Differences

This shows you the differences between two versions of the page.

--- sdf_s_vpn_servers [2021/03/18 02:53] – [Connecting in FreeBSD] hc9
+++ sdf_s_vpn_servers [2021/03/21 00:29] (current) – [Connecting in FreeBSD] hc9
@@ Line 78: / Line 78: @@
 <code>
-root@OpenWrt:~# opkg install openvpn
+  root@OpenWrt:~# opkg install openvpn
 </code>
@@ Line 137: / Line 137: @@
 ===== Connecting in Linux =====
-|**1**|Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.|
+  - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.
-|**2**|Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)|
+  - Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)
+    - Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell. <file config /etc/ppp/peers>
-Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell.
+remotename sdfpptp
+linkname sdfpptp
-<file config /etc/ppp/peers>
+ipparam sdfpptp
+pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd"
-  remotename sdfpptp
+name **//username//**
-  linkname sdfpptp
+refuse-eap
-  ipparam sdfpptp
+refuse-pap
-  pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd"
+refuse-chap
-  name **//username//**
+refuse-mschap
-  refuse-eap
+require-mppe
-  refuse-pap
+nomppe-stateful
-  refuse-chap
+require-mppe-128
-  refuse-mschap
+nomppe-40
-  require-mppe
+noauth
-  nomppe-stateful
+nodetach
-  require-mppe-128
+lock
-  nomppe-40
+bsdcomp 9,15
-  noauth
+deflate 9,15
-  nodetach
+idle 0
-  lock
-  bsdcomp 9,15
-  deflate 9,15
-  idle 0
 </file>
+  - Save the file.
-|**3**|Save the file.|
+  - Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.
-|**4**|Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.|
+  - Make sure a specific route to the VPN exists. Run '**sudo route add **//VPN-IP//** gw **//GW-IP//****' replacing **//VPN-IP//** with the IP address/hostname provided when running '**setvpn**', and replace **//GW-IP//** with your gateway IP address. If you do not know the IP address of your gateway, enter '**route**'. It is the gateway IP next to the destination **default**.
-|**5**|Make sure a specific route to the VPN exists. Run '**sudo route add **//VPN-IP//** gw **//GW-IP//****' replacing **//VPN-IP//** with the IP address/hostname provided when running '**setvpn**', and replace **//GW-IP//** with your gateway IP address. If you do not know the IP address of your gateway, enter '**route**'. It is the gateway IP next to the destination **default**.|
+  - Enter '**sudo pppd call sdfpptp**' into a terminal. Wait for it to show the local and remote IP addresses. You should now be connected. Do not close the terminal until you are ready to disconnect.
-|**6**|Enter '**sudo pppd call sdfpptp**' into a terminal. Wait for it to show the local and remote IP addresses. You should now be connected. Do not close the terminal until you are ready to disconnect.|
+  - Open another terminal. Enter '**sudo route add -net 192.94.73.0/24 dev ppp0**'. This will route all your connections to SDF through the VPN.
-|**7**|Open another terminal. Enter '**sudo route add -net 192.94.73.0/24 dev ppp0**'. This will route all your connections to SDF through the VPN.|
+    - Alternatively to steps 5 and 6, you might use a wrapper script like this: <code>
+#!/bin/bash
-Alternatively to steps 5 and 6, you might use a wrapper script like this:
+SDFVPNHOST=**//IP Address//**
+RT=`ip route get $SDFVPNHOST | head -1`
-<code>
+DEV=`echo $RT | awk '{while ($num != "dev") {num++}{print $(num+1)}}'`
+VIA=`echo $RT | awk '{while ($num != "via") {num++}{print $(num+1)}}'`
-  #!/bin/bash
+ip route add $SDFVPNHOST via $VIA dev $DEV
-  SDFVPNHOST=**//IP Address//**
+ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun
-  RT=`ip route get $SDFVPNHOST | head -1`
+pppd call sdfpptp
-  DEV=`echo $RT | awk '{while ($num != "dev") {num++}{print $(num+1)}}'`
+ip route del $SDFVPNHOST via $VIA dev $DEV
-  VIA=`echo $RT | awk '{while ($num != "via") {num++}{print $(num+1)}}'`
+ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
-  ip route add $SDFVPNHOST via $VIA dev $DEV
-  ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun
-  pppd call sdfpptp
-  ip route del $SDFVPNHOST via $VIA dev $DEV
-  ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
 </code>
+  * This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".
-This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".
 ==== GUI Setup With NetworkManager ====
@@ Line 209: / Line 197: @@
 {{ :sdf_s_vpn_servers:vpn4.png?nolink |}}
-Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):
+Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setting_it_up|from when you ran setvpn]]):
 {{ :sdf_s_vpn_servers:vpn2.png?nolink |}}
@@ Line 223: / Line 211: @@
 If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted.
-{{tutorials/images/vpn5.png|Network Manager Settings - Add Routes}}
 {{ :sdf_s_vpn_servers:vpn5.png?nolink |}}
 ===== Connecting in OpenWRT =====
@@ Line 235: / Line 223: @@
 For this setup you'll need to install the following kernel module packages: //kmod-pptp//, //kmod-mppe//.
-|**1**|Login to your OpenWRT device via SSH.|
+  - Login to your OpenWRT device via SSH.
