP} ${FORTIGATE_PUBLIC_IP} : PSK "${PSK}"
  55. EOF
  56.  
  57. # Restart IPsec to apply configurations
  58. systemctl restart ipsec
  59. echo "IPsec configuration completed."
  60. }
  61.  
  62. # Configure port forwarding for UDP port 514
  63. setup_port_forwarding() {
  64. echo "Setting up port forwarding for UDP port 514..."
  65. iptables -t nat -A PREROUTING -d ${PUBLIC_IP} -p udp --dport 514 -j DNAT --to-destination ${TARGET_IP}:514
  66. iptables -A FORWARD -p udp -d ${TARGET_IP} --dport 514 -j ACCEPT
  67. netfilter-persistent save
  68. }
  69.  
  70. # Enable IP Forwarding
  71. enable_ip_forwarding() {
  72. echo "Enabling IP forwarding..."
  73. sysctl -w net.ipv4.ip_forward=1
  74. echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-ipforward.conf
  75. }
  76.  
  77. # Main function to control the script flow
  78. main() {
  79. echo "Starting the IPsec VPN setup on Ubuntu 22.04 for FortiGate compatibility"
  80. install_packages
  81. configure_ipsec
  82. enable_ip_forwarding
  83. setup_port_forwarding
  84. echo "Site-to-site VPN setup is complete."
  85. }
  86.  
  87. main
  88.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!