zacharyhaven82 · August 29, 2015 14:09 · Nov 3, 2014 · Oct 8, 2014 · Oct 8, 2014 · Oct 8, 2014
diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -51,8 +51,8 @@ apt-get install xl2tpd -y
 # "service ipsec restart" and "service xl2tpd restart".
 mkdir -p /opt/src
 cd /opt/src
-wget -qO- https://download.libreswan.org/libreswan-3.9.tar.gz | tar xvz
-cd libreswan-3.9
+wget -qO- https://download.libreswan.org/libreswan-3.11.tar.gz | tar xvz
+cd libreswan-3.11
 make programs
 make install
 

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -25,7 +25,7 @@
 if [[ "`uname`" == "Darwin" ]]; then
   echo "DO NOT run this script on your Mac! It should only be run on a newly-created EC2 instance"
   echo "or other dedicated server / VPS, after you have modified it to set the three variables below."
-  echo "Please see detailed instructions at the URLs in the comments above."
+  echo "Please see detailed instructions at the URLs in the comments."
   exit 1
 fi
 

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -23,7 +23,7 @@
 # know how you have improved it! 
 
 if [[ "`uname`" == "Darwin" ]]; then
-  echo "DO NOT run this script on your Mac! This script should only be run on a newly-created EC2 instance"
+  echo "DO NOT run this script on your Mac! It should only be run on a newly-created EC2 instance"
   echo "or other dedicated server / VPS, after you have modified it to set the three variables below."
   echo "Please see detailed instructions at the URLs in the comments above."
   exit 1

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -23,7 +23,9 @@
 # know how you have improved it! 
 
 if [[ "`uname`" == "Darwin" ]]; then
-  echo "Do not run this script on your mac! This script should only be run on a newly-created EC2 instance, after you have modified it to set the three variables below."
+  echo "DO NOT run this script on your Mac! This script should only be run on a newly-created EC2 instance"
+  echo "or other dedicated server / VPS, after you have modified it to set the three variables below."
+  echo "Please see detailed instructions at the URLs in the comments above."
   exit 1
 fi
 

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -5,14 +5,14 @@
 # With minor modifications, this script *can also be used* on dedicated servers
 # or any KVM- or XEN-based Virtual Private Server (VPS) from other providers.
 #
+# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
+# YOUR AMAZON EC2 INSTANCE STARTS!
+#
 # For detailed instructions, please see:
 # https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
 # Original post by Thomas Sarlandie: 
 # http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
 #
-# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
-# YOUR AMAZON EC2 INSTANCE STARTS!
-#
 # Copyright (C) 2014 Lin Song
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
@@ -22,11 +22,19 @@
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it! 
 
+if [[ "`uname`" == "Darwin" ]]; then
+  echo "Do not run this script on your mac! This script should only be run on a newly-created EC2 instance, after you have modified it to set the three variables below."
+  exit 1
+fi
+
 # Please define your own values for those variables
 IPSEC_PSK=your_very_secure_key
 VPN_USER=your_username
 VPN_PASSWORD=your_very_secure_password
 
+# Note: If you need multiple VPN users with different credentials,
+# please see: https://gist.github.com/hwdsl2/123b886f29f4c689f531
+
 # Install necessary packages
 apt-get update
 apt-get install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
@@ -130,9 +138,6 @@ lcp-echo-interval 60
 connect-delay 5000
 EOF
 
-# If you need multiple VPN users with different credentials,
-# please see: https://gist.github.com/hwdsl2/123b886f29f4c689f531
-
 cat > /etc/ppp/chap-secrets <<EOF
 # Secrets for authentication using CHAP
 # client  server  secret  IP addresses

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -5,17 +5,17 @@
 # With minor modifications, this script *can also be used* on dedicated servers
 # or any KVM- or XEN-based Virtual Private Server (VPS) from other providers.
 #
+# For detailed instructions, please see:
+# https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
+# Original post by Thomas Sarlandie: 
+# http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
+#
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
 # YOUR AMAZON EC2 INSTANCE STARTS!
 #
 # Copyright (C) 2014 Lin Song
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
-# For detailed instructions, please see:
-# https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
-# Original post by Thomas Sarlandie: 
-# http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
-#
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
 #
@@ -35,7 +35,10 @@ apt-get install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
         libunbound-dev libnss3-tools wget -y
 apt-get install xl2tpd -y
 
-# Compile and install Libreswan
+# Compile and install Libreswan (https://libreswan.org/)
+# To upgrade Libreswan when a newer version is available, just re-run these
+# six commands with the new download link, and then restart services with
+# "service ipsec restart" and "service xl2tpd restart".
 mkdir -p /opt/src
 cd /opt/src
 wget -qO- https://download.libreswan.org/libreswan-3.9.tar.gz | tar xvz
@@ -127,6 +130,9 @@ lcp-echo-interval 60
 connect-delay 5000
 EOF
 
+# If you need multiple VPN users with different credentials,
+# please see: https://gist.github.com/hwdsl2/123b886f29f4c689f531
+
 cat > /etc/ppp/chap-secrets <<EOF
 # Secrets for authentication using CHAP
 # client  server  secret  IP addresses

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -2,6 +2,8 @@
 #
 # Amazon EC2 user-data file for automatic configuration of IPsec/L2TP VPN
 # on a Ubuntu server instance. Tested with 14.04 (Trusty) AND 12.04 (Precise).
+# With minor modifications, this script *can also be used* on dedicated servers
+# or any KVM- or XEN-based Virtual Private Server (VPS) from other providers.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
 # YOUR AMAZON EC2 INSTANCE STARTS!

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -36,8 +36,8 @@ apt-get install xl2tpd -y
 # Compile and install Libreswan
 mkdir -p /opt/src
 cd /opt/src
-wget -qO- https://download.libreswan.org/libreswan-3.8.tar.gz | tar xvz
-cd libreswan-3.8
+wget -qO- https://download.libreswan.org/libreswan-3.9.tar.gz | tar xvz
+cd libreswan-3.9
 make programs
 make install
 

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -192,7 +192,7 @@ cat > /etc/iptables.rules <<EOF
 -A ICMPALL -p icmp --icmp-type 4 -j ACCEPT
 -A ICMPALL -p icmp --icmp-type 8 -j ACCEPT
 -A ICMPALL -p icmp --icmp-type 11 -j ACCEPT
--A ICMPALL -j DROP
+-A ICMPALL -p icmp -j DROP
 -A ZREJ -p tcp -j REJECT --reject-with tcp-reset 
 -A ZREJ -p udp -j REJECT --reject-with icmp-port-unreachable
 -A ZREJ -j REJECT --reject-with icmp-proto-unreachable

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # Amazon EC2 user-data file for automatic configuration of IPsec/L2TP VPN
-# on a Ubuntu server instance. Tested with 12.04.
+# on a Ubuntu server instance. Tested with 14.04 (Trusty) AND 12.04 (Precise).
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
 # YOUR AMAZON EC2 INSTANCE STARTS!

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -30,7 +30,7 @@ apt-get update
 apt-get install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
         libcap-ng-dev libcap-ng-utils libselinux1-dev \
         libcurl4-nss-dev libgmp3-dev flex bison gcc make \
-        libunbound-dev libnss3-tools -y
+        libunbound-dev libnss3-tools wget -y
 apt-get install xl2tpd -y
 
 # Compile and install Libreswan

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -197,13 +197,6 @@ cat > /etc/iptables.rules <<EOF
 -A ZREJ -p udp -j REJECT --reject-with icmp-port-unreachable
 -A ZREJ -j REJECT --reject-with icmp-proto-unreachable
 COMMIT
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -235,6 +235,7 @@ cat > /etc/rc.local <<EOF
 # By default this script does nothing.
 /usr/sbin/service ipsec restart
 /usr/sbin/service xl2tpd restart
+echo 1 > /proc/sys/net/ipv4/ip_forward
 exit 0
 EOF
 

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -9,9 +9,10 @@
 # Copyright (C) 2014 Lin Song
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
-# For detailed instructions, see my tech blog article:
+# For detailed instructions, please see:
 # https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
-# Original post: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
+# Original post by Thomas Sarlandie: 
+# http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -218,6 +218,7 @@ cat > /etc/network/if-pre-up.d/iptablesload <<EOF
 exit 0
 EOF
 
+/bin/cp -f /etc/rc.local /etc/rc.local.old
 cat > /etc/rc.local <<EOF
 #!/bin/sh -e
 #

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -164,6 +164,7 @@ net.ipv4.tcp_rmem= 10240 87380 12582912
 net.ipv4.tcp_wmem= 10240 87380 12582912
 EOF
 
