OpenVPN » Historique » Version 14
Laurent GUERBY, 15/01/2013 20:57
1 | 3 | Laurent GUERBY | {{>toc}} |
---|---|---|---|
2 | 3 | Laurent GUERBY | |
3 | 1 | Laurent GUERBY | h1. OpenVPN |
4 | 1 | Laurent GUERBY | |
5 | 13 | Laurent GUERBY | h2. Port sharing |
6 | 12 | Laurent GUERBY | |
7 | 12 | Laurent GUERBY | Apache and nginx |
8 | 12 | Laurent GUERBY | http://www.davidwesterfield.net/2012/08/openvpn-sharing-a-tcp-port-with-ssl-on-nginx-and-apache-yeah-its-possible/ |
9 | 12 | Laurent GUERBY | |
10 | 12 | Laurent GUERBY | port-share 127.0.0.1 4443 |
11 | 12 | Laurent GUERBY | |
12 | 14 | Laurent GUERBY | http://www.greenie.net/ipv6/openvpn.html |
13 | 14 | Laurent GUERBY | https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 |
14 | 14 | Laurent GUERBY | |
15 | 9 | Laurent GUERBY | h2. Server |
16 | 1 | Laurent GUERBY | |
17 | 9 | Laurent GUERBY | <pre> |
18 | 9 | Laurent GUERBY | # cat /etc/default/openvpn |
19 | 9 | Laurent GUERBY | ... |
20 | 9 | Laurent GUERBY | AUTOSTART="ttnn-tap ttnn-tap6 ttnn-tap-tcp ttnn-tap-tcp6" |
21 | 9 | Laurent GUERBY | ... |
22 | 9 | Laurent GUERBY | # cat /etc/openvpn/ttnn-tap.conf |
23 | 9 | Laurent GUERBY | dev tap0udp |
24 | 9 | Laurent GUERBY | port 11195 |
25 | 9 | Laurent GUERBY | proto udp |
26 | 9 | Laurent GUERBY | |
27 | 9 | Laurent GUERBY | ca ttnn/ca.crt |
28 | 9 | Laurent GUERBY | cert ttnn/h1.crt |
29 | 9 | Laurent GUERBY | key ttnn/h1.key # This file should be kept secret |
30 | 9 | Laurent GUERBY | dh ttnn/dh1024.pem |
31 | 9 | Laurent GUERBY | |
32 | 9 | Laurent GUERBY | mode server |
33 | 9 | Laurent GUERBY | tls-server |
34 | 9 | Laurent GUERBY | |
35 | 9 | Laurent GUERBY | persist-key |
36 | 9 | Laurent GUERBY | persist-tun |
37 | 9 | Laurent GUERBY | |
38 | 9 | Laurent GUERBY | client-config-dir ccd |
39 | 9 | Laurent GUERBY | |
40 | 9 | Laurent GUERBY | client-to-client |
41 | 9 | Laurent GUERBY | comp-lzo yes |
42 | 9 | Laurent GUERBY | keepalive 10 60 |
43 | 9 | Laurent GUERBY | |
44 | 9 | Laurent GUERBY | verb 3 |
45 | 9 | Laurent GUERBY | log-append log/openvpn-tap.log |
46 | 9 | Laurent GUERBY | status status/openvpn-tap.txt |
47 | 9 | Laurent GUERBY | |
48 | 9 | Laurent GUERBY | # cat /etc/openvpn/ttnn-tap6.conf |
49 | 9 | Laurent GUERBY | dev tap6udp |
50 | 9 | Laurent GUERBY | port 11196 |
51 | 9 | Laurent GUERBY | proto udp6 |
52 | 9 | Laurent GUERBY | |
53 | 9 | Laurent GUERBY | ca ttnn/ca.crt |
54 | 9 | Laurent GUERBY | cert ttnn/h1.crt |
55 | 9 | Laurent GUERBY | key ttnn/h1.key # This file should be kept secret |
56 | 9 | Laurent GUERBY | dh ttnn/dh1024.pem |
57 | 9 | Laurent GUERBY | |
58 | 9 | Laurent GUERBY | mode server |
59 | 9 | Laurent GUERBY | tls-server |
60 | 9 | Laurent GUERBY | |
61 | 9 | Laurent GUERBY | persist-key |
62 | 9 | Laurent GUERBY | persist-tun |
63 | 9 | Laurent GUERBY | |
64 | 9 | Laurent GUERBY | client-config-dir ccd |
65 | 9 | Laurent GUERBY | |
66 | 9 | Laurent GUERBY | client-to-client |
67 | 9 | Laurent GUERBY | comp-lzo yes |
68 | 9 | Laurent GUERBY | keepalive 10 60 |
69 | 9 | Laurent GUERBY | |
70 | 9 | Laurent GUERBY | verb 3 |
71 | 9 | Laurent GUERBY | log-append log/openvpn-tap6.log |
72 | 9 | Laurent GUERBY | status status/openvpn-tap6.txt |
73 | 9 | Laurent GUERBY | |
