documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
| documentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:08] – [VPN with GRE, GIF, IPSec and OpenVPN] olivier | documentation:examples:gre_ipsec_and_openvpn [2020/06/29 16:47] – [VM4: OpenVPN client] olivier | ||
|---|---|---|---|
| Line 1054: | Line 1054: | ||
| passwd | passwd | ||
| </ | </ | ||
| - | ==== VM4: OpenVPN client ==== | ||
| - | As OpenVPN | + | Now Generate |
| - | * ca.crt | + | |
| - | * VM4.crt | + | |
| - | * VM4.key | + | |
| - | On this lab, scp can be used for getting these files: | ||
| < | < | ||
| - | mkdir / | + | echo '< |
| - | scp 10.0.23.2:/ | + | cat / |
| - | scp 10.0.23.2:/ | + | echo '</ |
| - | scp 10.0.23.2:/ | + | echo '< |
| + | cat / | ||
| + | echo '</ | ||
| + | echo '< | ||
| + | cat / | ||
| + | echo '</ | ||
| </ | </ | ||
| + | ==== VM4: OpenVPN client ==== | ||
| - | Configure openvpn as a client: | + | As OpenVPN |
| + | On this lab, scp can be used for getting these files: | ||
| < | < | ||
| - | cat > / | + | mkdir / |
| - | client | + | scp 10.0.23.2:/ |
| - | dev tun | + | |
| - | remote | + | |
| - | ca ca.crt | + | |
| - | cert VM4.crt | + | |
| - | key VM4.key | + | |
| - | ' | + | |
| </ | </ | ||
| + | |||
| Enable and start openvpn: | Enable and start openvpn: | ||
| Line 1160: | Line 1157: | ||
| 16: | 16: | ||
| 16: | 16: | ||
| + | </ | ||
| + | |||
| + | ===== Wireguard ===== | ||
| + | |||
| + | ==== Key pairs generation ==== | ||
| + | |||
| + | The first step is to generate a couple of private and public keys on each wireguard endpoint. | ||
| + | |||
| + | On VM2 and on VM4, generate the keys: | ||
| + | |||
| + | < | ||
| + | cd / | ||
| + | wg genkey > private | ||
| + | chmod 600 private | ||
| + | wg pubkey < private > public | ||
| + | </ | ||
| + | |||
| + | ==== Router 2 ==== | ||
| + | |||
| + | Display router 2 private key, and router 4 public key. | ||
| + | |||
| + | < | ||
| + | cat > / | ||
| + | [Interface] | ||
| + | PrivateKey = 8Og1cCmvirK+zcGus/ | ||
| + | ListenPort = 51820 | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g= | ||
| + | AllowedIPs = 10.0.45.0/ | ||
| + | Endpoint = 10.0.34.4: | ||
| + | EOF | ||
| + | |||
| + | sysrc wireguard_interfaces=wg0 | ||
| + | service wireguard enable | ||
| + | service wireguard start | ||
| + | </ | ||
| + | |||
| + | ==== Router 4 ==== | ||
| + | |||
| + | Display router 4 private key, and router 2 public key. | ||
| + | |||
| + | < | ||
| + | cat > / | ||
| + | [Interface] | ||
| + | PrivateKey = ADfm6+sXZnoyDAkG/ | ||
| + | ListenPort = 51820 | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = gaQij176wrz3g+2RTJ/ | ||
| + | AllowedIPs = 10.0.12.0/ | ||
| + | Endpoint = 10.0.23.2: | ||
| + | EOF | ||
| + | |||
| + | sysrc wireguard_interfaces=wg0 | ||
| + | service wireguard enable | ||
| + | service wireguard start | ||
| + | </ | ||
| + | |||
| + | ==== Testing ==== | ||
| + | |||
| + | Pinging VM5 from VM1: | ||
| + | |||
| + | < | ||
| + | [root@VM1]~# | ||
| + | PING 10.0.45.5 (10.0.45.5): | ||
| + | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.135 ms | ||
| + | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=0.783 ms | ||
| + | |||
| + | --- 10.0.45.5 ping statistics --- | ||
| + | 2 packets transmitted, | ||
| + | round-trip min/ | ||
| + | |||
| + | [root@VM1]~# | ||
| + | PING6(56=40+8+8 bytes) 2001: | ||
| + | 16 bytes from 2001: | ||
| + | 16 bytes from 2001: | ||
| + | |||
| + | --- 2001: | ||
| + | 2 packets transmitted, | ||
| + | round-trip min/ | ||
| </ | </ | ||
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier