Komodo / ad2mt-site-install

Download as
Browse Code ยป

Commit 520b00613624b687f8287e667af3088375e2e4a0

Authored by Adhidarma Hadiwinoto
1 parent bc851e628b
Exists in master

VPNC systemd service optimized

Showing 1 changed file with 2 additions and 0 deletions Inline Diff

1 #!/bin/bash 1 #!/bin/bash
2 2
3 echo 3 echo
4 echo ================ 4 echo ================
5 echo Tektrans - Finnet AD2MT VPNC configurator 5 echo Tektrans - Finnet AD2MT VPNC configurator
6 echo ================ 6 echo ================
7 echo 7 echo
8 8
9 read -p 'VPNC username: ' vpncuser < /dev/tty 9 read -p 'VPNC username: ' vpncuser < /dev/tty
10 if [ -z "$vpncuser" ]; then 10 if [ -z "$vpncuser" ]; then
11 echo "Invalid vpnc user"; 11 echo "Invalid vpnc user";
12 exit 12 exit
13 fi 13 fi
14 14
15 read -p 'VPNC password: ' vpncpass < /dev/tty 15 read -p 'VPNC password: ' vpncpass < /dev/tty
16 if [ -z "$vpncpass" ]; then 16 if [ -z "$vpncpass" ]; then
17 echo "Invalid vpnc password"; 17 echo "Invalid vpnc password";
18 exit 18 exit
19 fi 19 fi
20 20
21 read -p 'IPSEC secret: ' ipsecsecret < /dev/tty 21 read -p 'IPSEC secret: ' ipsecsecret < /dev/tty
22 if [ -z "$ipsecsecret" ]; then 22 if [ -z "$ipsecsecret" ]; then
23 echo "Invalid ipssec secret"; 23 echo "Invalid ipssec secret";
24 exit 24 exit
25 fi 25 fi
26 26
27 27
28 set -x 28 set -x
29 29
30 sudo yum -y install vpnc 30 sudo yum -y install vpnc
31 31
32 sudo tee /etc/systemd/system/vpnc@.service << EOF 32 sudo tee /etc/systemd/system/vpnc@.service << EOF
33 [Unit] 33 [Unit]
34 Description=VPNC Client %i 34 Description=VPNC Client %i
35 After=syslog.target network.target 35 After=syslog.target network.target
36 StartLimitIntervalSec=0
36 37
37 [Service] 38 [Service]
38 Type=simple 39 Type=simple
39 ExecStart=/usr/sbin/vpnc --no-detach --ifname tun-%i %i 40 ExecStart=/usr/sbin/vpnc --no-detach --ifname tun-%i %i
40 Restart=always 41 Restart=always
41 User=root 42 User=root
42 Group=root 43 Group=root
44 RestartSec=2
43 45
44 [Install] 46 [Install]
45 WantedBy=multi-user.target 47 WantedBy=multi-user.target
46 EOF 48 EOF
47 49
48 sudo tee /etc/vpnc/ad2mt.conf << EOF 50 sudo tee /etc/vpnc/ad2mt.conf << EOF
49 IPSec gateway vpn.finnet.co.id 51 IPSec gateway vpn.finnet.co.id
50 IPSec ID ad2mt 52 IPSec ID ad2mt
51 Domain WORKGROUP 53 Domain WORKGROUP
52 Vendor cisco 54 Vendor cisco
53 NAT Traversal Mode natt 55 NAT Traversal Mode natt
54 IKE DH Group dh2 56 IKE DH Group dh2
55 Perfect Forward Secrecy server 57 Perfect Forward Secrecy server
56 Local Addr 0.0.0.0 58 Local Addr 0.0.0.0
57 Local Port 500 59 Local Port 500
58 Cisco UDP Encapsulation Port 10000 60 Cisco UDP Encapsulation Port 10000
59 DPD idle timeout (our side) 300 61 DPD idle timeout (our side) 300
60 IKE Authmode psk 62 IKE Authmode psk
61 IPSEC target network 0.0.0.0/0.0.0.0 63 IPSEC target network 0.0.0.0/0.0.0.0
62 EOF 64 EOF
63 65
64 echo Xauth username $vpncuser | sudo tee -a /etc/vpnc/ad2mt.conf 66 echo Xauth username $vpncuser | sudo tee -a /etc/vpnc/ad2mt.conf
65 echo Xauth password $vpncpass | sudo tee -a /etc/vpnc/ad2mt.conf 67 echo Xauth password $vpncpass | sudo tee -a /etc/vpnc/ad2mt.conf
66 echo IPSec secret $ipsecsecret | sudo tee -a /etc/vpnc/ad2mt.conf 68 echo IPSec secret $ipsecsecret | sudo tee -a /etc/vpnc/ad2mt.conf
67 69
68 sudo systemctl daemon-reload 70 sudo systemctl daemon-reload
69 sudo systemctl enable vpnc@ad2mt 71 sudo systemctl enable vpnc@ad2mt
70 sudo systemctl restart vpnc@ad2mt 72 sudo systemctl restart vpnc@ad2mt
71 73
72 echo 74 echo
73 cat /etc/vpnc/ad2mt.conf 75 cat /etc/vpnc/ad2mt.conf
74 76