74 | 9 | Laurent GUERBY | # cat /etc/openvpn/ttnn-tap-tcp.conf |
75 | 9 | Laurent GUERBY | dev tap0tcp |
76 | 9 | Laurent GUERBY | port 443 |
77 | 9 | Laurent GUERBY | proto tcp-server |
78 | 9 | Laurent GUERBY | |
79 | 9 | Laurent GUERBY | ca ttnn/ca.crt |
80 | 9 | Laurent GUERBY | cert ttnn/h1.crt |
81 | 9 | Laurent GUERBY | key ttnn/h1.key # This file should be kept secret |
82 | 9 | Laurent GUERBY | dh ttnn/dh1024.pem |
83 | 9 | Laurent GUERBY | |
84 | 9 | Laurent GUERBY | mode server |
85 | 9 | Laurent GUERBY | tls-server |
86 | 9 | Laurent GUERBY | |
87 | 9 | Laurent GUERBY | persist-key |
88 | 9 | Laurent GUERBY | persist-tun |
89 | 9 | Laurent GUERBY | |
90 | 9 | Laurent GUERBY | client-config-dir ccd |
91 | 9 | Laurent GUERBY | |
92 | 9 | Laurent GUERBY | client-to-client |
93 | 9 | Laurent GUERBY | comp-lzo yes |
94 | 9 | Laurent GUERBY | keepalive 10 60 |
95 | 9 | Laurent GUERBY | |
96 | 9 | Laurent GUERBY | verb 3 |
97 | 9 | Laurent GUERBY | log-append log/openvpn-tap-tcp.log |
98 | 9 | Laurent GUERBY | status status/openvpn-tap-tcp.txt |
99 | 9 | Laurent GUERBY | |
100 | 9 | Laurent GUERBY | # keys generated with id ip-X-Y-Z-T, files: |
101 | 9 | Laurent GUERBY | # ip-91-224-149-165.crt |
102 | 9 | Laurent GUERBY | # ip-91-224-149-165.csr |
103 | 9 | Laurent GUERBY | # ip-91-224-149-165.key |
104 | 9 | Laurent GUERBY | |
105 | 9 | Laurent GUERBY | # cat /etc/openvpn/ccd/ip-91-224-149-165 |
106 | 9 | Laurent GUERBY | ifconfig-push 91.224.149.165 255.255.255.0 |
107 | 9 | Laurent GUERBY | push "route-gateway 91.224.149.254" |
108 | 9 | Laurent GUERBY | push "redirect-gateway def1" |
109 | 9 | Laurent GUERBY | push "dhcp-option DNS 8.8.8.8" |
110 | 9 | Laurent GUERBY | |
111 | 9 | Laurent GUERBY | # bridge |
112 | 9 | Laurent GUERBY | brctl addbr br0 |
113 | 9 | Laurent GUERBY | brctl addif br0 eth0 |
114 | 9 | Laurent GUERBY | ip link set br0 up |
115 | 9 | Laurent GUERBY | ip link set br0 address 52:54:10:00:00:11 #force MAC to avoid MAC changes |
116 | 9 | Laurent GUERBY | |
117 | 1 | Laurent GUERBY | openvpn --mktun --dev tap0udp |
118 | 1 | Laurent GUERBY | openvpn --mktun --dev tap0tcp |
119 | 1 | Laurent GUERBY | openvpn --mktun --dev tap6udp |
120 | 1 | Laurent GUERBY | |
121 | 1 | Laurent GUERBY | brctl addif br0 tap0udp |
122 | 1 | Laurent GUERBY | ip link set tap0udp up |
123 | 1 | Laurent GUERBY | |
124 | 1 | Laurent GUERBY | brctl addif br0 tap0tcp |
125 | 1 | Laurent GUERBY | ip link set tap0tcp up |
126 | 1 | Laurent GUERBY | |
127 | 1 | Laurent GUERBY | brctl addif br0 tap6udp |
128 | 1 | Laurent GUERBY | ip link set tap6udp up |
129 | 1 | Laurent GUERBY | |
130 | 1 | Laurent GUERBY | </pre> |
131 | 1 | Laurent GUERBY | |
132 | 1 | Laurent GUERBY | Pour ignorer les push IP et route du serveur coté client openvpn il suffit de mettre "tls-client" a la place de "client" l'option --client est un raccourci pour --tls-client --pull et --pull est ce qui accepte les directives serveur. |
133 | 10 | Laurent GUERBY | |
134 | 10 | Laurent GUERBY | h2. Client |
135 | 10 | Laurent GUERBY | |
136 | 10 | Laurent GUERBY | |
137 | 10 | Laurent GUERBY | <pre> |
138 | 10 | Laurent GUERBY | # cat /etc/openvpn/ttnn.conf |
139 | 10 | Laurent GUERBY | client |
140 | 10 | Laurent GUERBY | dev tap |
141 | 10 | Laurent GUERBY | |
