API tools faq
paste
Guest User

Untitled

a guest
Feb 1st, 2016
65
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.32 KB | None | 0 0
raw download clone embed print report
  1.  
  2. {
  3. "AWSTemplateFormatVersion": "2010-09-09",
  4. "Description": "Setting up your own private and secure VPN. You can read instructions on our blog https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/ and you can follow video instructions on Youtube https://www.youtube.com/watch?v=fBBERp5CUgo",
  5. "Mappings": {
  6. "AWSInstanceType2Arch": {
  7. "High.Speed.VPN-Paid": {
  8. "InstanceType": "t2.medium"
  9. },
  10. "Standard.VPN-Free": {
  11. "InstanceType": "t2.micro"
  12. },
  13. "Ultra.High.Speed.VPN-Paid": {
  14. "InstanceType": "m3.xlarge"
  15. }
  16. },
  17. "AWSRegionArch2AMI": {
  18. "ap-northeast-1": {
  19. "HVM64": "ami-20b6aa21"
  20. },
  21. "ap-southeast-1": {
  22. "HVM64": "ami-ca381398"
  23. },
  24. "ap-southeast-2": {
  25. "HVM64": "ami-abeb9e91"
  26. },
  27. "eu-central-1": {
  28. "HVM64": "ami-9a380b87"
  29. },
  30. "eu-west-1": {
  31. "HVM64": "ami-234ecc54"
  32. },
  33. "sa-east-1": {
  34. "HVM64": "ami-69f54974"
  35. },
  36. "us-east-1": {
  37. "HVM64": "ami-9a562df2"
  38. },
  39. "us-west-1": {
  40. "HVM64": "ami-5c120b19"
  41. },
  42. "us-west-2": {
  43. "HVM64": "ami-29ebb519"
  44. }
  45. }
  46. },
  47. "Outputs": {
  48. "VPNServerAddress": {
  49. "Description": "Use the IP as Server Address or VPN Host",
  50. "Value": {
  51. "Fn::Join": [
  52. "",
  53. [
  54. "",
  55. {
  56. "Fn::GetAtt": [
  57. "VPNServerInstance",
  58. "PublicIp"
  59. ]
  60. }
  61. ]
  62. ]
  63. }
  64. }
  65. },
  66. "Parameters": {
  67. "KeyName": {
  68. "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
  69. "Type": "AWS::EC2::KeyPair::KeyName",
  70. "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
  71. },
  72. "Speed": {
  73. "AllowedValues": [
  74. "Standard.VPN-Free",
  75. "High.Speed.VPN-Paid",
  76. "Ultra.High.Speed.VPN-Paid"
  77. ],
  78. "Default": "Standard.VPN-Free",
  79. "Description": "Network Speed of VPN Server. Standard should do for most browsing and video.",
  80. "Type": "String"
  81. },
  82. "Username": {
  83. "AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*",
  84. "ConstraintDescription": "must begin with a letter and contain only alphanumeric characters.",
  85. "Description": "VPN Username",
  86. "MaxLength": "255",
  87. "MinLength": "1",
  88. "Type": "String"
  89. },
  90. "VPNPassword": {
  91. "ConstraintDescription": "must contain atleast 4 characters.",
  92. "Description": "VPN Password (Min 4 characters)",
  93. "MaxLength": "255",
  94. "MinLength": "4",
  95. "NoEcho": "true",
  96. "Type": "String"
  97. },
  98. "VPNPhrase": {
  99. "ConstraintDescription": "must contain atleast 4 characters.",
  100. "Description": "Passphrase for IPSEC PSK (Min 4 characters)",
