Updated tutorial

Dennis Schwerdel 2016-08-12 10:07:02 +02:00
parent ba26f3a5f8
commit 2b6a086993
3 changed files with 42 additions and 18 deletions

@ -1,12 +1,11 @@
## Goals ## Scenario
* Connect several single nodes via a VPN ![imgs/point_to_point_scenario.png](Point to point scenario)
* Nodes should be able to reach each others even through NATs
* Traffic should be secured with a password Three single nodes should be connected via a secure VPN. `node1` and `node3` have fixed addresses but `node2` has a dynamic address that changes regularly.
* Nodes should be accessible by IP addresses and names like `NODE.myvpn`
## Preparations #### Note
To be able to set up the VPN, at least one node needs to be reachable by an To be able to set up the VPN, at least one node needs to have a be reachable by an
unchanging address of hostname. This is normally not the case with common unchanging address of hostname. This is normally not the case with common
DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for
a solution. a solution.
@ -16,9 +15,9 @@ a solution.
The actual VpnCloud setup is pretty simple. The actual VpnCloud setup is pretty simple.
A new network config in `/etc/vpncloud` has to be created on each node. A new network config in `/etc/vpncloud` has to be created on each node.
There is an example file to start with in `/etc/vpncloud/example.net`. There is an example file in `/etc/vpncloud/example.net.disabled` that explains all the parameters.
$> sudo cp /etc/vpncloud/example.net /etc/vpncloud/mynet.net $> sudo cp /etc/vpncloud/example.net.disabled /etc/vpncloud/mynet.net
Now that file has to edited to change a few values: Now that file has to edited to change a few values:
@ -26,21 +25,38 @@ Now that file has to edited to change a few values:
The following values have to be modified: The following values have to be modified:
- **PEERS**: This is a list of all peers that this node should connect to. - **peers**: This is a list of all peers that this node should connect to.
Only unchanging addresses can be used here. Several addresses can be appended Only unchanging addresses can be used here.
and separated by spaces like `"node1.dyndns.org:3210 node2.dyndns.org:3210"`.
All nodes that have an unchanging address should be listed here.
- **SHARED_KEY**: This is a shared password for all nodes that secures the - **shared_key**: This is a shared password for all nodes that secures the
communication. It must be the same on all nodes and of course it should be a communication. It must be the same on all nodes and of course it should be a
strong password. strong password.
- **IFUP**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for - **ifup**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for
every node. It is good idea to use incrementing numbers here and to track the every node. It is good idea to use incrementing numbers here and to track the
assigned numbers and nodes in a list. assigned numbers and nodes in a list.
- **ENABLED**: This needs to be set to `1` when everything is finished so the This leads to the following configuration files:
network is started automatically.
#### Node1
peers:
- node3.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.1/24 mtu 1400"
#### Node2
peers:
- node1.example.com
- node3.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.2/24 mtu 1400"
#### Node3
peers:
- node1.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.3/24 mtu 1400"
After the config file has been set up correctly, VpnCloud needs to be restarted: After the config file has been set up correctly, VpnCloud needs to be restarted:
@ -48,8 +64,16 @@ After the config file has been set up correctly, VpnCloud needs to be restarted:
If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes. If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes.
## Testing the network ## Testing the network
When everything has been setup properly, the connection can be checked using the When everything has been setup properly, the connection can be checked using the
`ping` command: `ping` command:
$> ping NAME.myvpn $node1> ping 10.0.0.2
$node2> ping 10.0.0.3
$node3> ping 10.0.0.1
## Advanced settings
- **crypto**: This setting defines the used encryption method. Options are `chacha20` (the default) and `aes256`. Both are pretty secure but `aes256` is only supported on newer CPUs (check support with `vpncloud -V`). If all nodes support `aes256` the method can be changed and might bring some speed improvements.
- **magic**: This setting can be changed to hide the protocol header and make VpnCloud undetectable. This setting must be the same on all nodes.

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB