sdf_s_vpn_servers
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
sdf_s_vpn_servers [2021/03/18 02:43] – [PPTP Kernel Module] hc9 | sdf_s_vpn_servers [2021/03/21 00:21] – [Connecting in FreeBSD] hc9 | ||
---|---|---|---|
Line 78: | Line 78: | ||
< | < | ||
- | root@OpenWrt: | + | |
</ | </ | ||
Line 137: | Line 137: | ||
===== Connecting in Linux ===== | ===== Connecting in Linux ===== | ||
- | |**1**|Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | + | - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' |
- | |**2**|Create a file named sdfpptp in / | + | |
- | + | | |
- | Note: Make sure to replace **//IP Address//** with the IP address/ | + | remotename sdfpptp |
- | + | linkname sdfpptp | |
- | <file config / | + | ipparam sdfpptp |
- | + | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | |
- | | + | name **// |
- | linkname sdfpptp | + | refuse-eap |
- | ipparam sdfpptp | + | refuse-pap |
- | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | + | refuse-chap |
- | name **// | + | refuse-mschap |
- | refuse-eap | + | require-mppe |
- | refuse-pap | + | nomppe-stateful |
- | refuse-chap | + | require-mppe-128 |
- | refuse-mschap | + | nomppe-40 |
- | require-mppe | + | noauth |
- | nomppe-stateful | + | nodetach |
- | require-mppe-128 | + | lock |
- | nomppe-40 | + | bsdcomp 9,15 |
- | noauth | + | deflate 9,15 |
- | nodetach | + | idle 0 |
- | lock | + | |
- | bsdcomp 9,15 | + | |
- | deflate 9,15 | + | |
- | idle 0 | + | |
</ | </ | ||
- | + | - Save the file. | |
- | |**3**|Save the file.| | + | |
- | |**4**|Edit / | + | |
- | |**5**|Make sure a specific route to the VPN exists. Run ' | + | |
- | |**6**|Enter ' | + | |
- | |**7**|Open another terminal. Enter ' | + | |
- | + | # | |
- | Alternatively to steps 5 and 6, you might use a wrapper script like this: | + | SDFVPNHOST=**// |
- | + | RT=`ip route get $SDFVPNHOST | head -1` | |
- | < | + | DEV=`echo $RT | awk ' |
- | + | VIA=`echo $RT | awk ' | |
- | | + | ip route add $SDFVPNHOST via $VIA dev $DEV |
- | SDFVPNHOST=**// | + | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | RT=`ip route get $SDFVPNHOST | head -1` | + | pppd call sdfpptp |
- | DEV=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV |
- | VIA=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | ip route add $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
- | pppd call sdfpptp | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
</ | </ | ||
- | + | * This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | |
- | This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | + | |
==== GUI Setup With NetworkManager ==== | ==== GUI Setup With NetworkManager ==== | ||
Line 209: | Line 197: | ||
{{ : | {{ : | ||
- | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]): | + | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setting_it_up|from when you ran setvpn]]): |
{{ : | {{ : | ||
Line 223: | Line 211: | ||
If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted. | If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted. | ||
- | {{tutorials/ | ||
{{ : | {{ : | ||
+ | |||
===== Connecting in OpenWRT ===== | ===== Connecting in OpenWRT ===== | ||
Line 235: | Line 223: | ||
For this setup you'll need to install the following kernel module packages: // | For this setup you'll need to install the following kernel module packages: // | ||
- | |**1**|Login to your OpenWRT device via SSH.| | + | - Login to your OpenWRT device via SSH. |
- | |**2**|Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp// | + | |
- | |**3**|Open /// | + | |
- | + | ||
- | < | + | |
#### VPN configuration | #### VPN configuration | ||
config ' | config ' | ||
Line 250: | Line 235: | ||
option ' | option ' | ||
option ' | option ' | ||
- | |||
</ | </ | ||
- | + | - Open /// | |
- | |**4**|Open /// | + | noipdefault |
- | + | nodefaultroute | |
- | < | + | maxfail 0 |
- | + | debug | |
- | noipdefault | + | plugin "/ |
- | nodefaultroute | + | refuse-eap |
- | maxfail 0 | + | refuse-pap |
- | debug | + | refuse-chap |
- | plugin "/ | + | refuse-mschap |
- | refuse-eap | + | mppe required, |
- | refuse-pap | + | noauth |
- | refuse-chap | + | nodetach |
- | refuse-mschap | + | bsdcomp 9,15 |
- | mppe required, | + | deflate 9,15 |
- | noauth | + | idle 0 |
- | nodetach | + | |
- | bsdcomp 9,15 | + | |
- | deflate 9,15 | + | |
- | idle 0 | + | |
</ | </ | ||
- | + | - Restart networking to connect to the VPN: /// | |
- | |**5**|Restart networking to connect to the VPN: /// | + | |
- | |**6**|If everything worked correctly, the // | + | pptp-vpn |
- | + | inet addr: | |
- | < | + | UP POINTOPOINT RUNNING NOARP MULTICAST |
- | + | RX packets:21 errors:0 dropped:0 overruns:0 frame:0 | |
- | pptp-vpn Link encap: | + | TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 |
- | inet addr: | + | collisions: |
- | UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1 | + | RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) |
- | RX packets:21 errors:0 dropped:0 overruns:0 frame:0 | + | |
- | TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 | + | |
- | collisions: | + | |
- | RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) | + | |
</ | </ | ||
- | + | - Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#connecting_in_linux|Linux]]. | |
- | |**7**|Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#linux|Linux]].| | + | |
==== PPTP Userspace Utility ==== | ==== PPTP Userspace Utility ==== | ||
Line 296: | Line 269: | ||
- Login to your OpenWRT device via SSH. | - Login to your OpenWRT device via SSH. | ||
- Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | - Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | ||
- | - Follow the [[#linux|Linux]] directions above like normal. | + | - Follow the [[#connecting_in_linux|Linux]] directions above like normal. |
- If you are still having trouble, look over the official OpenWRT documentation found here: http:// | - If you are still having trouble, look over the official OpenWRT documentation found here: http:// | ||
===== Connecting in FreeBSD ===== | ===== Connecting in FreeBSD ===== | ||
- | * Install mpd4 from ports or packages. | + | * Install |
- | * Add the following section to your / | + | * Add the following section to your '' |
- | + | sdfvpn: | |
- | < | + | new -i ng1 sdfvpn sdfvpn |
- | + | set iface disable on-demand | |
- | sdfvpn: | + | set iface idle 0 |
- | new -i ng1 sdfvpn sdfvpn | + | # disconnect the client after 8 hours |
- | set iface disable on-demand | + | set iface session 28800 |
- | set iface idle 0 | + | set iface route 10.0.0.0/ |
- | # disconnect the client after 8 hours | + | set iface route default |
- | set iface session 28800 | + | set bundle disable multilink |
- | set iface route 10.0.0.0/ | + | set auth authname " |
- | set iface route default | + | set auth password " |
- | set bundle disable multilink | + | set link yes acfcomp protocomp |
- | set auth authname " | + | set link no eap set link no pap |
- | set auth password " | + | set link accept chap |
- | set link yes acfcomp protocomp | + | set link mtu 1460 |
- | set link no eap set link no pap | + | set link keep-alive 10 75 |
- | set link accept chap | + | set ipcp yes vjcomp |
- | set link mtu 1460 | + | set ipcp ranges 0.0.0.0/0 |
- | set link keep-alive 10 75 | + | set ipcp yes req-pri-dns req-sec-dns |
- | set ipcp yes vjcomp | + | |
- | set ipcp ranges 0.0.0.0/0 | + | |
- | set ipcp yes req-pri-dns req-sec-dns | + | |
- | + | ||
- | # | + | |
- | # The five lines below enable Microsoft Point-to-Point encryption | + | |
- | # (MPPE) using the ng_mppc(8) netgraph node type. | + | |
- | # | + | |
- | set bundle yes compression | + | |
- | set ccp yes mppc | + | |
- | set ccp yes mpp-compress | + | |
- | set ccp yes mpp-e128 | + | |
- | #set bundle accept crypt-reqd | + | |
- | set ccp yes mpp-stateless | + | |
- | open | + | |
+ | # | ||
+ | # The five lines below enable Microsoft Point-to-Point encryption | ||
+ | # (MPPE) using the ng_mppc(8) netgraph node type. | ||
+ | # | ||
+ | set bundle yes compression | ||
+ | set ccp yes mppc | ||
+ | set ccp yes mpp-compress | ||
+ | set ccp yes mpp-e128 | ||
+ | #set bundle accept crypt-reqd | ||
+ | set ccp yes mpp-stateless | ||
+ | open | ||
</ | </ | ||
- | |||
* You will have to replace three (3) things in this config: | * You will have to replace three (3) things in this config: | ||
- Your USERNAME | - Your USERNAME | ||
- Your PASSWORD | - Your PASSWORD | ||
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | ||
- | + | | |
- | | + | sdfvpn: |
- | + | set link type pptp | |
- | < | + | set pptp peer |
- | + | set pptp enable originate outcall | |
- | sdfvpn: | + | set pptp disable incoming |
- | set link type pptp | + | |
- | set pptp peer | + | |
- | set pptp enable originate outcall | + | |
- | set pptp disable incoming | + | |
</ | </ | ||
- | |||
* You will have to replace one (1) thing in this config: | * You will have to replace one (1) thing in this config: | ||
- The public address of SDF's VPN host. You can get this by running setvpn at the shell. | - The public address of SDF's VPN host. You can get this by running setvpn at the shell. | ||
Line 400: | Line 362: | ||
[[http:// | [[http:// | ||
- | |**1**|Open Viscosity' | + | - Open Viscosity' |
- | |**2**|Create a new connection| | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**3**|In the New Connection window,| | + | |
- | + | | |
- | * Give your connection a name | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**4**|Move on to the Authentication tab| | + | |
- | + | | |
- | * You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk. | + | |
- | | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | |**5**|Now move to the Options tab| | + | |
- | |**6**|Set LZO Compression to **On** or **On (Adaptive)**| | + | |
- | + | ||
- | {{: | + | |
That's it! Hit Save, and you're ready to roll securely through the SDF VPN. | That's it! Hit Save, and you're ready to roll securely through the SDF VPN. |
sdf_s_vpn_servers.txt · Last modified: 2021/03/21 00:29 by hc9