sdf_s_vpn_servers
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
sdf_s_vpn_servers [2021/03/18 02:55] – [A Note on Routing] hc9 | sdf_s_vpn_servers [2021/03/21 00:23] – [Connecting in FreeBSD] hc9 | ||
---|---|---|---|
Line 78: | Line 78: | ||
< | < | ||
- | root@OpenWrt: | + | |
</ | </ | ||
Line 137: | Line 137: | ||
===== Connecting in Linux ===== | ===== Connecting in Linux ===== | ||
- | |**1**|Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | + | - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' |
- | |**2**|Create a file named sdfpptp in / | + | |
- | + | | |
- | Note: Make sure to replace **//IP Address//** with the IP address/ | + | remotename sdfpptp |
- | + | linkname sdfpptp | |
- | <file config / | + | ipparam sdfpptp |
- | + | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | |
- | | + | name **// |
- | linkname sdfpptp | + | refuse-eap |
- | ipparam sdfpptp | + | refuse-pap |
- | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | + | refuse-chap |
- | name **// | + | refuse-mschap |
- | refuse-eap | + | require-mppe |
- | refuse-pap | + | nomppe-stateful |
- | refuse-chap | + | require-mppe-128 |
- | refuse-mschap | + | nomppe-40 |
- | require-mppe | + | noauth |
- | nomppe-stateful | + | nodetach |
- | require-mppe-128 | + | lock |
- | nomppe-40 | + | bsdcomp 9,15 |
- | noauth | + | deflate 9,15 |
- | nodetach | + | idle 0 |
- | lock | + | |
- | bsdcomp 9,15 | + | |
- | deflate 9,15 | + | |
- | idle 0 | + | |
</ | </ | ||
- | + | - Save the file. | |
- | |**3**|Save the file.| | + | |
- | |**4**|Edit / | + | |
- | |**5**|Make sure a specific route to the VPN exists. Run ' | + | |
- | |**6**|Enter ' | + | |
- | |**7**|Open another terminal. Enter ' | + | |
- | + | # | |
- | Alternatively to steps 5 and 6, you might use a wrapper script like this: | + | SDFVPNHOST=**// |
- | + | RT=`ip route get $SDFVPNHOST | head -1` | |
- | < | + | DEV=`echo $RT | awk ' |
- | + | VIA=`echo $RT | awk ' | |
- | | + | ip route add $SDFVPNHOST via $VIA dev $DEV |
- | SDFVPNHOST=**// | + | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | RT=`ip route get $SDFVPNHOST | head -1` | + | pppd call sdfpptp |
- | DEV=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV |
- | VIA=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | ip route add $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
- | pppd call sdfpptp | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
</ | </ | ||
- | + | * This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | |
- | This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | + | |
==== GUI Setup With NetworkManager ==== | ==== GUI Setup With NetworkManager ==== | ||
Line 209: | Line 197: | ||
{{ : | {{ : | ||
- | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]): | + | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setting_it_up|from when you ran setvpn]]): |
{{ : | {{ : | ||
Line 235: | Line 223: | ||
For this setup you'll need to install the following kernel module packages: // | For this setup you'll need to install the following kernel module packages: // | ||
- | |**1**|Login to your OpenWRT device via SSH.| | + | - Login to your OpenWRT device via SSH. |
- | |**2**|Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp// | + | |
- | |**3**|Open /// | + | |
- | + | ||
- | < | + | |
#### VPN configuration | #### VPN configuration | ||
config ' | config ' | ||
Line 250: | Line 235: | ||
option ' | option ' | ||
option ' | option ' | ||
- | |||
</ | </ | ||
- | + | - Open /// | |
- | |**4**|Open /// | + | |
- | + | ||
- | < | + | |
noipdefault | noipdefault | ||
nodefaultroute | nodefaultroute | ||
Line 272: | Line 252: | ||
deflate 9,15 | deflate 9,15 | ||
idle 0 | idle 0 | ||
- | |||
</ | </ | ||
- | + | - Restart networking to connect to the VPN: /// | |
- | |**5**|Restart networking to connect to the VPN: /// | + | |
- | |**6**|If everything worked correctly, the // | + | |
- | + | ||
- | < | + | |
pptp-vpn | pptp-vpn | ||
inet addr: | inet addr: | ||
Line 287: | Line 262: | ||
collisions: | collisions: | ||
RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) | RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) | ||
- | |||
</ | </ | ||
- | + | - Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#connecting_in_linux|Linux]]. | |
- | |**7**|Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#linux|Linux]].| | + | |
==== PPTP Userspace Utility ==== | ==== PPTP Userspace Utility ==== | ||
Line 296: | Line 269: | ||
- Login to your OpenWRT device via SSH. | - Login to your OpenWRT device via SSH. | ||
- Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | - Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | ||
- | - Follow the [[#linux|Linux]] directions above like normal. | + | - Follow the [[#connecting_in_linux|Linux]] directions above like normal. |
- If you are still having trouble, look over the official OpenWRT documentation found here: http:// | - If you are still having trouble, look over the official OpenWRT documentation found here: http:// | ||
===== Connecting in FreeBSD ===== | ===== Connecting in FreeBSD ===== | ||
- | * Install mpd4 from ports or packages. | + | * Install |
- | * Add the following section to your / | + | * Add the following section to your '' |
- | + | ||
- | < | + | |
sdfvpn: | sdfvpn: | ||
new -i ng1 sdfvpn sdfvpn | new -i ng1 sdfvpn sdfvpn | ||
Line 337: | Line 307: | ||
set ccp yes mpp-stateless | set ccp yes mpp-stateless | ||
open | open | ||
- | |||
</ | </ | ||
- | |||
* You will have to replace three (3) things in this config: | * You will have to replace three (3) things in this config: | ||
- Your USERNAME | - Your USERNAME | ||
Line 345: | Line 313: | ||
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | ||
- | * Add this in your / | + | * Add this in your / |
- | + | ||
- | < | + | |
sdfvpn: | sdfvpn: | ||
set link type pptp | set link type pptp | ||
Line 354: | Line 319: | ||
set pptp enable originate outcall | set pptp enable originate outcall | ||
set pptp disable incoming | set pptp disable incoming | ||
- | |||
</ | </ | ||
- | |||
* You will have to replace one (1) thing in this config: | * You will have to replace one (1) thing in this config: | ||
- | - The public address of SDF's VPN host. You can get this by running setvpn at the shell. | + | - The public address of SDF's VPN host. You can get this by running |
* Now, as root, run mpd4 sdfvpn. | * Now, as root, run mpd4 sdfvpn. | ||
* You should now be connected to SDF over a layer 3 tunnel across the Internet. | * You should now be connected to SDF over a layer 3 tunnel across the Internet. | ||
Line 400: | Line 363: | ||
[[http:// | [[http:// | ||
- | |**1**|Open Viscosity' | + | - Open Viscosity' |
- | |**2**|Create a new connection| | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**3**|In the New Connection window,| | + | |
- | + | | |
- | * Give your connection a name | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**4**|Move on to the Authentication tab| | + | |
- | + | | |
- | * You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk. | + | |
- | | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | |**5**|Now move to the Options tab| | + | |
- | |**6**|Set LZO Compression to **On** or **On (Adaptive)**| | + | |
- | + | ||
- | {{: | + | |
That's it! Hit Save, and you're ready to roll securely through the SDF VPN. | That's it! Hit Save, and you're ready to roll securely through the SDF VPN. |
sdf_s_vpn_servers.txt · Last modified: 2024/09/18 06:22 by hc9