Advertisement
joemccray

IPSec VPN Setup

May 2nd, 2024 (edited)
134
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
  1. #!/bin/bash
  2. # Site-to-site VPN setup script for Ubuntu 22.04 with FortiGate firewall using IPsec
  3. # This script sets up the required IPsec configurations, firewall rules, and port forwarding.
  4.  
  5. # Define IP addresses and ranges
  6. PUBLIC_IP="101.46.51.126"
  7. PRIVATE_IP="192.168.0.95"
  8. FORTIGATE_PUBLIC_IP="185.109.177.249"
  9. FORTIGATE_INTERNAL_IPS="172.16.2.0/24,172.16.3.0/24,172.16.4.0/24,172.16.5.0/24,172.16.6.0/24,172.16.7.0/24,172.16.8.0/24"
  10. TARGET_IP="192.168.220.10"
  11. PSK="P@ssw0rd!@#$"
  12.  
  13. # Ensure the script is run as root
  14. if [ "$(id -u)" -ne 0 ]; then
  15. echo "This script must be run as root."
  16. exit 1
  17. fi
  18.  
  19. # Install necessary packages
  20. install_packages() {
  21. echo "Installing necessary packages..."
  22. apt-get update
  23. apt-get install -y libreswan iptables-persistent
  24. }
  25.  
  26. # Configure IPsec
  27. configure_ipsec() {
  28. echo "Configuring IPsec for site-to-site VPN..."
  29.  
  30. # Create IPsec configuration
  31. cat > /etc/ipsec.conf <<EOF
  32. config setup
  33. virtual-private=%v4:${PRIVATE_IP}/24,%v4:${FORTIGATE_INTERNAL_IPS}
  34. nat-traversal=yes
  35. protostack=netkey
  36. interfaces=%defaultroute
  37.  
  38. conn site-to-site
  39. authby=secret
  40. auto=start
  41. type=tunnel
  42. ike=aes256-sha1;modp1024
  43. phase2alg=aes256-sha1;modp1024
  44. left=${PUBLIC_IP}
  45. leftid=${PUBLIC_IP}
  46. leftsubnet=${PRIVATE_IP}/24
  47. right=${FORTIGATE_PUBLIC_IP}
  48. rightsubnet=${FORTIGATE_INTERNAL_IPS}
  49. pfs=yes
  50. EOF
  51.  
  52. # Create IPsec secrets
  53. cat > /etc/ipsec.secrets <<EOF
  54. ${PUBLIC_IP} ${FORTIGATE_PUBLIC_IP} : PSK "${PSK}"
  55. EOF
  56.  
  57. # Restart IPsec to apply configurations
  58. systemctl restart ipsec
  59. echo "IPsec configuration completed."
  60. }
  61.  
  62. # Configure port forwarding for UDP port 514
  63. setup_port_forwarding() {
  64. echo "Setting up port forwarding for UDP port 514..."
  65. iptables -t nat -A PREROUTING -d ${PUBLIC_IP} -p udp --dport 514 -j DNAT --to-destination ${TARGET_IP}:514
  66. iptables -A FORWARD -p udp -d ${TARGET_IP} --dport 514 -j ACCEPT
  67. netfilter-persistent save
  68. }
  69.  
  70. # Enable IP Forwarding
  71. enable_ip_forwarding() {
  72. echo "Enabling IP forwarding..."
  73. sysctl -w net.ipv4.ip_forward=1
  74. echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-ipforward.conf
  75. }
  76.  
  77. # Main function to control the script flow
  78. main() {
  79. echo "Starting the IPsec VPN setup on Ubuntu 22.04 for FortiGate compatibility"
  80. install_packages
  81. configure_ipsec
  82. enable_ip_forwarding
  83. setup_port_forwarding
  84. echo "Site-to-site VPN setup is complete."
  85. }
  86.  
  87. main
  88.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement