Debian jessie lxc vpn: Unterschied zwischen den Versionen
Aus Vosp.info
V (Diskussion | Beiträge) |
V (Diskussion | Beiträge) (→nach jedem neustart ausführen) |
||
(6 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 2: | Zeile 2: | ||
+ | = nach jedem neustart ausführen = | ||
+ | /usr/local/bin/startvpn.sh (liegt bei un in lxc benötigte verzeichnisse an und startet vpn) | ||
+ | =Im bestehenden Container Ip ändern (nach umzug) = | ||
+ | |||
+ | == Ip anpassen == | ||
+ | /root/client.ovpn | ||
+ | remote 144.76.xxx.xxx 1194 | ||
+ | |||
+ | |||
+ | vim /etc/openvpn/server.conf | ||
+ | local 144.76.xxx.xxx | ||
+ | |||
+ | |||
+ | == alten kram löschen== | ||
+ | |||
+ | cd /etc/openvpn/easy-rsa | ||
+ | . ./vars | ||
+ | ./clean-all | ||
+ | ./build-ca | ||
+ | ./build-key-server server | ||
+ | cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn | ||
+ | cp /root/client.ovpn /etc/openvpn/easy-rsa/keys/ | ||
+ | |||
+ | |||
+ | == neue user anlegen == | ||
+ | /root//createovpn.sh testuser | ||
+ | |||
+ | |||
+ | |||
+ | = und mit neuem container = | ||
+ | diese Anleitung funzt: | ||
+ | https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8 | ||
+ | |||
+ | |||
+ | |||
+ | = funzt im zweifel nicht lieber Anleitung im link folgen= | ||
== im container == | == im container == | ||
mdir /dev/net | mdir /dev/net | ||
Zeile 8: | Zeile 44: | ||
chmod 0666 /dev/net/tun | chmod 0666 /dev/net/tun | ||
apt-get install openvpn | apt-get install openvpn | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
+ | vim /etc/sysctl.conf | ||
+ | net.ipv4.ip_forward=1 | ||
+ | |||
+ | |||
+ | |||
== packete installieren== | == packete installieren== | ||
apt-get install openvpn | apt-get install openvpn | ||
+ | |||
+ | apt-get install ufw | ||
+ | ufw allow ssh | ||
+ | ufw allow 1194/udp | ||
+ | |||
+ | vim /etc/default/ufw | ||
+ | DEFAULT_FORWARD_POLICY="ACCEPT" | ||
+ | |||
+ | vim /etc/ufw/before.rules (vor Zeile # Don't delete these required lines, otherwise there will be errors) | ||
+ | |||
+ | <source lang="bash"> | ||
+ | # START OPENVPN RULES | ||
+ | # NAT table rules | ||
+ | *nat | ||
+ | :POSTROUTING ACCEPT [0:0] | ||
+ | # Allow traffic from OpenVPN client to eth0 | ||
+ | -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE | ||
+ | COMMIT | ||
+ | # END OPENVPN RULES | ||
+ | |||
+ | |||
+ | |||
+ | # Don't delete these required lines, otherwise there will be errors | ||
+ | *filter | ||
+ | |||
+ | </source> | ||
+ | |||
+ | |||
+ | cp -r /usr/share/easy-rsa/ /etc/openvpn | ||
+ | |||
+ | mkdir /etc/openvpn/easy-rsa/keys | ||
+ | cd /etc/openvpn/easy-rsa | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
− | + | cd /etc/openvpn/easy-rsa | |
− | + | . ./vars | |
− | + | ./clean-all | |
− | ./build-ca | + | ./build-ca |
− | |||
./build-key-server server | ./build-key-server server | ||
Aktuelle Version vom 10. Dezember 2015, 10:15 Uhr
Inhaltsverzeichnis
nach jedem neustart ausführen
/usr/local/bin/startvpn.sh (liegt bei un in lxc benötigte verzeichnisse an und startet vpn)
Im bestehenden Container Ip ändern (nach umzug)
Ip anpassen
/root/client.ovpn remote 144.76.xxx.xxx 1194
vim /etc/openvpn/server.conf local 144.76.xxx.xxx
alten kram löschen
cd /etc/openvpn/easy-rsa . ./vars ./clean-all ./build-ca ./build-key-server server cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn cp /root/client.ovpn /etc/openvpn/easy-rsa/keys/
neue user anlegen
/root//createovpn.sh testuser
und mit neuem container
diese Anleitung funzt: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
funzt im zweifel nicht lieber Anleitung im link folgen
im container
mdir /dev/net mknod /dev/net/tun c 10 200 chmod 0666 /dev/net/tun apt-get install openvpn
echo 1 > /proc/sys/net/ipv4/ip_forward vim /etc/sysctl.conf net.ipv4.ip_forward=1
packete installieren
apt-get install openvpn
apt-get install ufw ufw allow ssh ufw allow 1194/udp
vim /etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT"
vim /etc/ufw/before.rules (vor Zeile # Don't delete these required lines, otherwise there will be errors)
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
# Don't delete these required lines, otherwise there will be errors
*filter
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys cd /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa . ./vars ./clean-all ./build-ca ./build-key-server server
vim /etc/openvpn/easy-rsa/keys/clientname.ovpn
remote your_server_ip 1194
#und am Ende einfügen:
<ca>
{Inhalt aus ca.crt}
</ca>
<cert>
{Inhalt aus clientname.crt}
</cert>
<key>
{Inhalt aus clientname.key}
</key>