VPN

  1. VPN (pptpd Microsoft compatible VPN)
    installpkg pptpd-1.4.0-i486-1_SBo.tgz
    /etc/pptpd.conf
    localip 192.168.0.1
    remoteip 192.168.0.21-30
    /etc/ppp/options.pptpd
    ms-dns 192.168.0.1
    ms-wins 192.168.0.1
    /etc/ppp/chap-secrets
    # client        server  secret                  IP addresses
    <username>      pptpd   <password>              *
    
    /etc/rc.d/rc.pptpd
    #!/bin/sh
    # Start pptpd VPN server
    PID=/var/run/pptpd.pid
    
    case "$1" in
    start)
        echo 1 > /proc/sys/net/ipv4/ip_forward
        if /usr/sbin/pptpd; then
            touch $PID
        fi
        ;;
    stop)
        killall pptpd
        rm -f $PID
        ;;
    restart)
        killall pptpd
        if /usr/local/sbin/pptpd; then
            touch $PID
        fi
        ;;
    status)
        ifconfig
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        ;;
    esac
    /etc/rc.d/rc.local
    # Start pptpd VPN
    if [ -x /etc/rc.d/rc.pptpd ]; then
      /etc/rc.d/rc.pptpd start
    fi
  2. OpenVPN
    cd /etc/openvpn
    git clone http://github.com/OpenVPN/easy-rsa
    cd easy-rsa/easyrsa3
    ./easyrsa init-pki
    ./easyrsa build-ca
    
    ./easyrsa gen-req student
    ./easyrsa sign-req server student
    
    cd /etc/openvpn/certs/
    openssl dhparam -out dh2048.pem 2048
    cd /etc/openvpn/keys/
    /usr/sbin/openvpn --genkey --secret ta.key 
    
    ./easyrsa gen-req ovpn-client-lti
    mv pki/reqs/ovpn-client-lti.req /root
    ./easyrsa import-req /root/ovpn-client-lti.req ovpn-client-lti
    ./easyrsa sign-req client ovpn-client-lti
    cp pki/issued/ovpn-client-lti.crt /home/gbeton
    
    cp pki/ca.crt /etc/openvpn/certs/ 
    cp pki/issued/student.crt /etc/openvpn/certs/
    cp pki/private/student.key /etc/openvpn/keys/
    
    /etc/openvpn/openvpn.conf
    local 84.255.243.53
    daemon
    persist-tun
    persist-key
    ifconfig 10.8.2.1 10.8.2.2
    push "redirect-gateway def1"
    #secret keys/student.key
    tls-server
    ca /etc/openvpn/certs/ca.crt
    cert /etc/openvpn/certs/student.crt 
    key /etc/openvpn/keys/student.key
    dh /etc/openvpn/certs/dh2048.pem
    tls-auth /etc/openvpn/keys/ta.key 0
    
    # Saved pass phrase
    askpass /root/password.ovpn 
    auth-nocache
    
    # Maintain a record of client <-> virtual IP address
    # associations in this file.  If OpenVPN goes down or
    # is restarted, reconnecting clients can be assigned
    # the same virtual IP address from the pool that was
    # previously assigned.
    #ifconfig-pool-persist ipp.txt
    
    # It's a good idea to reduce the OpenVPN
    # daemon's privileges after initialization.
    user nobody 
    group nobody
    
    keepalive 10 60
    ping-timer-rem
    

© 2003-24 iNeta d.o.o. | Koroška cesta 31, SI-4000 Kranj | info@ineta.si | Pravno obvestilo
Powered by BravoCMS