diff --git a/Point-to-Point-Tutorial.md b/Point-to-Point-Tutorial.md index 48c95ec..a45c353 100644 --- a/Point-to-Point-Tutorial.md +++ b/Point-to-Point-Tutorial.md @@ -1,79 +1 @@ -## Scenario -![Point to point scenario](imgs/point_to_point_scenario.png) - -Three single nodes should be connected via a secure VPN. `node1` and `node3` have fixed addresses but `node2` has a dynamic address that changes regularly. - - -#### Note -To be able to set up the VPN, at least one node needs to have a be reachable by an -unchanging address of hostname. This is normally not the case with common -DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for -a solution. - - -## Setup -The actual VpnCloud setup is pretty simple. - -A new network config in `/etc/vpncloud` has to be created on each node. -There is an example file in `/etc/vpncloud/example.net.disabled` that explains all the parameters. - - $> sudo cp /etc/vpncloud/example.net.disabled /etc/vpncloud/mynet.net - -Now that file has to edited to change a few values: - - $> sudo nano /etc/vpncloud/mynet.net - -The following values have to be modified: - -- **peers**: This is a list of all peers that this node should connect to. - Only unchanging addresses can be used here. - -- **shared_key**: This is a shared password for all nodes that secures the - communication. It must be the same on all nodes and of course it should be a - strong password. - -- **ifup**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for - every node. It is good idea to use incrementing numbers here and to track the - assigned numbers and nodes in a list. - -This leads to the following configuration files: - -#### Node1 - peers: - - node3.example.com - shared_key: "mysupersecretkey" - ifup: "ifconfig $IFNAME 10.0.0.1/24 mtu 1400" - -#### Node2 - peers: - - node1.example.com - - node3.example.com - shared_key: "mysupersecretkey" - ifup: "ifconfig $IFNAME 10.0.0.2/24 mtu 1400" - -#### Node3 - peers: - - node1.example.com - shared_key: "mysupersecretkey" - ifup: "ifconfig $IFNAME 10.0.0.3/24 mtu 1400" - - -After the config file has been set up correctly, VpnCloud needs to be started: - - $> sudo service vpncloud@mynet start - -If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes. - - -## Testing the network -When everything has been setup properly, the connection can be checked using the -`ping` command: - - $node1> ping 10.0.0.2 - $node2> ping 10.0.0.3 - $node3> ping 10.0.0.1 - - -## Advanced settings -- **crypto**: This setting defines the used encryption method. Options are `chacha20` (the default) and `aes256`. Both are pretty secure but `aes256` is only supported on newer CPUs (check support with `vpncloud -V`). If all nodes support `aes256` the method can be changed and might bring some speed improvements. -- **magic**: This setting can be changed to hide the protocol header and make VpnCloud undetectable. This setting must be the same on all nodes. +Please see https://vpncloud.ddswd.de/usage/tutorial-point-to-point/ \ No newline at end of file