One Command To Install IPSec VPN Server – Libreswan (IPSec VPN ServerAuto Secutity Script)
Github project hwdsl2/setup-ipsec-vpn provides a simple way to set up a IPSec VPN Server by just using one line of command.
If you will need a VPN to have safe access to Internet or remote network, this might give you a good option to have your VPN in the cloud.
Introduction
Features
- Fully automated IPsec VPN server setup, no user input needed
- Supports IKEv2 with strong and fast ciphers (e.g. AES-GCM)
- Generates VPN profiles to auto-configure iOS, macOS and Android devices
- Supports Windows, macOS, iOS, Android, Chrome OS and Linux as VPN clients
- Includes helper scripts to manage VPN users and certificates
Libreswan is a free software implementation of the most widely supported and standardized VPN protocol using "IPsec" and the Internet Key Exchange ("IKE"). These standards are produced and maintained by the Internet Engineering Task Force ("IETF").
One Line Command
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
root@ub20-1-test:~# wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
--2023-08-07 02:12:44-- https://get.vpnsetup.net/
Resolving get.vpnsetup.net (get.vpnsetup.net)... 172.64.80.1, 2606:4700:130:436c:6f75:6466:6c61:7265
Connecting to get.vpnsetup.net (get.vpnsetup.net)|172.64.80.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9781 (9.6K) [text/plain]
Saving to: ‘vpn.sh’
vpn.sh 100%[======================================================================================================================>] 9.55K --.-KB/s in 0s
2023-08-07 02:12:44 (52.8 MB/s) - ‘vpn.sh’ saved [9781/9781]
+ wget -t 3 -T 30 -q -O /tmp/vpn.iMFul/vpn.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/vpnsetup_ubuntu.sh
## VPN credentials not set by user. Generating random PSK and password...
## VPN setup in progress... Please be patient.
## Installing packages required for setup...
+ apt-get -yqq update
+ apt-get -yqq install wget dnsutils openssl iptables iproute2 gawk grep sed net-tools
## Trying to auto discover IP of this server...
## Installing packages required for the VPN...
+ apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev libcurl4-nss-dev flex bison gcc make libnss3-tools libevent-dev libsystemd-dev uuid-runtime ppp xl2tpd
Extracting templates from packages: 100%
## Installing Fail2Ban to protect SSH...
+ apt-get -yqq install fail2ban
## Downloading helper scripts...
+ ikev2.sh addvpnuser.sh delvpnuser.sh
## Downloading Libreswan...
+ wget -t 3 -T 30 -q -O libreswan-4.11.tar.gz https://github.com/libreswan/libreswan/archive/v4.11.tar.gz
## Compiling and installing Libreswan, please wait...
+ make -j3 -s base
+ make -s install-base
## Creating VPN configuration...
## Updating sysctl settings...
## Updating IPTables rules...
## Enabling services on boot...
## Starting services...
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: 140.238.155.149
IPsec PSK: H2r5V65p4b4uHia2sJb
Username: vpnuser
Password: GeWtsqPDC5tfPKY
Write these down. You'll need them to connect!
VPN client setup: https://vpnsetup.net/clients
================================================
================================================
IKEv2 setup successful. Details for IKEv2 mode:
VPN server address: 140.238.155.149
VPN client name: vpnclient
Client configuration is available at:
/root/vpnclient.p12 (for Windows & Linux)
/root/vpnclient.sswan (for Android)
/root/vpnclient.mobileconfig (for iOS & macOS)
Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients
================================================
root@ub20-1-test:~#
You may optionally install WireGuard and/or OpenVPN on the same server. If your server runs CentOS Stream, Rocky Linux or AlmaLinux, first install OpenVPN/WireGuard, then install the IPsec VPN.
Firewall Ports
Clients
Get your computer or device to use the VPN. Please refer to:
Manager VPN Users
See Manage VPN users.
Upgrade
Upgrade Libreswan
Use this one-liner to update Libreswan on your VPN server.
wget https://get.vpnsetup.net/upg -O vpnup.sh && sudo sh vpnup.sh
Uninstall IPSec VPN
To uninstall IPsec VPN, run the helper script:
Warning: This helper script will remove IPsec VPN from your server. All VPN configuration will be permanently deleted, and Libreswan and xl2tpd will be removed. This cannot be undone!
wget https://get.vpnsetup.net/unst -O unst.sh && sudo bash unst.sh
Videos
共有 0 条评论