Difference between revisions of "VPN"
Jump to navigation
Jump to search
| Line 64: | Line 64: | ||
==== Server side config ==== | ==== Server side config ==== | ||
# Download tinc | # Download tinc | ||
| − | # Install tinc# Open command prompt and type the following: | + | # Install tinc |
| + | # Open command prompt and type the following: | ||
cd "C:\Program Files\tinc" | cd "C:\Program Files\tinc" | ||
tinc -n vpn init master | tinc -n vpn init master | ||
| Line 82: | Line 83: | ||
To invite clients: | To invite clients: | ||
tinc -n vpn invite client1 | tinc -n vpn invite client1 | ||
| − | |||
==== Client side config ==== | ==== Client side config ==== | ||
Revision as of 06:20, 15 November 2020
VPN
The following contains information on various VPN setups that you can use.
IPSEC
Information on how to setup IPSEC tunnels.
Mikrotik to Strongswan
Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC.
Strongswan config
/etc/ipsec.conf:
conn <name>
authby=secret
auto=route
keyexchange=ike
left=<your local IP>
right=<remote IP of Mikrotik system>
leftikeport=500
rightikeport=500
type=transport
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpddelay=5
dpdtimeout=20
dpdaction=clear
/etc/ipsec.secrets:
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
Mikrotik Config
/ip ipsec policy add src-address=0.0.0.0/0 dst-address=<remote IP of strongswan system> proposal=ike2 ipsec-protocols=esp /ip ipsec proposal add name="ike2" auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none /ip ipsec peer add name="<name of strongswan system>" address=<local IP> profile=ike2 exchange-mode=main send-initial-contact=yes /ip ipsec identity add peer=<remote IP of strongswan system> auth-method=pre-shared-key secret="<Put your preshared key here>" generate-policy=no /ip ipsec profile add name="ike2" hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des,des dh-group=modp2048,modp1024 lifetime=8h proposal-check=obey nat-traversal=no dpd-interval=2m dpd-maximum-failures=5
OpenVPN
Information on how to setup OpenVPN.
L2TP
Information on how to setup L2TP.
TINC
Information on how to setup tinc.
You can download tinc for *nix and Windows systems from https://www.tinc-vpn.org/
Simplified Windows setup
Examples on how to setup Windows as either a server or client.
Server side config
- Download tinc
- Install tinc
- Open command prompt and type the following:
cd "C:\Program Files\tinc" tinc -n vpn init master tinc -n vpn add subnet 10.0.1.1 tinc -n vpn add address=public.domain-or-ip cd tap-win64 addtap.bat netsh interface ipv4 show interfaces (Note disconnected interface. May be called Ethernet 2) netsh interface set interface name = "Ethernet 2" newname = "tinc" netsh interface ip set address "tinc" static 10.0.1.1 255.255.255.0 netsh interface ipv4 show config (Should create a tinc interface with IP and subnet) cd ..
To start tinc:
tincd -n vpn
To invite clients:
tinc -n vpn invite client1
Client side config
- Download tinc
- Install tinc
- Open command prompt and type the following:
cd "C:\Program Files\tinc" tinc join <invite-url> tinc -n vpn add subnet 10.0.1.2 cd tap-win64 addtap.bat netsh interface ipv4 show interfaces (Note disconnected interface. May be called Ethernet 2) netsh interface set interface name = "Ethernet 2" newname = "tinc" netsh interface ip set address "tinc" static 10.0.1.2 255.255.255.0 cd ..
To test connection:
tincd -n vpn -D -d3
To run tinc as service:
tincd -n vpn
Wireguard
Information on how to setup Wireguard.
Other
Any other information that doesn't fit elsewhere.