LiittleCookie/vpn-install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

iptables rules if default policies are DROP, checkserver for ipsec bugfix

Browse Source
This commit is contained in:
bedefaced 2017-04-20 22:48:01 +03:00
parent 655f33b8f2
commit 3075a20c6b
4 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipsec/checkserver.sh
View File

@ -6,7 +6,7 @@ if [ $? -eq 1 ]; then
/etc/init.d/xl2tpd restart /etc/init.d/xl2tpd restart
fi fi
RET=$(pgrep strongswan) RET=$(pgrep starter)
if [ $? -eq 1 ]; then if [ $? -eq 1 ]; then
/etc/init.d/strongswan restart /etc/init.d/strongswan restart

19
ipsec/iptables-setup.sh
View File

@ -57,6 +57,9 @@ else
iptables -D FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP iptables -D FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
fi fi
# Enable forwarding
iptables -A FORWARD -j ACCEPT
# MSS Clamping # MSS Clamping
iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
@ -65,7 +68,21 @@ iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT iptables -A OUTPUT -o ppp+ -j ACCEPT
# XL2TPD # XL2TPD
iptables -A INPUT -p tcp --dport 1701 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 1701 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1701 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1701 -j ACCEPT
# IPSEC
iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 500 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 4500 -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
iptables -A OUTPUT -p esp -j ACCEPT
iptables -A INPUT -p ah -j ACCEPT
iptables -A OUTPUT -p ah -j ACCEPT
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

6
openvpn/iptables-setup.sh
View File

@ -62,6 +62,9 @@ else
iptables -D FORWARD -i tun+ -o tun+ -j DROP iptables -D FORWARD -i tun+ -o tun+ -j DROP
fi fi
# Enable forwarding
iptables -A FORWARD -j ACCEPT
# MSS Clamping # MSS Clamping
iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
@ -70,7 +73,8 @@ iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT
# OpenVPN # OpenVPN
iptables -A INPUT -p udp --dport 1194 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

10
pptp/iptables-setup.sh
View File

@ -55,6 +55,9 @@ else
iptables -D FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP iptables -D FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
fi fi
# Enable forwarding
iptables -A FORWARD -j ACCEPT
# MSS Clamping # MSS Clamping
iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
@ -63,11 +66,12 @@ iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT iptables -A OUTPUT -o ppp+ -j ACCEPT
# PPTP # PPTP
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT
# GRE # GRE
iptables -A INPUT -p 47 -j ACCEPT iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT iptables -A OUTPUT -p gre -j ACCEPT
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F