documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:08] – [VPN with GRE, GIF, IPSec and OpenVPN] olivier | documentation:examples:gre_ipsec_and_openvpn [2020/06/29 16:47] – [VM4: OpenVPN client] olivier | ||
---|---|---|---|
Line 1054: | Line 1054: | ||
passwd | passwd | ||
</ | </ | ||
- | ==== VM4: OpenVPN client ==== | ||
- | As OpenVPN | + | Now Generate |
- | * ca.crt | + | |
- | * VM4.crt | + | |
- | * VM4.key | + | |
- | On this lab, scp can be used for getting these files: | ||
< | < | ||
- | mkdir / | + | echo '< |
- | scp 10.0.23.2:/ | + | cat / |
- | scp 10.0.23.2:/ | + | echo '</ |
- | scp 10.0.23.2:/ | + | echo '< |
+ | cat / | ||
+ | echo '</ | ||
+ | echo '< | ||
+ | cat / | ||
+ | echo '</ | ||
</ | </ | ||
+ | ==== VM4: OpenVPN client ==== | ||
- | Configure openvpn as a client: | + | As OpenVPN |
+ | On this lab, scp can be used for getting these files: | ||
< | < | ||
- | cat > / | + | mkdir / |
- | client | + | scp 10.0.23.2:/ |
- | dev tun | + | |
- | remote | + | |
- | ca ca.crt | + | |
- | cert VM4.crt | + | |
- | key VM4.key | + | |
- | ' | + | |
</ | </ | ||
+ | |||
Enable and start openvpn: | Enable and start openvpn: | ||
Line 1160: | Line 1157: | ||
16: | 16: | ||
16: | 16: | ||
+ | </ | ||
+ | |||
+ | ===== Wireguard ===== | ||
+ | |||
+ | ==== Key pairs generation ==== | ||
+ | |||
+ | The first step is to generate a couple of private and public keys on each wireguard endpoint. | ||
+ | |||
+ | On VM2 and on VM4, generate the keys: | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | wg genkey > private | ||
+ | chmod 600 private | ||
+ | wg pubkey < private > public | ||
+ | </ | ||
+ | |||
+ | ==== Router 2 ==== | ||
+ | |||
+ | Display router 2 private key, and router 4 public key. | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | [Interface] | ||
+ | PrivateKey = 8Og1cCmvirK+zcGus/ | ||
+ | ListenPort = 51820 | ||
+ | |||
+ | [Peer] | ||
+ | PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g= | ||
+ | AllowedIPs = 10.0.45.0/ | ||
+ | Endpoint = 10.0.34.4: | ||
+ | EOF | ||
+ | |||
+ | sysrc wireguard_interfaces=wg0 | ||
+ | service wireguard enable | ||
+ | service wireguard start | ||
+ | </ | ||
+ | |||
+ | ==== Router 4 ==== | ||
+ | |||
+ | Display router 4 private key, and router 2 public key. | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | [Interface] | ||
+ | PrivateKey = ADfm6+sXZnoyDAkG/ | ||
+ | ListenPort = 51820 | ||
+ | |||
+ | [Peer] | ||
+ | PublicKey = gaQij176wrz3g+2RTJ/ | ||
+ | AllowedIPs = 10.0.12.0/ | ||
+ | Endpoint = 10.0.23.2: | ||
+ | EOF | ||
+ | |||
+ | sysrc wireguard_interfaces=wg0 | ||
+ | service wireguard enable | ||
+ | service wireguard start | ||
+ | </ | ||
+ | |||
+ | ==== Testing ==== | ||
+ | |||
+ | Pinging VM5 from VM1: | ||
+ | |||
+ | < | ||
+ | [root@VM1]~# | ||
+ | PING 10.0.45.5 (10.0.45.5): | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.135 ms | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=0.783 ms | ||
+ | |||
+ | --- 10.0.45.5 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@VM1]~# | ||
+ | PING6(56=40+8+8 bytes) 2001: | ||
+ | 16 bytes from 2001: | ||
+ | 16 bytes from 2001: | ||
+ | |||
+ | --- 2001: | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
</ | </ |
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier