sdf_s_vpn_servers
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
sdf_s_vpn_servers [2021/03/18 02:55] – [A Note on Routing] hc9 | sdf_s_vpn_servers [2021/03/21 00:23] – [Connecting in FreeBSD] hc9 | ||
---|---|---|---|
Line 78: | Line 78: | ||
< | < | ||
- | root@OpenWrt: | + | |
</ | </ | ||
Line 137: | Line 137: | ||
===== Connecting in Linux ===== | ===== Connecting in Linux ===== | ||
- | |**1**|Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | + | - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' |
- | |**2**|Create a file named sdfpptp in / | + | |
- | + | | |
- | Note: Make sure to replace **//IP Address//** with the IP address/ | + | remotename sdfpptp |
- | + | linkname sdfpptp | |
- | <file config / | + | ipparam sdfpptp |
- | + | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | |
- | | + | name **// |
- | linkname sdfpptp | + | refuse-eap |
- | ipparam sdfpptp | + | refuse-pap |
- | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | + | refuse-chap |
- | name **// | + | refuse-mschap |
- | refuse-eap | + | require-mppe |
- | refuse-pap | + | nomppe-stateful |
- | refuse-chap | + | require-mppe-128 |
- | refuse-mschap | + | nomppe-40 |
- | require-mppe | + | noauth |
- | nomppe-stateful | + | nodetach |
- | require-mppe-128 | + | lock |
- | nomppe-40 | + | bsdcomp 9,15 |
- | noauth | + | deflate 9,15 |
- | nodetach | + | idle 0 |
- | lock | + | |
- | bsdcomp 9,15 | + | |
- | deflate 9,15 | + | |
- | idle 0 | + | |
</ | </ | ||
- | + | - Save the file. | |
- | |**3**|Save the file.| | + | |
- | |**4**|Edit / | + | |
- | |**5**|Make sure a specific route to the VPN exists. Run ' | + | |
- | |**6**|Enter ' | + | |
- | |**7**|Open another terminal. Enter ' | + | |
- | + | # | |
- | Alternatively to steps 5 and 6, you might use a wrapper script like this: | + | SDFVPNHOST=**// |
- | + | RT=`ip route get $SDFVPNHOST | head -1` | |
- | < | + | DEV=`echo $RT | awk ' |
- | + | VIA=`echo $RT | awk ' | |
- | | + | ip route add $SDFVPNHOST via $VIA dev $DEV |
- | SDFVPNHOST=**// | + | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | RT=`ip route get $SDFVPNHOST | head -1` | + | pppd call sdfpptp |
- | DEV=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV |
- | VIA=`echo $RT | awk ' | + | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun |
- | ip route add $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
- | pppd call sdfpptp | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
</ | </ | ||
- | + | * This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | |
- | This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | + | |
==== GUI Setup With NetworkManager ==== | ==== GUI Setup With NetworkManager ==== | ||
Line 209: | Line 197: | ||
{{ : | {{ : | ||
- | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]): | + | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setting_it_up|from when you ran setvpn]]): |
{{ : | {{ : | ||
Line 235: | Line 223: | ||
For this setup you'll need to install the following kernel module packages: // | For this setup you'll need to install the following kernel module packages: // | ||
- | |**1**|Login to your OpenWRT device via SSH.| | + | - Login to your OpenWRT device via SSH. |
- | |**2**|Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp// | + | |
- | |**3**|Open /// | + | |
- | + | ||
- | < | + | |
#### VPN configuration | #### VPN configuration | ||
config ' | config ' | ||
Line 250: | Line 235: | ||
option ' | option ' | ||
option ' | option ' | ||
- | |||
</ | </ | ||
- | + | - Open /// | |
- | |**4**|Open /// | + | |
- | + | ||
- | < | + | |
noipdefault | noipdefault | ||
nodefaultroute | nodefaultroute | ||
Line 272: | Line 252: | ||
deflate 9,15 | deflate 9,15 | ||
idle 0 | idle 0 | ||
- | |||
</ | </ | ||
- | + | - Restart networking to connect to the VPN: /// | |
