-
Notifications
You must be signed in to change notification settings - Fork 0
/
pptp.yaml
125 lines (119 loc) · 3.61 KB
/
pptp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
Description: Setting up our own private and secure VPN.
Parameters:
VPNUsername:
Description: PPTP-VPN User
Type: String
MinLength: 4
MaxLength: 255
AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
VPNPassword:
NoEcho: true
Description: PPTP-VPN Password
Type: String
MinLength: 4
MaxLength: 255
ConstraintDescription: must contain atleast 4 characters.
VPNPhrase:
NoEcho: true
Description: Passphrase for IPSEC PSK
Type: String
MinLength: 4
MaxLength: 255
ConstraintDescription: must contain atleast 4 characters.
DNSServerPrimary:
Description: IPv4 Address for DNS server primary
Type: String
Default: "1.1.1.1"
DNSServerSecondary:
Description: IPv4 Address for DNS server secondary
Type: String
Default: "1.0.0.1"
Mappings:
Region2AMI:
us-west-2:
AMI: ami-003634241a8fcdec0
Resources:
VPNServerInstance:
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- Region2AMI
- Ref: AWS::Region
- AMI
InstanceType: t2.micro
SecurityGroups:
- Ref: VPNSecurityGroup
Tags:
- Key: Name
Value:
Ref: AWS::StackName
UserData:
Fn::Base64: !Join
- "#"
- - !Sub |
#!/bin/sh
#Passing variables to shell
YOUR_IPSEC_PSK=${VPNPhrase}
YOUR_USERNAME=${VPNUsername}
YOUR_PASSWORD=${VPNPassword}
YOUR_DNS_PRIMARY=${DNSServerPrimary}
YOUR_DNS_SECONDARY=${DNSServerSecondary}
- |
#VPN 1 - L2TP IPSEC Server
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK=$YOUR_IPSEC_PSK \
VPN_USER=$YOUR_USERNAME \
VPN_PASSWORD=$YOUR_PASSWORD sh vpnsetup.sh
#VPN 2 - Setup PPTP Server
apt-get install pptpd -y
echo "localip 10.0.0.1" >> /etc/pptpd.conf
echo "remoteip 10.0.0.100-200" >> /etc/pptpd.conf
echo "$YOUR_USERNAME pptpd $YOUR_PASSWORD *" >> /etc/ppp/chap-secrets
echo "ms-dns $YOUR_DNS_PRIMARY" >> /etc/ppp/pptpd-options
echo "ms-dns $YOUR_DNS_SECONDARY" >> /etc/ppp/pptpd-options
service pptpd restart
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
VPNSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: VPN Security Groups
SecurityGroupIngress:
# used by IPSec for Internet Key Exchange(IKE)
- IpProtocol: tcp
FromPort: "500"
ToPort: "500"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "500"
ToPort: "500"
CidrIp: 0.0.0.0/0
# used by IPSec for NAT traversal
- IpProtocol: udp
FromPort: "4500"
ToPort: "4500"
CidrIp: 0.0.0.0/0
# used by PPTP
- IpProtocol: tcp
FromPort: "1723"
ToPort: "1723"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "1723"
ToPort: "1723"
CidrIp: 0.0.0.0/0
# used by L2TP
- IpProtocol: udp
FromPort: "1701"
ToPort: "1701"
CidrIp: 0.0.0.0/0
Outputs:
VPNServerAddress:
Description: Use the IP as Server Address or VPN Host
Value:
Fn::GetAtt:
- VPNServerInstance
- PublicIp