mirror of https://github.com/dswd/vpncloud.git
Updated tutorial
Dennis Schwerdel
parent
ba26f3a5f8
commit
2b6a086993
|
|
@ -1,12 +1,11 @@
|
||||||
## Goals
|
## Scenario
|
||||||
* Connect several single nodes via a VPN
|
|
||||||
* Nodes should be able to reach each others even through NATs
|
|
||||||
* Traffic should be secured with a password
|
Three single nodes should be connected via a secure VPN. `node1` and `node3` have fixed addresses but `node2` has a dynamic address that changes regularly.
|
||||||
* Nodes should be accessible by IP addresses and names like `NODE.myvpn`
|
|
||||||
|
|
||||||
|
|
||||||
## Preparations
|
#### Note
|
||||||
To be able to set up the VPN, at least one node needs to be reachable by an
|
To be able to set up the VPN, at least one node needs to have a be reachable by an
|
||||||
unchanging address of hostname. This is normally not the case with common
|
unchanging address of hostname. This is normally not the case with common
|
||||||
DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for
|
DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for
|
||||||
a solution.
|
a solution.
|
||||||
|
|
@ -16,9 +15,9 @@ a solution.
|
||||||
The actual VpnCloud setup is pretty simple.
|
The actual VpnCloud setup is pretty simple.
|
||||||
|
|
||||||
A new network config in `/etc/vpncloud` has to be created on each node.
|
A new network config in `/etc/vpncloud` has to be created on each node.
|
||||||
There is an example file to start with in `/etc/vpncloud/example.net`.
|
There is an example file in `/etc/vpncloud/example.net.disabled` that explains all the parameters.
|
||||||
|
|
||||||
$> sudo cp /etc/vpncloud/example.net /etc/vpncloud/mynet.net
|
$> sudo cp /etc/vpncloud/example.net.disabled /etc/vpncloud/mynet.net
|
||||||
|
|
||||||
Now that file has to edited to change a few values:
|
Now that file has to edited to change a few values:
|
||||||
|
|
||||||
|
|
@ -26,21 +25,38 @@ Now that file has to edited to change a few values:
|
||||||
|
|
||||||
The following values have to be modified:
|
The following values have to be modified:
|
||||||
|
|
||||||
- **PEERS**: This is a list of all peers that this node should connect to.
|
- **peers**: This is a list of all peers that this node should connect to.
|
||||||
Only unchanging addresses can be used here. Several addresses can be appended
|
Only unchanging addresses can be used here.
|
||||||
and separated by spaces like `"node1.dyndns.org:3210 node2.dyndns.org:3210"`.
|
|
||||||
All nodes that have an unchanging address should be listed here.
|
|
||||||
|
|
||||||
- **SHARED_KEY**: This is a shared password for all nodes that secures the
|
- **shared_key**: This is a shared password for all nodes that secures the
|
||||||
communication. It must be the same on all nodes and of course it should be a
|
communication. It must be the same on all nodes and of course it should be a
|
||||||
strong password.
|
strong password.
|
||||||
|
|
||||||
- **IFUP**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for
|
- **ifup**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for
|
||||||
every node. It is good idea to use incrementing numbers here and to track the
|
every node. It is good idea to use incrementing numbers here and to track the
|
||||||
assigned numbers and nodes in a list.
|
assigned numbers and nodes in a list.
|
||||||
|
|
||||||
- **ENABLED**: This needs to be set to `1` when everything is finished so the
|
This leads to the following configuration files:
|
||||||
network is started automatically.
|
|
||||||
|
#### Node1
|
||||||
|
peers:
|
||||||
|
- node3.example.com
|
||||||
|
shared_key: "mysupersecretkey"
|
||||||
|
ifup: "ifconfig $IFNAME 10.0.0.1/24 mtu 1400"
|
||||||
|
|
||||||
|
#### Node2
|
||||||
|
peers:
|
||||||
|
- node1.example.com
|
||||||
|
- node3.example.com
|
||||||
|
shared_key: "mysupersecretkey"
|
||||||
|
ifup: "ifconfig $IFNAME 10.0.0.2/24 mtu 1400"
|
||||||
|
|
||||||
|
#### Node3
|
||||||
|
peers:
|
||||||
|
- node1.example.com
|
||||||
|
shared_key: "mysupersecretkey"
|
||||||
|
ifup: "ifconfig $IFNAME 10.0.0.3/24 mtu 1400"
|
||||||
|
|
||||||
|
|
||||||
After the config file has been set up correctly, VpnCloud needs to be restarted:
|
After the config file has been set up correctly, VpnCloud needs to be restarted:
|
||||||
|
|
||||||
|
|
@ -48,8 +64,16 @@ After the config file has been set up correctly, VpnCloud needs to be restarted:
|
||||||
|
|
||||||
If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes.
|
If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes.
|
||||||
|
|
||||||
|
|
||||||
## Testing the network
|
## Testing the network
|
||||||
When everything has been setup properly, the connection can be checked using the
|
When everything has been setup properly, the connection can be checked using the
|
||||||
`ping` command:
|
`ping` command:
|
||||||
|
|
||||||
$> ping NAME.myvpn
|
$node1> ping 10.0.0.2
|
||||||
|
$node2> ping 10.0.0.3
|
||||||
|
$node3> ping 10.0.0.1
|
||||||
|
|
||||||
|
|
||||||
|
## Advanced settings
|
||||||
|
- **crypto**: This setting defines the used encryption method. Options are `chacha20` (the default) and `aes256`. Both are pretty secure but `aes256` is only supported on newer CPUs (check support with `vpncloud -V`). If all nodes support `aes256` the method can be changed and might bring some speed improvements.
|
||||||
|
- **magic**: This setting can be changed to hide the protocol header and make VpnCloud undetectable. This setting must be the same on all nodes.
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
Loading…
Reference in New Issue