ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Line 213:
Line 213: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 998:
Line 1,040: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 1,243:
Line 1,341: − + − + + +
Added SOCAT
== GRE Tunnel ==
== GRE Tunnel ==
{{go to top}}
{{go to top}}
GRE Tunnels
===Public/Private VM tunnel===
GRE tunnels are useful for connecting a VM in a private/home network to the internet via a public server/VM. The following information will connect Server A (public server) to Server B (private server), and allow requests to Server B to be passed to Server A's resources for use on the Internet.
====Configuration====
'''IP addresses'''
* Server A will have a public IP of 30.30.30.30/24 and the GRE interface will be assigned 192.168.168.1/30
* Server B will have a private IP of 10.0.0.50/24, a public IP of 40.40.40.40/24 and the GRE interface will be assigned 192.168.168.2/30
'''Ports'''
* Ports 22, 80 and 443 will be forwarded over the GRE tunnel
=====Server A (Public)=====
Copy the following to /etc/gre.sh
<syntaxhighlight lang="bash">
#!/bin/sh
ip tunnel add gre1 mode gre local 10.0.0.50 remote 40.40.40.40 ttl 255
ip add add 192.168.168.1/30 dev gre1
ip link set gre1 up
iptables -t nat -A POSTROUTING -s 192.168.168.0/30 ! -o gre+ -j SNAT --to-source 30.30.30.30
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.168.2
</syntaxhighlight>
=====Server B (Private)=====
* Add the following to /etc/iproute2/rt_tables<syntaxhighlight lang="text">
100 GRE</syntaxhighlight>
* Copy the following to /etc/gre.sh
<syntaxhighlight lang="bash">
#!/bin/sh
iptunnel add gre1 mode gre local 10.0.0.50 remote 30.30.30.30 ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
ip rule add from 192.168.168.0/30 table GRE
ip route add default via 192.168.168.1 table GRE
</syntaxhighlight>
==L2TP Ethernet Pseudowires==
==L2TP Ethernet Pseudowires==
Calling tinc with -k or --kill option will cause it to automatically unregister itself.
Calling tinc with -k or --kill option will cause it to automatically unregister itself.
== SOCAT ==
SOCAT can be used to create a simple virtual network between two hosts using UDP and TUN devices.
'''Note: It is possible to use TCP for this as well, but without the nodelay option it might cause problems. You can also replace UDP with DTLS to add security to the connection.'''
*IP addresses used in this example:
{| class="wikitable" style="text-align: center; width: 35%"
! Host
! Address
! Mask
|-
| Physical server address
| 1.2.3.4
| N/A
|-
| Physical client address
| N/A
| N/A
|-
| TUN device on server
| 192.168.255.1
| 255.255.255.0
|-
| TUN device on client
| 192.168.255.2
| 255.255.255.0
|}
Note: UDP connections will use PORT 11443.
=== Create TUN devices ===
*TUN Server<syntaxhighlight lang="text">
socat -d -d UDP-LISTEN:11443,reuseaddr TUN:192.168.255.1/24,up</syntaxhighlight>
*TUN Client<syntaxhighlight lang="text">
socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up</syntaxhighlight>
Executing these two commands will result in a connection being established from the client to the server via TUN devices.
=== Troubleshooting ===
The following are common errors that you may encounter when using SOCAT to create a VPN.
*Missing TUN/TAP Support<syntaxhighlight lang="text">
... E unknown device/address "tun"</syntaxhighlight>
The SOCAT binary probably does not provide TUN/TAP support. Reasons include not using Linux and using an older version of SOCAT.
*Missing Kernel Support<syntaxhighlight lang="text">
,,, E open("/dev/net/tun", 02, 0666): No such file or directory</syntaxhighlight>
This incidates that your kernel does not have TUN/TAP support compiled in.
*TUN Cloning Device Permissions<syntaxhighlight lang="text">
... E open("/dev/net/tun", 02, 0666): Permission denied</syntaxhighlight>
This indicates that you do not have sufficient permission to read or write to the TUN cloning device. Check the device's permssions and ownership.
== SoftEther ==
== SoftEther ==
*You can run it again to add/remove users or completely uninstall WireGuard
*You can run it again to add/remove users or completely uninstall WireGuard
=== Mikrotik Road Warrior Config ===
=== Mikrotik Wireguard Road Warrior Config ===
From: https://forum.mikrotik.com/viewtopic.php?t=174417#
From: https://forum.mikrotik.com/viewtopic.php?t=174417#<ref>Mikrotik Forums - MikroTik Wireguard server with Road Warrior clients [https://forum.mikrotik.com/viewtopic.php?t=174417#]</ref>
The following information will show you how to setup a Mikrotik Wireguard server with Road Warrior clients.
==== Network topology ====
==== Network topology ====