1
mirror of git://git.acid.vegas/random.git synced 2024-12-04 13:36:39 +00:00

Added a little GRE tunnel doc for blowfish

This commit is contained in:
Dionysus 2023-10-30 16:09:36 -04:00
parent 1dbed14081
commit 5e548b817c
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE

62
docs/vpstun.md Normal file
View File

@ -0,0 +1,62 @@
## 1. Set up the GRE Tunnel
###### Source
```shell
ip tunnel add gre1 mode gre remote [VPS2_PUBLIC_IP] local [VPS1_PUBLIC_IP] ttl 255
ip link set gre1 up
ip addr add [LOCAL_TUNNEL_IP1]/32 dev gre1
```
###### Destination
```shell
ip tunnel add gre1 mode gre remote [VPS1_PUBLIC_IP] local [VPS2_PUBLIC_IP] ttl 255
ip link set gre1 up
ip addr add [LOCAL_TUNNEL_IP2]/32 dev gre1
```
## 2. Set up IPsec
This is for securing the GRE tunnel. StrongSwan is a popular tool for IPsec.
1. `nano /etc/ipsec.conf` *(Both servers)*
```
conn gre-tunnel
left=[VPS1_PUBLIC_IP]
leftsubnet=[VPS1_LOCAL_NETWORK]
right=[VPS2_PUBLIC_IP]
rightsubnet=[VPS2_LOCAL_NETWORK]
authby=secret
keyexchange=ikev2
ikelifetime=1h
keylife=20m
keyingtries=3
auto=start
esp=aes128-sha1-modp1024!
ike=aes128-sha1-modp1024!
```
2. `nano /etc/ipsec.secrets`
```
[VPS1_PUBLIC_IP] [VPS2_PUBLIC_IP] : PSK "YourStrongSecretKey"
```
3. `systemctl restart strongswan`
## 3. Forward Traffic
###### Source
```shell
iptables -t nat -A POSTROUTING -o gre1 -j MASQUERADE
iptables -A FORWARD -i gre1 -j ACCEPT
```
###### Destination
```shell
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i gre1 -j ACCEPT
```
###### Both servers
`echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf` *(Permanent)*
or..
`echo 1 > /proc/sys/net/ipv4/ip_forward` *(Temporary)*
and then run `sysctl -p`