- | |**5**|Restart networking to connect to the VPN: /// | + | |
- | |**6**|If everything worked correctly, the // | + | |
- | + | ||
- | < | + | |
pptp-vpn | pptp-vpn | ||
inet addr: | inet addr: | ||
Line 287: | Line 262: | ||
collisions: | collisions: | ||
RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) | RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B) | ||
- | |||
</ | </ | ||
- | + | - Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#connecting_in_linux|Linux]]. | |
- | |**7**|Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#linux|Linux]].| | + | |
==== PPTP Userspace Utility ==== | ==== PPTP Userspace Utility ==== | ||
Line 296: | Line 269: | ||
- Login to your OpenWRT device via SSH. | - Login to your OpenWRT device via SSH. | ||
- Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | - Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe// | ||
- | - Follow the [[#linux|Linux]] directions above like normal. | + | - Follow the [[#connecting_in_linux|Linux]] directions above like normal. |
- If you are still having trouble, look over the official OpenWRT documentation found here: http:// | - If you are still having trouble, look over the official OpenWRT documentation found here: http:// | ||
===== Connecting in FreeBSD ===== | ===== Connecting in FreeBSD ===== | ||
- | * Install mpd4 from ports or packages. | + | * Install |
- | * Add the following section to your / | + | * Add the following section to your '' |
- | + | ||
- | < | + | |
sdfvpn: | sdfvpn: | ||
new -i ng1 sdfvpn sdfvpn | new -i ng1 sdfvpn sdfvpn | ||
Line 337: | Line 307: | ||
set ccp yes mpp-stateless | set ccp yes mpp-stateless | ||
open | open | ||
- | |||
</ | </ | ||
- | |||
* You will have to replace three (3) things in this config: | * You will have to replace three (3) things in this config: | ||
- Your USERNAME | - Your USERNAME | ||
Line 345: | Line 313: | ||
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. | ||
- | * Add this in your / | + | * Add this in your / |
- | + | ||
- | < | + | |
sdfvpn: | sdfvpn: | ||
set link type pptp | set link type pptp | ||
Line 354: | Line 319: | ||
set pptp enable originate outcall | set pptp enable originate outcall | ||
set pptp disable incoming | set pptp disable incoming | ||
- | |||
</ | </ | ||
- | |||
* You will have to replace one (1) thing in this config: | * You will have to replace one (1) thing in this config: | ||
- | - The public address of SDF's VPN host. You can get this by running setvpn at the shell. | + | - The public address of SDF's VPN host. You can get this by running |
- | * Now, as root, run mpd4 sdfvpn. | + | * Now, as root, run '' |
* You should now be connected to SDF over a layer 3 tunnel across the Internet. | * You should now be connected to SDF over a layer 3 tunnel across the Internet. | ||
* Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel. | * Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel. | ||
Line 400: | Line 363: | ||
[[http:// | [[http:// | ||
- | |**1**|Open Viscosity' | + | - Open Viscosity' |
- | |**2**|Create a new connection| | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**3**|In the New Connection window,| | + | |
- | + | | |
- | * Give your connection a name | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | | |
- | {{: | + | |
- | + | | |
- | |**4**|Move on to the Authentication tab| | + | |
- | + | | |
- | * You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk. | + | |
- | | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | |**5**|Now move to the Options tab| | + | |
- | |**6**|Set LZO Compression to **On** or **On (Adaptive)**| | + | |
- | + | ||
- | {{: | + | |
That's it! Hit Save, and you're ready to roll securely through the SDF VPN. | That's it! Hit Save, and you're ready to roll securely through the SDF VPN. |
sdf_s_vpn_servers.txt · Last modified: 2021/03/21 00:29 by hc9