cookbook 'l2tp-ipsec', '~> 0.1.0'
l2tp-ipsec (1) Versions 0.1.0 Follow1
Installs/Configures l2tp-ipsec
cookbook 'l2tp-ipsec', '~> 0.1.0', :supermarket
knife supermarket install l2tp-ipsec
knife supermarket download l2tp-ipsec
l2tp-ipsec cookbook
Cookbook to create a L2TP/IPSEC VPN. It installs
-
openswan
- For IPSEC. -
xl2tpd
- For l2tpd.
Requirements
This VPN server requires full virtualization like KVM or XEN. It does not work under OpenVZ.
Recommended cookbooks:
- firewall-ex
- for setting up port forwarding, etc
- monit-ng
- for l2tp-ipsec::monit recipe.
Usage
If you have a unique setup of net interfaces, override private_interface and public_interface as need be.
Set the attribute
preshared_key
-
To add users, fill the node attribute
users
. It accepts an array of users# [ { username: bob, vpn_password: mypass } ]
Attributes
Recipes
default
Just calls install.
install
Installs the packages and configures it. This does not include any iptable or send_redirects management.
To complete the installation, either include the firewall recipe or add your own masquerade routing.
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from the ppp to the outbound link.
-F POSTROUTING
-A POSTROUTING -s <%= @ppp_link_network %> -o <%= @private_interface %> -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
*filter
# Forward packets between the ppp and the external interface
-A -i <%= @private_interface %> -o ppp+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A -i ppp+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A -i ppp+ -o <%= @private_interface %> -j ACCEPT
firewall
Uses the UFW firewall and opens the required ports. Also adds postrouting to the iptables. Also turns off redirects, etc according to
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_14.04.html
monit
Configures monit to watch the ipsec and xl2tpd services.
License & Authors
- Author:: Ted Chen (ted@nephilagraphic.com)
Copyright 2014, Nephila Graphic Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC053: Metadata uses the deprecated "recommends" keyword: l2tp-ipsec/metadata.rb:13
FC053: Metadata uses the deprecated "recommends" keyword: l2tp-ipsec/metadata.rb:16
FC064: Ensure issues_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC065: Ensure source_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC066: Ensure chef_version is set in metadata: l2tp-ipsec/metadata.rb:1
FC069: Ensure standardized license defined in metadata: l2tp-ipsec/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC053: Metadata uses the deprecated "recommends" keyword: l2tp-ipsec/metadata.rb:13
FC053: Metadata uses the deprecated "recommends" keyword: l2tp-ipsec/metadata.rb:16
FC064: Ensure issues_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC065: Ensure source_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC066: Ensure chef_version is set in metadata: l2tp-ipsec/metadata.rb:1
FC069: Ensure standardized license defined in metadata: l2tp-ipsec/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
FC053: Metadata uses the deprecated "recommends" keyword: l2tp-ipsec/metadata.rb:16
FC064: Ensure issues_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC065: Ensure source_url is set in metadata: l2tp-ipsec/metadata.rb:1
FC066: Ensure chef_version is set in metadata: l2tp-ipsec/metadata.rb:1
FC069: Ensure standardized license defined in metadata: l2tp-ipsec/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number