mirror of
https://github.com/eworm-de/routeros-scripts.git
synced 2026-02-23 16:49:35 +00:00
vpn-sstp-configurator: add script
This commit is contained in:
cattalurdai
parent
9c899f871d
commit
fe2815b7ff
3 changed files with 160 additions and 0 deletions
125
vpn-sstp-configurator.rsc
Normal file
125
vpn-sstp-configurator.rsc
Normal file
|
|
@ -0,0 +1,125 @@
|
|||
{
|
||||
:put ""
|
||||
:put "- Welcome to SSTP VPN CONFIGURATOR -"
|
||||
:put ""
|
||||
|
||||
:local defaultRemoteNetwork "192.168.150.0/24";
|
||||
:put "Enter the network assigned to VPN clients (press enter to use default: $defaultRemoteNetwork): ";
|
||||
:local input1 do={:return};
|
||||
:local remoteNetwork [$input1];
|
||||
:if ([:len $remoteNetwork] = 0) do={
|
||||
:set remoteNetwork $defaultRemoteNetwork;
|
||||
}
|
||||
|
||||
:local defaultVpnPort "443";
|
||||
:put "Enter the VPN port (press enter to use default: $defaultVpnPort): ";
|
||||
:local input2 do={:return};
|
||||
:local vpnPort [$input2];
|
||||
:if ([:len $vpnPort] = 0) do={
|
||||
:set vpnPort $defaultVpnPort;
|
||||
}
|
||||
|
||||
:local vpnUsername;
|
||||
:while ([:typeof $vpnUsername] = "nothing" || [:len $vpnUsername] = 0) do={
|
||||
:put "Enter the VPN username: ";
|
||||
:local input3 do={:return};
|
||||
:set vpnUsername [$input3];
|
||||
}
|
||||
|
||||
:local vpnPassword;
|
||||
:while ([:typeof $vpnPassword] = "nothing" || [:len $vpnPassword] = 0) do={
|
||||
:put "Enter the VPN password: ";
|
||||
:local input4 do={:return};
|
||||
:set vpnPassword [$input4];
|
||||
}
|
||||
|
||||
:local country;
|
||||
:while ([:typeof $country] = "nothing" || [:len $country] = 0) do={
|
||||
:put "Enter the country for SSL certificate (e.g., US): ";
|
||||
:local input5 do={:return};
|
||||
:set country [$input5];
|
||||
}
|
||||
|
||||
:local state;
|
||||
:while ([:typeof $state] = "nothing" || [:len $state] = 0) do={
|
||||
:put "Enter the state for SSL certificate (e.g., California): ";
|
||||
:local input6 do={:return};
|
||||
:set state [$input6];
|
||||
}
|
||||
|
||||
:local locality;
|
||||
:while ([:typeof $locality] = "nothing" || [:len $locality] = 0) do={
|
||||
:put "Enter the locality for SSL certificate (e.g., San Francisco): ";
|
||||
:local input7 do={:return};
|
||||
:set locality [$input7];
|
||||
}
|
||||
|
||||
:local organization;
|
||||
:while ([:typeof $organization] = "nothing" || [:len $organization] = 0) do={
|
||||
:put "Enter the organization for SSL certificate (e.g., Github): ";
|
||||
:local input8 do={:return};
|
||||
:set organization [$input8];
|
||||
}
|
||||
|
||||
|
||||
#### SCRIPT ###
|
||||
:put ""
|
||||
:put "--- STARTING CONFIGURATOR ---"
|
||||
|
||||
# Enable DDNS
|
||||
:if ( [/ip cloud get ddns-enabled] = true ) do={
|
||||
:put "DDNS already enabled"
|
||||
} else={
|
||||
:put "DDNS is not enabled, enabling..."
|
||||
/ip cloud set ddns-enabled=yes
|
||||
# Wait for cloud to be enabled
|
||||
:delay 10s
|
||||
}
|
||||
|
||||
# Get Cloud Address
|
||||
:local cloudAddress [/ip cloud get dns-name]
|
||||
:put "Cloud DNS Name: $cloudAddress"
|
||||
|
||||
# CREATE SSL CERTIFICATE
|
||||
/certificate
|
||||
add name=VPN_CA common-name=$cloudAddress country=$country state=$state locality=$locality organization=$organization key-usage=key-cert-sign,crl-sign
|
||||
sign VPN_CA
|
||||
add name=VPN_SERVER common-name=$cloudAddress country=$country state=$state locality=$locality organization=$organization key-usage=digital-signature,key-encipherment,tls-server
|
||||
sign VPN_SERVER ca=VPN_CA
|
||||
:delay 10s
|
||||
:put "SSL Certificates created successfully"
|
||||
|
||||
# CREATE IP POOL
|
||||
:local ipBase [:pick $remoteNetwork 0 ([:find $remoteNetwork "/"] - 1)]
|
||||
:local ipRange ($ipBase . "2-" . $ipBase . "254")
|
||||
/ip pool add name=vpn-pool ranges=$ipRange
|
||||
:put "VPN IP Pool created successfully"
|
||||
|
||||
# CREATE VPN PROFILE
|
||||
/ppp profile add name=vpn-profile local-address=($ipBase . "1") remote-address=vpn-pool
|
||||
:put "VPN Profile created successfully"
|
||||
|
||||
# ENABLE SSTP VPN
|
||||
/interface sstp-server server set enabled=yes certificate=VPN_SERVER default-profile=vpn-profile tls-version=only-1.2
|
||||
:put "SSTP VPN enabled successfully"
|
||||
|
||||
# CREATE VPN USER
|
||||
/ppp secret add name=$vpnUsername password=$vpnPassword profile=vpn-profile
|
||||
:put "VPN User created successfully"
|
||||
|
||||
# CREATE MASQUERADE RULE FOR VPN
|
||||
/ip firewall nat add chain=srcnat action=masquerade src-address=$remoteNetwork
|
||||
:put "Masquerade rule for VPN created successfully"
|
||||
|
||||
# CREATE FIREWALL FILTER INPUT RULE
|
||||
/ip firewall filter add chain=input action=accept protocol=tcp dst-port=$vpnPort place-before=3
|
||||
|
||||
# EXPORT CLIENT CERTIFICATE
|
||||
/certificate export-certificate VPN_CA
|
||||
|
||||
:put ""
|
||||
:put "[SUCCESS] SSTP VPN CONFIGURED"
|
||||
:put "The client certificate is waiting in the files section for you to download"
|
||||
:put ""
|
||||
:put "- github.com/cattalurdai -"
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue