en:vpn:debian-tharyrok
Differences
This shows you the differences between two versions of the page.
Next revisionBoth sides next revision | |||
en:vpn:debian-tharyrok [2019/10/13 15:01] – external edit 127.0.0.1 | en:vpn:debian-tharyrok [2020/08/05 09:04] – removed tierce | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configuration sur debian ====== | ||
- | |||
- | Ma config est la suivante, si le vpn ne marche pas j'ai pas d' | ||
- | J' | ||
- | |||
- | Mon reseau local est en 192.168.12.0/ | ||
- | |||
- | # Installation openvpn | ||
- | `apt-get install openvpn` | ||
- | |||
- | # configuration openvpn | ||
- | Voici la structure des fichiers : | ||
- | |||
- | ``` | ||
- | / | ||
- | ├── client | ||
- | │ ├── neutrinet | ||
- | │ │ ├── auth | ||
- | │ │ ├── ca.crt | ||
- | │ │ ├── client.crt | ||
- | │ │ └── client.key | ||
- | │ └── neutrinet.conf | ||
- | └── server | ||
- | ``` | ||
- | |||
- | Dans neutrinet.conf j'ai : | ||
- | ``` | ||
- | client | ||
- | dev tun0 | ||
- | |||
- | # On ne peut pas mettre le ndd de neutrinet ici car on va forcer les route plus tard. | ||
- | remote 5.200.2.14 | ||
- | proto udp | ||
- | port 1195 | ||
- | |||
- | pull | ||
- | nobind | ||
- | dev tun | ||
- | tun-ipv6 | ||
- | keepalive 10 120 | ||
- | comp-lzo adaptive | ||
- | resolv-retry infinite | ||
- | |||
- | # Authentication by login | ||
- | auth-user-pass / | ||
- | |||
- | # UDP only | ||
- | explicit-exit-notify | ||
- | |||
- | # TLS | ||
- | tls-client | ||
- | remote-cert-tls server | ||
- | ns-cert-type server | ||
- | ca / | ||
- | cert / | ||
- | key / | ||
- | |||
- | # Logs | ||
- | verb 4 | ||
- | mute 5 | ||
- | status / | ||
- | log-append / | ||
- | |||
- | # Routing | ||
- | route 0.0.0.0 0.0.0.0 | ||
- | #route-ipv6 ::/0 | ||
- | route-ipv6 2000::/3 | ||
- | |||
- | # neutrinet | ||
- | cipher AES-256-CBC | ||
- | tls-version-min 1.2 | ||
- | auth SHA256 | ||
- | topology subnet | ||
- | |||
- | ``` | ||
- | |||
- | N' | ||
- | |||
- | `systemctl enbale openvpn@neutrinet` | ||
- | |||
- | # Forcer les routes | ||
- | |||
- | Comme je vous l'ai dit plus haut ma config est que si le vpn neutrinet ne tourne pas j'ai pas internet. | ||
- | |||
- | dans / | ||
- | |||
- | ``` | ||
- | auto lo | ||
- | iface lo inet loopback | ||
- | |||
- | auto eth1 | ||
- | iface eth1 inet static | ||
- | address 192.168.12.254 | ||
- | netmask 255.255.255.0 | ||
- | |||
- | iface eth1 inet6 static | ||
- | address #Votre IpV6 de neutrinet#:: | ||
- | netmask 64 | ||
- | |||
- | auto eth0 | ||
- | iface eth0 inet static | ||
- | address 192.168.1.20 | ||
- | netmask 255.255.255.0 | ||
- | pre-up echo 1 > / | ||
- | up route add -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
- | down route del -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
- | |||
- | ``` | ||
- | |||
- | # Nat pour la bbox | ||
- | |||
- | Ha oui je vous ai dit que je parlerai pas de nat, bon il faut quand même quelque ligne d' | ||
- | |||
- | Du coup je vous balance mes ligne mais sans trop vous expliquer. | ||
- | |||
- | ``` | ||
- | iptables -A POSTROUTING -s 192.168.12.0/ | ||
- | iptables -A POSTROUTING -s 192.168.12.0/ | ||
- | iptables -A POSTROUTING -s 192.168.12.0/ | ||
- | |||
- | ``` | ||
- | |||
en/vpn/debian-tharyrok.txt · Last modified: 2022/07/22 13:15 by 127.0.0.1