documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:08] – [VPN with GRE, GIF, IPSec and OpenVPN] olivier | documentation:examples:gre_ipsec_and_openvpn [2020/06/29 16:48] – [VM2: OpenVPN server] olivier | ||
---|---|---|---|
Line 1053: | Line 1053: | ||
< | < | ||
passwd | passwd | ||
- | </ | ||
- | ==== VM4: OpenVPN client ==== | ||
- | |||
- | As OpenVPN client, VM4 should get these files from VM2 and put them in / | ||
- | * ca.crt | ||
- | * VM4.crt | ||
- | * VM4.key | ||
- | |||
- | On this lab, scp can be used for getting these files: | ||
- | < | ||
- | mkdir / | ||
- | scp 10.0.23.2:/ | ||
- | scp 10.0.23.2:/ | ||
- | scp 10.0.23.2:/ | ||
</ | </ | ||
- | Configure openvpn as a client: | + | Now Generate |
< | < | ||
- | cat > / | + | cat > / |
client | client | ||
dev tun | dev tun | ||
remote 10.0.23.2 | remote 10.0.23.2 | ||
- | ca ca.crt | + | <ca> |
- | cert VM4.crt | + | |
- | key VM4.key | + | |
' | ' | ||
+ | cat / | ||
+ | echo '</ | ||
+ | echo '< | ||
+ | cat / | ||
+ | echo '</ | ||
+ | echo '< | ||
+ | cat / | ||
+ | echo '</ | ||
</ | </ | ||
+ | ==== VM4: OpenVPN client ==== | ||
+ | |||
+ | As OpenVPN client, VM4 should get its openvpn configuration file (that embedded certificate and key) from VM2 and put them in / | ||
+ | |||
+ | On this lab, scp can be used for getting these files: | ||
+ | < | ||
+ | mkdir / | ||
+ | scp 10.0.23.2:/ | ||
+ | </ | ||
+ | |||
Enable and start openvpn: | Enable and start openvpn: | ||
Line 1160: | Line 1162: | ||
16: | 16: | ||
16: | 16: | ||
+ | </ | ||
+ | |||
+ | ===== Wireguard ===== | ||
+ | |||
+ | ==== Key pairs generation ==== | ||
+ | |||
+ | The first step is to generate a couple of private and public keys on each wireguard endpoint. | ||
+ | |||
+ | On VM2 and on VM4, generate the keys: | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | wg genkey > private | ||
+ | chmod 600 private | ||
+ | wg pubkey < private > public | ||
+ | </ | ||
+ | |||
+ | ==== Router 2 ==== | ||
+ | |||
+ | Display router 2 private key, and router 4 public key. | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | [Interface] | ||
+ | PrivateKey = 8Og1cCmvirK+zcGus/ | ||
+ | ListenPort = 51820 | ||
+ | |||
+ | [Peer] | ||
+ | PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g= | ||
+ | AllowedIPs = 10.0.45.0/ | ||
+ | Endpoint = 10.0.34.4: | ||
+ | EOF | ||
+ | |||
+ | sysrc wireguard_interfaces=wg0 | ||
+ | service wireguard enable | ||
+ | service wireguard start | ||
+ | </ | ||
+ | |||
+ | ==== Router 4 ==== | ||
+ | |||
+ | Display router 4 private key, and router 2 public key. | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | [Interface] | ||
+ | PrivateKey = ADfm6+sXZnoyDAkG/ | ||
+ | ListenPort = 51820 | ||
+ | |||
+ | [Peer] | ||
+ | PublicKey = gaQij176wrz3g+2RTJ/ | ||
+ | AllowedIPs = 10.0.12.0/ | ||
+ | Endpoint = 10.0.23.2: | ||
+ | EOF | ||
+ | |||
+ | sysrc wireguard_interfaces=wg0 | ||
+ | service wireguard enable | ||
+ | service wireguard start | ||
+ | </ | ||
+ | |||
+ | ==== Testing ==== | ||
+ | |||
+ | Pinging VM5 from VM1: | ||
+ | |||
+ | < | ||
+ | [root@VM1]~# | ||
+ | PING 10.0.45.5 (10.0.45.5): | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.135 ms | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=0.783 ms | ||
+ | |||
+ | --- 10.0.45.5 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@VM1]~# | ||
+ | PING6(56=40+8+8 bytes) 2001: | ||
+ | 16 bytes from 2001: | ||
+ | 16 bytes from 2001: | ||
+ | |||
+ | --- 2001: | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
</ | </ |
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier