Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-10 01:11:07 +00:00
Code Issues Projects Releases Wiki Activity

configure a user

Browse Source
This commit is contained in:
Dan Guido 2016-05-15 12:12:17 -04:00
parent e10b1b669f
commit c4f39262af
3 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
templates/ipsec.conf.j2 Normal file
View File

@ -0,0 +1,18 @@
config setup
uniqueids = never # allow multiple connections per user
conn %default
keyexchange=ikev2
ike=aes128gcm16-sha2_256-prfsha256-ecp256!
esp=aes128gcm16-sha2_256-ecp256!
compress=yes
fragmentation=yes
conn psk
authby=psk
left=%any
leftsubnet=0.0.0.0/0
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=10.0.0.0/24
auto=add

1
templates/ipsec.secrets.j2 Normal file
View File

@ -0,0 +1 @@
dan : PSK "{{ ipsec_psk.stdout }}"

12
vpn.yml
View File

@ -14,5 +14,15 @@
- name: Do not accept ICMP redirects (prevent MITM attacks) - name: Do not accept ICMP redirects (prevent MITM attacks)
sysctl: name=net.ipv4.conf.all.send_redirects value=0 sysctl: name=net.ipv4.conf.all.send_redirects value=0
- name: Configure IPTables to route traffic appropriately - name: Needed so that IPSEC traffic can traverse the tunnel
iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE
- name: Setup the ipsec.conf file from our template
template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
- name: Generate a random IPsec pre-shared key (16 bytes)
shell: openssl rand -base64 16
register: ipsec_psk
- name: Setup the ipsec.secrets file with users and passwords
template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=600