acidvegas/random
acidvegas
/
random
mirror of git://git.acid.vegas/random.git
1
Fork 0
Code Issues Activity
random/docs/vpstun.md

1.4 KiB
Raw Permalink Blame History

1. Set up the GRE Tunnel

Source
ip tunnel add gre1 mode gre remote [VPS2_PUBLIC_IP] local [VPS1_PUBLIC_IP] ttl 255
ip link set gre1 up
ip addr add [LOCAL_TUNNEL_IP1]/32 dev gre1
Destination
ip tunnel add gre1 mode gre remote [VPS1_PUBLIC_IP] local [VPS2_PUBLIC_IP] ttl 255
ip link set gre1 up
ip addr add [LOCAL_TUNNEL_IP2]/32 dev gre1

2. Set up IPsec

This is for securing the GRE tunnel. StrongSwan is a popular tool for IPsec.

  1. nano /etc/ipsec.conf (Both servers)
conn gre-tunnel
    left=[VPS1_PUBLIC_IP]
    leftsubnet=[VPS1_LOCAL_NETWORK]
    right=[VPS2_PUBLIC_IP]
    rightsubnet=[VPS2_LOCAL_NETWORK]
    authby=secret
    keyexchange=ikev2
    ikelifetime=1h
    keylife=20m
    keyingtries=3
    auto=start
    esp=aes128-sha1-modp1024!
    ike=aes128-sha1-modp1024!
  1. nano /etc/ipsec.secrets
[VPS1_PUBLIC_IP] [VPS2_PUBLIC_IP] : PSK "YourStrongSecretKey"
  1. systemctl restart strongswan

3. Forward Traffic

Source
iptables -t nat -A POSTROUTING -o gre1 -j MASQUERADE
iptables -A FORWARD -i gre1 -j ACCEPT
Destination
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i gre1 -j ACCEPT
Both servers

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf (Permanent)

or..

echo 1 > /proc/sys/net/ipv4/ip_forward (Temporary)

and then run sysctl -p