-|**2**|Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp//|
+  - Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp//
-|**3**|Open ///etc/config/network// with the editor of your choice. Example: //vi /etc/config/network//. Add the following lines to the end of the file: (change USERNAME to your SDF Username, and the values PASSWORD and SDF.VPN.IP.ADDRESS to thoes set in the //setvpn// command.|
+  - Open ///etc/config/network// with the editor of your choice. Example: //vi /etc/config/network//. Add the following lines to the end of the file: (change USERNAME to your SDF Username, and the values PASSWORD and SDF.VPN.IP.ADDRESS to thoes set in the //setvpn// command. <code>
-<code>
   #### VPN configuration
   config 'interface' 'vpn'
@@ Line 250: / Line 235: @@
   option 'buffering'      '1'
   option 'defaultroute'   '0'
 </code>
+  - Open ///etc/ppp/options.pptp// with the editor of your choice. Example: //vi /etc/ppp/options.pptp//. Add the following lines to the end of the file (the //plugin// may need to be changed to match your system): <code>
-|**4**|Open ///etc/ppp/options.pptp// with the editor of your choice. Example: //vi /etc/ppp/options.pptp//. Add the following lines to the end of the file (the //plugin// may need to be changed to match your system):|
-<code>
   noipdefault
   nodefaultroute
@@ Line 272: / Line 252: @@
   deflate 9,15
   idle 0
 </code>
+  - Restart networking to connect to the VPN: ///etc/init.d/networking restart//.
-|**5**|Restart networking to connect to the VPN: ///etc/init.d/networking restart//.|
+  - If everything worked correctly, the //ifconfig// command should display a new interface named //pptp-vpn// looking something like this: <code>
-|**6**|If everything worked correctly, the //ifconfig// command should display a new interface named //pptp-vpn// looking something like this:|
-<code>
   pptp-vpn  Link encap:Point-to-Point Protocol
           inet addr:192.94.73.44  P-t-P:192.94.73.25  Mask:255.255.255.255
@@ Line 287: / Line 262: @@
           collisions:0 txqueuelen:3
           RX bytes:1159 (1.1 KiB)  TX bytes:128 (128.0 B)
 </code>
+  - Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#connecting_in_linux|Linux]].
-|**7**|Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#linux|Linux]].|
 ==== PPTP Userspace Utility ====
@@ Line 296: / Line 269: @@
   - Login to your OpenWRT device via SSH.
   - Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe//
-  - Follow the [[#linux|Linux]] directions above like normal.
+  - Follow the [[#connecting_in_linux|Linux]] directions above like normal.
   - If you are still having trouble, look over the official OpenWRT documentation found here: http://wiki.openwrt.org/doc/howto/vpn.client.pptp
 ===== Connecting in FreeBSD =====
-  * Install mpd4 from ports or packages.
+  * Install ''mpd4'' from ports or packages.
-  * Add the following section to your /usr/local/etc/mpd4/mpd4.conf:
+  * Add the following section to your ''/usr/local/etc/mpd4/mpd4.conf'': <code>
-<code>
   sdfvpn:
           new -i ng1 sdfvpn sdfvpn
@@ Line 337: / Line 307: @@
           set ccp yes mpp-stateless
           open
 </code>
   * You will have to replace three (3) things in this config:
     - Your USERNAME
     - Your PASSWORD
-    - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.
+    - The local address of SDF's VPN host. This can be found in ''/etc/hosts'' on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.
-  * Add this in your /usr/local/etc/mpd4/mpd4.links file:
-<code>
+  * Add this in your ''/usr/local/etc/mpd4/mpd4.links'' file: <code>
   sdfvpn:
           set link type pptp
@@ Line 354: / Line 319: @@
           set pptp enable originate outcall
           set pptp disable incoming
 </code>
   * You will have to replace one (1) thing in this config:
-    - The public address of SDF's VPN host. You can get this by running setvpn at the shell.
+    - The public address of SDF's VPN host. You can get this by running ''setvpn'' at the shell.
-  * Now, as root, run mpd4 sdfvpn.
+  * Now, as root, run ''mpd4 sdfvpn''.
   * You should now be connected to SDF over a layer 3 tunnel across the Internet.
   * Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel.
@@ Line 400: / Line 363: @@
 [[http://www.sparklabs.com/viscosity/|Viscosity]] is an OpenVPN client for Mac and Windows
-|**1**|Open Viscosity's preferences window.|
+  - Open Viscosity's preferences window.
-|**2**|Create a new connection|
+  - Create a new connection
+    - {{:sdf_s_vpn_servers:viscosity1.png?nolink&500|}}
-{{:sdf_s_vpn_servers:viscosity1.png?nolink&500|}}
+  - In the New Connection window,
+    - Give your connection a name
-|**3**|In the New Connection window,|
+    - Enter the server IP you received via e-mail under **Remote Server**
+    - Make sure protocol is set to **tap** not **tun**
-  * Give your connection a name
+    - Uncheck **Enable DHCP**.
-  * Enter the server IP you received via e-mail under **Remote Server**
+    - {{:sdf_s_vpn_servers:viscosity2.png?nolink&500|}}
-  * Make sure protocol is set to **tap** not **tun**
+  - Move on to the Authentication tab|
-  * Uncheck **Enable DHCP**.
+    - You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk.
+    - Select the appropriate certificate or key for each of the three SLL file locations
-{{:sdf_s_vpn_servers:viscosity2.png?nolink&500|}}
+    - {{:sdf_s_vpn_servers:viscosity4.png?nolink&500|}}
+  - Now move to the Options tab
-|**4**|Move on to the Authentication tab|
+  - Set LZO Compression to **On** or **On (Adaptive)**
+    - {{:sdf_s_vpn_servers:viscosity5.png?nolink&500|}}
-  * You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk.
-  * Select the appropriate certificate or key for each of the three SLL file locations
-{{:sdf_s_vpn_servers:viscosity4.png?nolink&500|}}
-|**5**|Now move to the Options tab|
-|**6**|Set LZO Compression to **On** or **On (Adaptive)**|
-{{:sdf_s_vpn_servers:viscosity5.png?nolink&500|}}
 That's it! Hit Save, and you're ready to roll securely through the SDF VPN.