From 0782d408ab7ec793966ee768fed5f5c344e1f5a6 Mon Sep 17 00:00:00 2001 From: dswd Date: Mon, 30 May 2016 14:56:24 +0200 Subject: [PATCH] Created Point to Point Tutorial (markdown) --- Point-to-Point-Tutorial.md | 61 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 Point-to-Point-Tutorial.md diff --git a/Point-to-Point-Tutorial.md b/Point-to-Point-Tutorial.md new file mode 100644 index 0000000..39059a3 --- /dev/null +++ b/Point-to-Point-Tutorial.md @@ -0,0 +1,61 @@ +## Goals +* Connect several single nodes via a VPN +* Nodes should be able to reach each others even through NATs +* Traffic should be secured with a password +* Nodes should be accessible by IP addresses and names like `NODE.myvpn` + + +## Preparations +To be able to set up the VPN, at least one node needs to be reachable by an +unchanging address of hostname. This is normally not the case with common +DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for +a solution. + + +## Setup +The actual VpnCloud setup is pretty simple. + +A new network config in `/etc/vpncloud` has to be created on each node. +There is an example file to start with in `/etc/vpncloud/example.net`. + + $> sudo cp /etc/vpncloud/example.net /etc/vpncloud/mynet.net + +Now that file has to edited to change a few values: + + $> sudo nano /etc/vpncloud/mynet.net + +The following values have to be modified: + +- **PEERS**: This is a list of all peers that this node should connect to. + Only unchanging addresses can be used here. Several addresses can be appended + and separated by spaces like `"node1.dyndns.org:3210 node2.dyndns.org:3210"`. + All nodes that have an unchanging address should be listed here. + +- **SHARED_KEY**: This is a shared password for all nodes that secures the + communication. It must be the same on all nodes and of course it should be a + strong password. + +- **IFUP**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for + every node. It is good idea to use incrementing numbers here and to track the + assigned numbers and nodes in a list. + +- **ENABLED**: This needs to be set to `1` when everything is finished so the + network is started automatically. + +After the config file has been set up correctly, VpnCloud needs to be restarted: + + $> sudo /etc/init.d/vpncloud restart + +Finally, on each host the names of the nodes should by associated with their +address. This can be done by editing `/etc/hosts`: + + $> sudo nano /etc/hosts + +For each node a line with `NAME.myvpn 10.0.0.X` needs to be added. + + +## Testing the network +When everything has been setup properly, the connection can be checked using the +`ping` command: + + $> ping NAME.myvpn