+/bin/cp -f /etc/iptables.rules /etc/iptables.rules.old
 cat > /etc/iptables.rules <<EOF
 *filter
 :INPUT ACCEPT [0:0]

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -6,10 +6,12 @@
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
 # YOUR AMAZON EC2 INSTANCE STARTS!
 #
-# Copyright (C) 2014 Lin Song. Based on the work of Thomas Sarlandie (Copyright 2012)
+# Copyright (C) 2014 Lin Song
+# Based on the work of Thomas Sarlandie (Copyright 2012)
+#
 # For detailed instructions, see my tech blog article:
 # https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
-# Original post at: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
+# Original post: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -8,8 +8,8 @@
 #
 # Copyright (C) 2014 Lin Song. Based on the work of Thomas Sarlandie (Copyright 2012)
 # For detailed instructions, see my tech blog article:
-# 
-# Also see: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
+# https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
+# Original post at: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/

diff --git a/vpnsetup.sh b/vpnsetup.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Amazon EC2 user-data file for automatic configuration of a VPN
+# Amazon EC2 user-data file for automatic configuration of IPsec/L2TP VPN
 # on a Ubuntu server instance. Tested with 12.04.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 

diff --git a/...all Script for Ubuntu 12.04 on Amazon EC2 → vpnsetup.sh b/...all Script for Ubuntu 12.04 on Amazon EC2 → vpnsetup.sh
diff --git a/IPSec L2TP VPN Auto Install Script for Ubuntu 12.04 on Amazon EC2 b/IPSec L2TP VPN Auto Install Script for Ubuntu 12.04 on Amazon EC2
@@ -0,0 +1,247 @@
+#!/bin/sh
+#
+# Amazon EC2 user-data file for automatic configuration of a VPN
+# on a Ubuntu server instance. Tested with 12.04.
+#
+# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN WHEN 
+# YOUR AMAZON EC2 INSTANCE STARTS!
+#
+# Copyright (C) 2014 Lin Song. Based on the work of Thomas Sarlandie (Copyright 2012)
+# For detailed instructions, see my tech blog article:
+# 
+# Also see: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md
+#
+# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 
+# Unported License: http://creativecommons.org/licenses/by-sa/3.0/
+#
+# Attribution required: please include my name in any derivative and let me
+# know how you have improved it! 
+
+# Please define your own values for those variables
+IPSEC_PSK=your_very_secure_key
+VPN_USER=your_username
+VPN_PASSWORD=your_very_secure_password
+
+# Install necessary packages
+apt-get update
+apt-get install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
+        libcap-ng-dev libcap-ng-utils libselinux1-dev \
+        libcurl4-nss-dev libgmp3-dev flex bison gcc make \
+        libunbound-dev libnss3-tools -y
+apt-get install xl2tpd -y
+
+# Compile and install Libreswan
+mkdir -p /opt/src
+cd /opt/src
+wget -qO- https://download.libreswan.org/libreswan-3.8.tar.gz | tar xvz
+cd libreswan-3.8
+make programs
+make install
+
+# Those two variables will be found automatically
+PRIVATE_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/local-ipv4'`
+PUBLIC_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/public-ipv4'`
+
+# Prepare various config files
+cat > /etc/ipsec.conf <<EOF
+version 2.0
+
+config setup
+  dumpdir=/var/run/pluto/
+  nat_traversal=yes
+  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
+  oe=off
+  protostack=netkey
+  nhelpers=0
+  interfaces=%defaultroute
+
+conn vpnpsk
+  connaddrfamily=ipv4
+  auto=add
+  left=$PRIVATE_IP
+  leftid=$PUBLIC_IP
+  leftsubnet=$PRIVATE_IP/32
+  leftnexthop=%defaultroute
+  leftprotoport=17/1701
+  rightprotoport=17/%any
+  right=%any