  101. "MaxLength": "255",
  102. "MinLength": "4",
  103. "NoEcho": "true",
  104. "Type": "String"
  105. }
  106. },
  107. "Resources": {
  108. "VPNSecurityGroup": {
  109. "Properties": {
  110. "GroupDescription": "VPN Security Groups",
  111. "SecurityGroupIngress": [
  112. {
  113. "CidrIp": "0.0.0.0/0",
  114. "FromPort": "500",
  115. "IpProtocol": "tcp",
  116. "ToPort": "500"
  117. },
  118. {
  119. "CidrIp": "0.0.0.0/0",
  120. "FromPort": "500",
  121. "IpProtocol": "udp",
  122. "ToPort": "500"
  123. },
  124. {
  125. "CidrIp": "0.0.0.0/0",
  126. "FromPort": "4500",
  127. "IpProtocol": "udp",
  128. "ToPort": "4500"
  129. },
  130. {
  131. "CidrIp": "0.0.0.0/0",
  132. "FromPort": "1723",
  133. "IpProtocol": "tcp",
  134. "ToPort": "1723"
  135. },
  136. {
  137. "CidrIp": "0.0.0.0/0",
  138. "FromPort": "1723",
  139. "IpProtocol": "udp",
  140. "ToPort": "1723"
  141. }
  142. ]
  143. },
  144. "Type": "AWS::EC2::SecurityGroup"
  145. },
  146. "VPNServerInstance": {
  147. "Properties": {
  148. "ImageId": {
  149. "Fn::FindInMap": [
  150. "AWSRegionArch2AMI",
  151. {
  152. "Ref": "AWS::Region"
  153. },
  154. "HVM64"
  155. ]
  156. },
  157. "InstanceType": {
  158. "Fn::FindInMap": [
  159. "AWSInstanceType2Arch",
  160. {
  161. "Ref": "Speed"
  162. },
  163. "InstanceType"
  164. ]
  165. },
  166. "SecurityGroups": [
  167. {
  168. "Ref": "VPNSecurityGroup"
  169. }
  170. ],
  171. "UserData": {
  172. "Fn::Base64": {
  173. "Fn::Join": [
  174. "",
  175. [
  176. "#!/bin/sh\n",
  177. "VPN_USER=",
  178. {
  179. "Ref": "Username"
  180. },
  181. "\n",
  182. "VPN_PASSWORD=",
  183. {
  184. "Ref": "VPNPassword"
  185. },
  186. "\n",
  187. "IPSEC_PSK=",
  188. {
  189. "Ref": "VPNPhrase"
  190. },
  191. "\n",
  192. "\n",
  193. "# Update server\n",
  194. "apt-get update && apt-get upgrade -y\n",
  195. "\n",
  196. "# VPN 1 - Setup L2TP-IPSEC\n",
  197. "PRIVATE_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/local-ipv4'`\n",
  198. "PUBLIC_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/public-ipv4'`\n",
  199. "\n",
  200. "apt-get install -y openswan xl2tpd\n",
  201. "\n",
  202. "cat > /etc/ipsec.conf <<EOF\n",
  203. "version 2.0\n",
  204. "\n",
  205. "config setup\n",
  206. " dumpdir=/var/run/pluto/\n",
  207. " nat_traversal=yes\n",
  208. " virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10\n",
  209. " oe=off\n",
  210. " protostack=netkey\n",
  211. " nhelpers=0\n",
  212. " interfaces=%defaultroute\n",
  213. "\n",
  214. "conn vpnpsk\n",
  215. " auto=add\n",
  216. " left=$PRIVATE_IP\n",
  217. " leftid=$PUBLIC_IP\n",
  218. " leftsubnet=$PRIVATE_IP/32\n",
  219. " leftnexthop=%defaultroute\n",
  220. " leftprotoport=17/1701\n",
  221. " rightprotoport=17/%any\n",
  222. " right=%any\n",
  223. " rightsubnetwithin=0.0.0.0/0\n",
  224. " forceencaps=yes\n",
  225. " authby=secret\n",
