14 lines
675 B
Bash
Executable file
14 lines
675 B
Bash
Executable file
#!/bin/bash
|
|
|
|
# https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
|
|
# Continue reading: https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIP
|
|
sysctl net.ipv4.ip_forward=1
|
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
|
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
|
|
|
|
# hotfix for openssl `unable to write 'random state'` stderr
|
|
SHARED_SECRET="123$(openssl rand -base64 32 2>/dev/null)"
|
|
[ -f /etc/ipsec.secrets ] || echo ": PSK \"${SHARED_SECRET}\"" > /etc/ipsec.secrets
|
|
|
|
# http://wiki.loopop.net/doku.php?id=server:vpn:strongswanonopenvz
|
|
/usr/sbin/ipsec start --nofork
|