+  rightsubnetwithin=0.0.0.0/0
+  forceencaps=yes
+  authby=secret
+  pfs=no
+  type=transport
+  auth=esp
+  ike=3des-sha1,aes-sha1
+  phase2alg=3des-sha1,aes-sha1
+  rekey=no
+  keyingtries=5
+  dpddelay=30
+  dpdtimeout=120
+  dpdaction=clear
+EOF
+
+cat > /etc/ipsec.secrets <<EOF
+$PUBLIC_IP  %any  : PSK "$IPSEC_PSK"
+EOF
+
+cat > /etc/xl2tpd/xl2tpd.conf <<EOF
+[global]
+port = 1701
+
+;debug avp = yes
+;debug network = yes
+;debug state = yes
+;debug tunnel = yes
+
+[lns default]
+ip range = 192.168.42.10-192.168.42.250
+local ip = 192.168.42.1
+require chap = yes
+refuse pap = yes
+require authentication = yes
+name = l2tpd
+;ppp debug = yes
+pppoptfile = /etc/ppp/options.xl2tpd
+length bit = yes
+EOF
+
+cat > /etc/ppp/options.xl2tpd <<EOF
+ipcp-accept-local
+ipcp-accept-remote
+ms-dns 8.8.8.8
+ms-dns 8.8.4.4
+noccp
+auth
+crtscts
+idle 1800
+mtu 1280
+mru 1280
+lock
+lcp-echo-failure 10
+lcp-echo-interval 60
+connect-delay 5000
+EOF
+
+cat > /etc/ppp/chap-secrets <<EOF
+# Secrets for authentication using CHAP
+# client  server  secret  IP addresses
+
+$VPN_USER  l2tpd  $VPN_PASSWORD  *
+EOF
+
+/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.old
+cat > /etc/sysctl.conf <<EOF
+kernel.sysrq = 0
+kernel.core_uses_pid = 1
+net.ipv4.tcp_syncookies = 1
+kernel.msgmnb = 65536
+kernel.msgmax = 65536
+kernel.shmmax = 68719476736
+kernel.shmall = 4294967296
+net.ipv4.ip_forward = 1
+net.ipv4.conf.all.accept_source_route = 0
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.all.log_martians = 1
+net.ipv4.conf.default.log_martians = 1
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.conf.all.rp_filter = 0
+net.ipv4.conf.default.rp_filter = 0
+net.ipv6.conf.all.disable_ipv6=1
+net.ipv6.conf.default.disable_ipv6=1
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.conf.all.secure_redirects = 0
+net.ipv4.conf.default.secure_redirects = 0
+kernel.randomize_va_space = 1
+net.core.wmem_max=12582912
+net.core.rmem_max=12582912
+net.ipv4.tcp_rmem= 10240 87380 12582912
+net.ipv4.tcp_wmem= 10240 87380 12582912
+EOF
+
+cat > /etc/iptables.rules <<EOF
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:ICMPALL - [0:0]
+:ZREJ - [0:0]
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp --icmp-type 255 -j ICMPALL
+-A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
+-A INPUT -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
+-A INPUT -p udp --dport 1701 -j DROP
+-A INPUT -j ZREJ
+-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i ppp+ -o eth+ -j ACCEPT
+-A FORWARD -j ZREJ
+-A ICMPALL -p icmp --fragment -j DROP        
+-A ICMPALL -p icmp --icmp-type 0 -j ACCEPT
+-A ICMPALL -p icmp --icmp-type 3 -j ACCEPT
+-A ICMPALL -p icmp --icmp-type 4 -j ACCEPT
+-A ICMPALL -p icmp --icmp-type 8 -j ACCEPT
+-A ICMPALL -p icmp --icmp-type 11 -j ACCEPT
+-A ICMPALL -j DROP
+-A ZREJ -p tcp -j REJECT --reject-with tcp-reset 
+-A ZREJ -p udp -j REJECT --reject-with icmp-port-unreachable
+-A ZREJ -j REJECT --reject-with icmp-proto-unreachable
+COMMIT
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source ${PRIVATE_IP}
+COMMIT
+EOF
+
+cat > /etc/network/if-pre-up.d/iptablesload <<EOF
+#!/bin/sh
+/sbin/iptables-restore < /etc/iptables.rules
+exit 0
+EOF
+
+cat > /etc/rc.local <<EOF
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+/usr/sbin/service ipsec restart
+/usr/sbin/service xl2tpd restart
+exit 0
+EOF
+
+if [ ! -f /etc/ipsec.d/cert8.db ] ; then
+   echo > /var/tmp/libreswan-nss-pwd
+   /usr/bin/certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
+   /bin/rm -f /var/tmp/libreswan-nss-pwd
+fi
+
+/sbin/sysctl -p
+/bin/chmod +x /etc/network/if-pre-up.d/iptablesload
+/sbin/iptables-restore < /etc/iptables.rules
+
+/usr/sbin/service ipsec restart
+/usr/sbin/service xl2tpd restart
No results found