  226. " pfs=no\n",
  227. " type=transport\n",
  228. " auth=esp\n",
  229. " ike=3des-sha1\n",
  230. " phase2alg=3des-sha1\n",
  231. " dpddelay=30\n",
  232. " dpdtimeout=120\n",
  233. " dpdaction=clear\n",
  234. "EOF\n",
  235. "\n",
  236. "cat > /etc/ipsec.secrets <<EOF\n",
  237. "$PUBLIC_IP %any : PSK \"$IPSEC_PSK\"\n",
  238. "EOF\n",
  239. "\n",
  240. "cat > /etc/xl2tpd/xl2tpd.conf <<EOF\n",
  241. "[global]\n",
  242. "port = 1701\n",
  243. "\n",
  244. ";debug avp = yes\n",
  245. ";debug network = yes\n",
  246. ";debug state = yes\n",
  247. ";debug tunnel = yes\n",
  248. "\n",
  249. "[lns default]\n",
  250. "ip range = 192.168.42.10-192.168.42.250\n",
  251. "local ip = 192.168.42.1\n",
  252. "require chap = yes\n",
  253. "refuse pap = yes\n",
  254. "require authentication = yes\n",
  255. "name = l2tpd\n",
  256. ";ppp debug = yes\n",
  257. "pppoptfile = /etc/ppp/options.xl2tpd\n",
  258. "length bit = yes\n",
  259. "EOF\n",
  260. "\n",
  261. "cat > /etc/ppp/options.xl2tpd <<EOF\n",
  262. "ipcp-accept-local\n",
  263. "ipcp-accept-remote\n",
  264. "ms-dns 8.8.8.8\n",
  265. "ms-dns 8.8.4.4\n",
  266. "noccp\n",
  267. "auth\n",
  268. "crtscts\n",
  269. "idle 1800\n",
  270. "mtu 1280\n",
  271. "mru 1280\n",
  272. "lock\n",
  273. "connect-delay 5000\n",
  274. "EOF\n",
  275. "\n",
  276. "cat > /etc/ppp/chap-secrets <<EOF\n",
  277. "# Secrets for authentication using CHAP\n",
  278. "# client\tserver\tsecret\t\t\tIP addresses\n",
  279. "\n",
  280. "$VPN_USER\tl2tpd $VPN_PASSWORD *\n",
  281. "EOF\n",
  282. "\n",
  283. "iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE\n",
  284. "echo 1 > /proc/sys/net/ipv4/ip_forward\n",
  285. "\n",
  286. "iptables-save > /etc/iptables.rules\n",
  287. "\n",
  288. "cat > /etc/network/if-pre-up.d/iptablesload <<EOF\n",
  289. "#!/bin/sh\n",
  290. "iptables-restore < /etc/iptables.rules\n",
  291. "echo 1 > /proc/sys/net/ipv4/ip_forward\n",
  292. "exit 0\n",
  293. "EOF\n",
  294. "\n",
  295. "chmod a+x /etc/network/if-pre-up.d/iptablesload\n",
  296. "\n",
  297. "/etc/init.d/ipsec restart\n",
  298. "/etc/init.d/xl2tpd restart\n",
  299. "\n",
  300. "#VPN 2 - Setup PPTP Server\n",
  301. "apt-get install pptpd -y\n",
  302. "echo \"localip 10.0.0.1\" >> /etc/pptpd.conf\n",
  303. "echo \"remoteip 10.0.0.100-200\" >> /etc/pptpd.conf\n",
  304. "echo \"$VPN_USER pptpd $VPN_PASSWORD *\" >> /etc/ppp/chap-secrets\n",
  305. "echo \"ms-dns 8.8.8.8\" >> /etc/ppp/pptpd-options\n",
  306. "echo \"ms-dns 8.8.4.4\" >> /etc/ppp/pptpd-options\n",
  307. "service pptpd restart\n",
  308. "\n",
  309. "echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n",
  310. "sysctl -p\n",
  311. "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save\n"
  312. ]
  313. ]
  314. }
  315. }
  316. },
  317. "Type": "AWS::EC2::Instance"
  318. }
  319. }
  320. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!