en:vpn:debian-tharyrok
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
en:vpn:debian-tharyrok [2020/08/05 09:04] – removed tierce | en:vpn:debian-tharyrok [2020/08/05 13:03] – [configuration openvpn] typo tierce | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// | ||
+ | |||
+ | ====== Configuration sur debian ====== | ||
+ | |||
+ | Ma config est la suivante, si le vpn ne marche pas j'ai pas d' | ||
+ | J' | ||
+ | |||
+ | Mon reseau local est en 192.168.12.0/ | ||
+ | |||
+ | # Installation openvpn | ||
+ | `apt-get install openvpn` | ||
+ | |||
+ | # configuration openvpn | ||
+ | Voici la structure des fichiers : | ||
+ | |||
+ | ``` | ||
+ | / | ||
+ | ├── client | ||
+ | │ ├── neutrinet | ||
+ | │ │ ├── auth | ||
+ | │ │ ├── ca.crt | ||
+ | │ │ ├── client.crt | ||
+ | │ │ └── client.key | ||
+ | │ └── neutrinet.conf | ||
+ | └── server | ||
+ | ``` | ||
+ | |||
+ | Dans neutrinet.conf j'ai : | ||
+ | ``` | ||
+ | client | ||
+ | dev tun0 | ||
+ | |||
+ | # On ne peut pas mettre le ndd de neutrinet ici car on va forcer les route plus tard. | ||
+ | remote 5.200.2.14 | ||
+ | proto udp | ||
+ | port 1195 | ||
+ | |||
+ | pull | ||
+ | nobind | ||
+ | dev tun | ||
+ | tun-ipv6 | ||
+ | keepalive 10 120 | ||
+ | comp-lzo adaptive | ||
+ | resolv-retry infinite | ||
+ | |||
+ | # Authentication by login | ||
+ | auth-user-pass / | ||
+ | |||
+ | # UDP only | ||
+ | explicit-exit-notify | ||
+ | |||
+ | # TLS | ||
+ | tls-client | ||
+ | remote-cert-tls server | ||
+ | ns-cert-type server | ||
+ | ca / | ||
+ | cert / | ||
+ | key / | ||
+ | |||
+ | # Logs | ||
+ | verb 4 | ||
+ | mute 5 | ||
+ | status / | ||
+ | log-append / | ||
+ | |||
+ | # Routing | ||
+ | route 0.0.0.0 0.0.0.0 | ||
+ | #route-ipv6 ::/0 | ||
+ | route-ipv6 2000::/3 | ||
+ | |||
+ | # neutrinet | ||
+ | cipher AES-256-CBC | ||
+ | tls-version-min 1.2 | ||
+ | auth SHA256 | ||
+ | topology subnet | ||
+ | |||
+ | ``` | ||
+ | |||
+ | N' | ||
+ | |||
+ | `systemctl enable openvpn@neutrinet` | ||
+ | |||
+ | # Forcer les routes | ||
+ | |||
+ | Comme je vous l'ai dit plus haut ma config est que si le vpn neutrinet ne tourne pas j'ai pas internet. | ||
+ | |||
+ | dans / | ||
+ | |||
+ | ``` | ||
+ | auto lo | ||
+ | iface lo inet loopback | ||
+ | |||
+ | auto eth1 | ||
+ | iface eth1 inet static | ||
+ | address 192.168.12.254 | ||
+ | netmask 255.255.255.0 | ||
+ | |||
+ | iface eth1 inet6 static | ||
+ | address #Votre IpV6 de neutrinet#:: | ||
+ | netmask 64 | ||
+ | |||
+ | auto eth0 | ||
+ | iface eth0 inet static | ||
+ | address 192.168.1.20 | ||
+ | netmask 255.255.255.0 | ||
+ | pre-up echo 1 > / | ||
+ | up route add -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
+ | down route del -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
+ | |||
+ | ``` | ||
+ | |||
+ | # Nat pour la bbox | ||
+ | |||
+ | Ha oui je vous ai dit que je parlerai pas de nat, bon il faut quand même quelque ligne d' | ||
+ | |||
+ | Du coup je vous balance mes ligne mais sans trop vous expliquer. | ||
+ | |||
+ | ``` | ||
+ | iptables -A POSTROUTING -s 192.168.12.0/ | ||
+ | iptables -A POSTROUTING -s 192.168.12.0/ | ||
+ | iptables -A POSTROUTING -s 192.168.12.0/ | ||
+ | |||
+ | ``` | ||
+ | |||
en/vpn/debian-tharyrok.txt · Last modified: 2022/07/22 13:15 by 127.0.0.1