142 | 10 | Laurent GUERBY | ### from outside with UDP available |
143 | 10 | Laurent GUERBY | #proto udp |
144 | 10 | Laurent GUERBY | #remote openvpn.tetaneutral.net 11195 |
145 | 10 | Laurent GUERBY | |
146 | 10 | Laurent GUERBY | ### from outside with no UDP |
147 | 10 | Laurent GUERBY | proto tcp |
148 | 10 | Laurent GUERBY | remote openvpn.tetaneutral.net 443 |
149 | 10 | Laurent GUERBY | # 91.224.149.211 443 |
150 | 10 | Laurent GUERBY | |
151 | 10 | Laurent GUERBY | # from outside using IPv6 over UDP |
152 | 10 | Laurent GUERBY | #proto udp6 |
153 | 10 | Laurent GUERBY | #remote openvpn6.tetaneutral.net 11196 |
154 | 10 | Laurent GUERBY | |
155 | 10 | Laurent GUERBY | ca ttnn/ca.crt |
156 | 10 | Laurent GUERBY | cert ttnn/ip-91-224-149-165.crt |
157 | 10 | Laurent GUERBY | key ttnn/ip-91-224-149-165.key |
158 | 10 | Laurent GUERBY | |
159 | 10 | Laurent GUERBY | persist-key |
160 | 10 | Laurent GUERBY | persist-tun |
161 | 10 | Laurent GUERBY | |
162 | 10 | Laurent GUERBY | script-security 2 |
163 | 10 | Laurent GUERBY | |
164 | 10 | Laurent GUERBY | comp-lzo yes |
165 | 10 | Laurent GUERBY | keepalive 10 60 |
166 | 10 | Laurent GUERBY | |
167 | 10 | Laurent GUERBY | verb 3 |
168 | 10 | Laurent GUERBY | log-append log/openvpn.log |
169 | 10 | Laurent GUERBY | </pre> |
170 | 10 | Laurent GUERBY | |
171 | 10 | Laurent GUERBY | h2. point a point |
172 | 10 | Laurent GUERBY | |
173 | 10 | Laurent GUERBY | <pre> |
174 | 10 | Laurent GUERBY | openvpn --genkey --secret tst.key |
175 | 10 | Laurent GUERBY | |
176 | 10 | Laurent GUERBY | #server |
177 | 10 | Laurent GUERBY | openvpn --mktun --dev-type tap --dev taptst |
178 | 10 | Laurent GUERBY | ip link set taptst up |
179 | 10 | Laurent GUERBY | openvpn --dev-type tap --dev tapstg --comp-lzo yes --cipher none --proto udp --daemon --keepalive 10 30 --secret tst.key --port 1234 |
180 | 10 | Laurent GUERBY | |
181 | 10 | Laurent GUERBY | #client |
182 | 10 | Laurent GUERBY | openvpn --mktun --dev-type tap --dev taptst |
183 | 10 | Laurent GUERBY | ip link set taptst up |
184 | 10 | Laurent GUERBY | openvpn --dev-type tap --dev tapstg --comp-lzo yes --cipher none --proto udp --daemon --keepalive 10 30 --secret tst.key --remote A.B.C.D 1234 |
185 | 10 | Laurent GUERBY | </pre> |
186 | 3 | Laurent GUERBY | |
187 | 5 | Jocelyn Dealande | h2. Point-Ã -point avec routage d'un bloc d'IP. |
188 | 5 | Jocelyn Dealande | |
189 | 8 | Jocelyn Dealande | [[Partage ADSL OpenVPN]] |
190 | 5 | Jocelyn Dealande | |
191 | 3 | Laurent GUERBY | h2. Proxmox |
192 | 3 | Laurent GUERBY | |
193 | 3 | Laurent GUERBY | http://www.nedproductions.biz/wiki/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet |
194 | 4 | Laurent GUERBY | http://blog.developpeur-neurasthenique.fr/auto-hebergement-configurer-un-cluster-proxmox-2-sans-multicast.html |
195 | 11 | Laurent GUERBY | |
196 | 11 | Laurent GUERBY | h2. Links |
197 | 11 | Laurent GUERBY | |
198 | 11 | Laurent GUERBY | https://community.openvpn.net/openvpn/changeset/150fb45047c5482858b32a669de4097e66dec1c7 |
199 | 1 | Laurent GUERBY | "Allow 'lport 0' setup for random port binding" |
200 | 13 | Laurent GUERBY | |
201 | 13 | Laurent GUERBY | https://vador.fdn.fr/wiki/travaux:vpn_misc:doc#configurer_sa_machine_pour_utiliser_l_offre_vpn_de_fdn |