OPENVPN SITE TO SITE CERT: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(4 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt)
Zeile 43: Zeile 43:
 
*openssl dhparam -out dh2048.pem 2048
 
*openssl dhparam -out dh2048.pem 2048
 
Place also garlic.xinux.org.crt  garlic.xinux.org.key xin-ca.crt in this directory
 
Place also garlic.xinux.org.crt  garlic.xinux.org.key xin-ca.crt in this directory
==Config onf garlic==
+
==Openvpn Config on garlic==
*cd /etc/openvpn/
 
 
*vi /etc/openvpn/server.conf
 
*vi /etc/openvpn/server.conf
 
<pre>
 
<pre>
Zeile 59: Zeile 58:
 
</pre>
 
</pre>
  
==Copy to hubsi==
+
==Place cert-stuff on hubsi==
*scp static.key hubsi:$PWD
+
*cd /etc/openvpn/
=Openvpn config on garlic=
+
*mkdir ssl
 +
Place also hubsi.xinux.org.crt  hubsi.xinux.org.key xin-ca.crt in this directory
 +
==Openvpn Config on hubsi==
 
*vi /etc/openvpn/server.conf
 
*vi /etc/openvpn/server.conf
<pre>
 
remote 10.82.1.195
 
dev tun
 
ifconfig 172.30.30.1 172.30.30.2
 
secret static.key
 
route 192.168.55.0 255.255.255.0
 
keepalive 10 120
 
</pre>
 
 
=Openvpn config on hubsi=
 
*vi /etc/openvpn/client.conf
 
 
<pre>
 
<pre>
 
remote 10.82.1.211
 
remote 10.82.1.211
 
dev tun
 
dev tun
 +
tls-client
 
ifconfig 172.30.30.2 172.30.30.1
 
ifconfig 172.30.30.2 172.30.30.1
secret static.key
 
 
route 192.168.33.0 255.255.255.0
 
route 192.168.33.0 255.255.255.0
 
keepalive 10 120
 
keepalive 10 120
 +
ca /etc/openvpn/ssl/xin-ca.crt
 +
cert /etc/openvpn/ssl/hubsi.xinux.org.crt
 +
key /etc/openvpn/ssl/hubsi.xinux.org.key
 
</pre>
 
</pre>
 +
 +
=Start and Autostart on all sites=
 +
*echo 'AUTOSTART="all"' >> /etc/default/openvpn
 +
*systemctl daemon-reload
 +
*systemctl start openvpn
 +
*systemctl enable openvpn

Aktuelle Version vom 6. August 2023, 11:23 Uhr

Layout

-192.168.33.1/24 -|garlic|-10.82.1.211---------------------10.82.1.195-|hubsi|-192.168.55.1/24

Interfaces

garlic

auto ens18
iface ens18 inet static
 address 10.82.1.211
 netmask 255.255.0.0
 gateway 10.82.0.1

auto dummy0
iface dummy0 inet static
 address 192.168.33.1
 netmask 255.255.255.0
 pre-up ip link add dummy0 type dummy

hubsi

auto ens18
iface ens18 inet static
 address 10.82.1.195
 netmask 255.255.0.0
 gateway 10.82.0.1

auto dummy0
iface dummy0 inet static
 address 192.168.55.1
 netmask 255.255.255.0
 pre-up ip link add dummy0 type dummy

Ipfordward on

  • cat /etc/sysctl.conf
net.ipv4.ip_forward=1
  • sysctl -p

Openvpn

Install

  • sudo apt-get install openvpn

Generate Diffie-Hellman and place cert-stuff on garlic

  • cd /etc/openvpn/
  • mkdir ssl
  • cd ssl
  • openssl dhparam -out dh2048.pem 2048

Place also garlic.xinux.org.crt garlic.xinux.org.key xin-ca.crt in this directory

Openvpn Config on garlic

  • vi /etc/openvpn/server.conf
remote 10.82.1.195
dev tun
tls-server
ifconfig 172.30.30.1 172.30.30.2
route 192.168.55.0 255.255.255.0
keepalive 10 120
dh /etc/openvpn/ssl/dh2048.pem
ca /etc/openvpn/ssl/xin-ca.crt
cert /etc/openvpn/ssl/garlic.xinux.org.crt
key /etc/openvpn/ssl/garlic.xinux.org.key

Place cert-stuff on hubsi

  • cd /etc/openvpn/
  • mkdir ssl

Place also hubsi.xinux.org.crt hubsi.xinux.org.key xin-ca.crt in this directory

Openvpn Config on hubsi

  • vi /etc/openvpn/server.conf
remote 10.82.1.211
dev tun
tls-client
ifconfig 172.30.30.2 172.30.30.1
route 192.168.33.0 255.255.255.0
keepalive 10 120
ca /etc/openvpn/ssl/xin-ca.crt
cert /etc/openvpn/ssl/hubsi.xinux.org.crt
key /etc/openvpn/ssl/hubsi.xinux.org.key

Start and Autostart on all sites

  • echo 'AUTOSTART="all"' >> /etc/default/openvpn
  • systemctl daemon-reload
  • systemctl start openvpn
  • systemctl enable openvpn
Abgerufen von „http://wiki.ixheim.de/index.php?title=OPENVPN_SITE_TO_SITE_CERT&oldid=48423