dswd
/
vpncloud
mirror of https://github.com/dswd/vpncloud.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Point to Point Tutorial (markdown)

dswd 2019-01-04 08:55:03 +01:00
parent 7c0c4f712a
commit ab18a63f3a
1 changed files with 1 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
Point-to-Point-Tutorial.md

@ -1,79 +1 @@
## Scenario
![Point to point scenario](imgs/point_to_point_scenario.png)
Three single nodes should be connected via a secure VPN. `node1` and `node3` have fixed addresses but `node2` has a dynamic address that changes regularly.
#### Note
To be able to set up the VPN, at least one node needs to have a be reachable by an
unchanging address of hostname. This is normally not the case with common
DSL uplinks (they change addresses every day). Please see [[Dynamic DNS]] for
a solution.
## Setup
The actual VpnCloud setup is pretty simple.
A new network config in `/etc/vpncloud` has to be created on each node.
There is an example file in `/etc/vpncloud/example.net.disabled` that explains all the parameters.
$> sudo cp /etc/vpncloud/example.net.disabled /etc/vpncloud/mynet.net
Now that file has to edited to change a few values:
$> sudo nano /etc/vpncloud/mynet.net
The following values have to be modified:
- **peers**: This is a list of all peers that this node should connect to.
Only unchanging addresses can be used here.
- **shared_key**: This is a shared password for all nodes that secures the
communication. It must be the same on all nodes and of course it should be a
strong password.
- **ifup**: `ifconfig $IFNAME 10.0.0.X/24 mtu 1400` where `X` is different for
every node. It is good idea to use incrementing numbers here and to track the
assigned numbers and nodes in a list.
This leads to the following configuration files:
#### Node1
peers:
- node3.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.1/24 mtu 1400"
#### Node2
peers:
- node1.example.com
- node3.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.2/24 mtu 1400"
#### Node3
peers:
- node1.example.com
shared_key: "mysupersecretkey"
ifup: "ifconfig $IFNAME 10.0.0.3/24 mtu 1400"
After the config file has been set up correctly, VpnCloud needs to be started:
$> sudo service vpncloud@mynet start
If you want to, you can [[associate names with the nodes|Naming Hosts]]. Please note that this procedure has to be done on all nodes.
## Testing the network
When everything has been setup properly, the connection can be checked using the
`ping` command:
$node1> ping 10.0.0.2
$node2> ping 10.0.0.3
$node3> ping 10.0.0.1
## Advanced settings
- **crypto**: This setting defines the used encryption method. Options are `chacha20` (the default) and `aes256`. Both are pretty secure but `aes256` is only supported on newer CPUs (check support with `vpncloud -V`). If all nodes support `aes256` the method can be changed and might bring some speed improvements.
- **magic**: This setting can be changed to hide the protocol header and make VpnCloud undetectable. This setting must be the same on all nodes.
Please see https://vpncloud.ddswd.de/usage/tutorial-point-to-point/