en:vpn:debian-tharyrok
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:vpn:debian-tharyrok [2020/08/05 09:04] – removed tierce | en:vpn:debian-tharyrok [2022/07/22 13:15] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// | ||
| + | |||
| + | ====== Configuration sur debian ====== | ||
| + | |||
| + | Ma config est la suivante, si le vpn ne marche pas j'ai pas d' | ||
| + | J' | ||
| + | |||
| + | Mon reseau local est en 192.168.12.0/ | ||
| + | |||
| + | # Installation openvpn | ||
| + | `apt-get install openvpn` | ||
| + | |||
| + | # configuration openvpn | ||
| + | Voici la structure des fichiers : | ||
| + | |||
| + | ``` | ||
| + | / | ||
| + | ├── client | ||
| + | │ ├── neutrinet | ||
| + | │ │ ├── auth | ||
| + | │ │ ├── ca.crt | ||
| + | │ │ ├── client.crt | ||
| + | │ │ └── client.key | ||
| + | │ └── neutrinet.conf | ||
| + | └── server | ||
| + | ``` | ||
| + | |||
| + | Dans neutrinet.conf j'ai : | ||
| + | ``` | ||
| + | client | ||
| + | dev tun0 | ||
| + | |||
| + | # On ne peut pas mettre le ndd de neutrinet ici car on va forcer les route plus tard. | ||
| + | remote 5.200.2.14 | ||
| + | proto udp | ||
| + | port 1195 | ||
| + | |||
| + | pull | ||
| + | nobind | ||
| + | dev tun | ||
| + | tun-ipv6 | ||
| + | keepalive 10 120 | ||
| + | comp-lzo adaptive | ||
| + | resolv-retry infinite | ||
| + | |||
| + | # Authentication by login | ||
| + | auth-user-pass / | ||
| + | |||
| + | # UDP only | ||
| + | explicit-exit-notify | ||
| + | |||
| + | # TLS | ||
| + | tls-client | ||
| + | remote-cert-tls server | ||
| + | ns-cert-type server | ||
| + | ca / | ||
| + | cert / | ||
| + | key / | ||
| + | |||
| + | # Logs | ||
| + | verb 4 | ||
| + | mute 5 | ||
| + | status / | ||
| + | log-append / | ||
| + | |||
| + | # Routing | ||
| + | route 0.0.0.0 0.0.0.0 | ||
| + | #route-ipv6 ::/0 | ||
| + | route-ipv6 2000::/3 | ||
| + | |||
| + | # neutrinet | ||
| + | cipher AES-256-CBC | ||
| + | tls-version-min 1.2 | ||
| + | auth SHA256 | ||
| + | topology subnet | ||
| + | |||
| + | ``` | ||
| + | |||
| + | N' | ||
| + | |||
| + | `systemctl enable openvpn@neutrinet` | ||
| + | |||
| + | # Forcer les routes | ||
| + | |||
| + | Comme je vous l'ai dit plus haut ma config est que si le vpn neutrinet ne tourne pas j'ai pas internet. | ||
| + | |||
| + | dans / | ||
| + | |||
| + | ``` | ||
| + | auto lo | ||
| + | iface lo inet loopback | ||
| + | |||
| + | auto eth1 | ||
| + | iface eth1 inet static | ||
| + | address 192.168.12.254 | ||
| + | netmask 255.255.255.0 | ||
| + | |||
| + | iface eth1 inet6 static | ||
| + | address #Votre IpV6 de neutrinet#:: | ||
| + | netmask 64 | ||
| + | |||
| + | auto eth0 | ||
| + | iface eth0 inet static | ||
| + | address 192.168.1.20 | ||
| + | netmask 255.255.255.0 | ||
| + | pre-up echo 1 > / | ||
| + | up route add -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
| + | down route del -net 5.200.2.14 netmask 255.255.255.255 gw 192.168.1.1 | ||
| + | |||
| + | ``` | ||
| + | |||
| + | # Nat pour la bbox | ||
| + | |||
| + | Ha oui je vous ai dit que je parlerai pas de nat, bon il faut quand même quelque ligne d' | ||
| + | |||
| + | Du coup je vous balance mes ligne mais sans trop vous expliquer. | ||
| + | |||
| + | ``` | ||
| + | iptables -A POSTROUTING -s 192.168.12.0/ | ||
| + | iptables -A POSTROUTING -s 192.168.12.0/ | ||
| + | iptables -A POSTROUTING -s 192.168.12.0/ | ||
| + | |||
| + | ``` | ||
| + | |||
en/vpn/debian-tharyrok.1596611060.txt.gz · Last modified: by tierce