A semi-automated shell installation script for IKEv2 VPN server.
A VPN (Virtual Private Network) server can serve several purposes. Conventionally used within organisations to restrict traffic from external clients through a single authenticated entry point, VPNs also serve to encrypt traffic between client and server. More recently, VPNs have gained notoriety in providing encrypted tunnels to mask traffic and bypass geographical filters/blocking.
This script will install the open source StrongSwan server, using password based EAP authentication with the addition of the free Let's Encrypt SSL certificates.
There are numerous protocols that VPNs can use (such as IKEv2, OpenVPN, PPTP), here is a quick summary of the main protocols.
Protocol Name | Use | Reason |
---|---|---|
PPTP | No | Compromised by the National Security Agency (NSA). |
L2TP/IPSec | No | Might be compromised by the National Security Agency (NSA). |
SSTP | No | Windows Only. |
OpenVPN | Yes | Widely used, however third party clients required. |
IKEv2 | Yes | Secure, supporting wide variety of cipher suites and has support to keep tunnels open during network switches (e.g. Wifi to 3/4G.) Not fully supported natively by all systems. |
As IKEv2 becomes more widely supported the remaining few systems (i.e. Android) should begin to add native support. Until then, third party applications are available to support protocol.
Further improvements and fixes are welcomed via pull requests.
To run a scrip the following process should be followed:
-
Ensure Port 443 is allowed through your firewall.
-
Install wget on your server.
For CentOS 7:
yum install -y wget
- Use wget to download script for your OS.
For CentOS 7:
wget https://raw.githubusercontent.com/ScottHorner/IKEv2-VPN-Server/master/Linux/CentOS-7.sh
- Grant script required permissions.
For CentOS 7:
chmod u+x CentOS-7.sh
- Run script and follow instructions.
For CentOS 7:
./CentOS-7.sh
- Configure users.
For CentOS 7:
vi /etc/strongswan/ipsec.secrets
And enter to the following:
# ipsec.secrets - strongSwan IPsec secrets file
: RSA privkey.pem
# VPN Users
<USERNAME> : EAP "<PLAIN TEXT PASSWORD>"
After saving and exiting the file, type strongswan rereadsecrets
- CentOS 7
- These scripts have been tested on a locally hosted virtual machine of the operating system. However, slight differences may occur in live production environments. If an error occurs, please raise an issue with as much detail as possible .*