Debian jessie lxc vpn: Unterschied zwischen den Versionen
Aus Vosp.info
V (Diskussion | Beiträge) |
V (Diskussion | Beiträge) |
||
| Zeile 12: | Zeile 12: | ||
vim /etc/sysctl.conf | vim /etc/sysctl.conf | ||
net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
| + | ufw allow 1194/udp | ||
== packete installieren== | == packete installieren== | ||
apt-get install openvpn | apt-get install openvpn | ||
| + | |||
| + | apt-get install ufw | ||
| + | ufw allow ssh | ||
| + | |||
| + | |||
| + | vim /etc/default/ufw | ||
| + | DEFAULT_FORWARD_POLICY="ACCEPT" | ||
| + | |||
| + | vim /etc/ufw/before.rules (vor Zeile # Don't delete these required lines, otherwise there will be errors) | ||
| + | |||
| + | <source lang="bash"> | ||
| + | # START OPENVPN RULES | ||
| + | # NAT table rules | ||
| + | *nat | ||
| + | :POSTROUTING ACCEPT [0:0] | ||
| + | # Allow traffic from OpenVPN client to eth0 | ||
| + | -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE | ||
| + | COMMIT | ||
| + | # END OPENVPN RULES | ||
| + | |||
| + | |||
| + | |||
| + | # Don't delete these required lines, otherwise there will be errors | ||
| + | *filter | ||
| + | |||
| + | </source> | ||
| + | |||
| + | |||
| + | cp -r /usr/share/easy-rsa/ /etc/openvpn | ||
| + | |||
| + | mkdir /etc/openvpn/easy-rsa/keys | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| − | |||
| − | |||
| − | |||
./build-ca | ./build-ca | ||
./clean-all | ./clean-all | ||
Version vom 9. Dezember 2015, 20:38 Uhr
im container
mdir /dev/net mknod /dev/net/tun c 10 200 chmod 0666 /dev/net/tun apt-get install openvpn
echo 1 > /proc/sys/net/ipv4/ip_forward vim /etc/sysctl.conf net.ipv4.ip_forward=1 ufw allow 1194/udp
packete installieren
apt-get install openvpn
apt-get install ufw ufw allow ssh
vim /etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT"
vim /etc/ufw/before.rules (vor Zeile # Don't delete these required lines, otherwise there will be errors)
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
# Don't delete these required lines, otherwise there will be errors
*filter
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys cd /etc/openvpn/easy-rsa
./build-ca ./clean-all
./build-key-server server
vim /etc/openvpn/easy-rsa/keys/clientname.ovpn
remote your_server_ip 1194
#und am Ende einfügen:
<ca>
{Inhalt aus ca.crt}
</ca>
<cert>
{Inhalt aus clientname.crt}
</cert>
<key>
{Inhalt aus clientname.key}
</key>
