Skip to content

Create an IPsec+L2TP VPN to your Joyent Public Cloud Ubuntu VM

Notifications You must be signed in to change notification settings

ryancnelson/jpc-l2tp-ipsec

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 

Repository files navigation

This is a project to create a Makefile that'll bootstrap a newly-provisioned
Ubuntu 12.x VM in the Joyent Public Cloud (at http://my.joyentcloud.com ) into
a working IPSec+L2TP VPN gateway, suitable for connecting your Mac OSX 
computer, or iPhone/iPad to.
(this probably works with windows and other vpn clients, too, though)

How to use this:

- provision new ubuntu 12.04 image in JPC and log into it
- apt-get update
- apt-get install git make
- git clone https://[email protected]/ryancnelson/jpc-l2tp-ipsec.git
- cd jpc-l2tp-ipsec
- make
   (here, it tells you "you need to run 'make updateto386' to update your kernel")
- do that:  make updateto386
- reboot, then login again in 30 seconds
- cd jpc-l2tp-ipsec
- make
- answer the questions about creating an X.509 certificate with "No"
  (just hit return, then again for "ok")

- set up your Mac to connect an IPsec+L2TP VPN to the IP Address given, 
  with shared secret "letmein", and default username/password "archer/dutchess"

see http://ryan.net/misc/skitch/ipsec_L2TP_vpn_mac-20130324-233228.jpg 
for a screenshot of where to set this up on your Mac
(on the Mac, click "Advanced" and check "Send all traffic over VPN connection"
unless you want to add your own routes, manually.)

--------

What this is doing:

0.  Upgrades your Ubuntu Kernel to something newer with /dev/ppp installed
    (UPDATE: May 2013 -- There exists now a Joyent Ubuntu VM image that's already got a suitable kernel installed.
    I believe it's "Ubuntu 12.04 v 2.4.2")

1.  Sets up IPSec on your VM with a PSK shared-secret.  This is "letmein"
    (you should change this.  look in /etc/ipsec.secrets )

2.  Sets up L2TP tunneling and a username/password for that ppp-over-IPsec
    connection. This is "archer/dutchess". 
    (you should change this.  look in /etc/ppp/chap-secrets )

3.  Adds a "SNAT" rule on your Linux VM's iptables setup to allow any packets
    forwarded over the tunnel to go out to the internet, as if they were
    sourced from your VM's IP itself.  This lets you "surf through your VPN
    tunnel."

One other note for SmartOS users: because this SNAT is a "one-way NAT"
(outbound through your VPN tunnel), we never are sourcing TCP packets with
anything other than your SmartDataCenter "blessed" public IP.  This means
that this solution works fine without having to disable any of the "IP anti-spoof"
rules, and works for any VM in the Joyent Public Cloud, not just enterprise 
VLAN customers.

That's it... let me know if it's helpful for you.
I'm "@ryancnelson" on twitter, and "ryancnelson" on irc.freenode.net in #smartos

About

Create an IPsec+L2TP VPN to your Joyent Public Cloud Ubuntu VM

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published