ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Line 16:
Line 16: − + Line 42:
Line 42: − + Line 235:
Line 235: − {{go to top}} Line 247:
Line 246: − + Line 259:
Line 258: − + Line 270:
Line 269: − + − # Uses autossh to establish a tunnel to allstarlink.org for the Graylog Collector Sidecar − # on seal to pass data. − + Line 309:
Line 306: − + − + + + + + − + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
Information on how to setup IPSEC tunnels.
Information on how to setup IPSEC tunnels.
=== stongSwan to strongSwan ===
=== strongSwan to strongSwan ===
Use the following config for a strongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to strongSwan configuration. Make sure the left and right IP addresses are updated to match each system. You can use the same ipsec.secrets file on both systems without changing the IP address order, although I recommend changing it to having the local IP on the left and the remote on the right as shown below.
Use the following config for a strongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to strongSwan configuration. Make sure the left and right IP addresses are updated to match each system. You can use the same ipsec.secrets file on both systems without changing the IP address order, although I recommend changing it to having the local IP on the left and the remote on the right as shown below.
=== strongSwan to MikroTik ===
=== strongSwan to MikroTik ===
Use the following configurations to connect a system running stongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC.
Use the following configurations to connect a system running strongSwan to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC.
==== strongSwan config ====
==== strongSwan config ====
==Persistent SSH Tunnels==
==Persistent SSH Tunnels==
The following is how to create a persistent SSH Tunnel between two systems. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.
The following is how to create a persistent SSH Tunnel between two systems. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.
Now switch to the user and generate an SSH key:
Now switch to the user and generate an SSH key:
<pre>
<pre>
su -s /bin/bash useradd
su -s /bin/bash autossh
cd ~
cd ~
ssh-keygen -b 4096
ssh-keygen -b 4096
===Copy public key to target system===
===Copy public key to target system===
You will need to copy '''''id_rsa.pub''''' file from '''''/home/useradd/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.
You will need to copy '''''id_rsa.pub''''' file from '''''/home/autossh/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.
''Note: It is recommended that you also create a normal user on the remote system and not use root.''
''Note: It is recommended that you also create a normal user on the remote system and not use root.''
===Setup script===
===Setup script===
Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (usually /opt):
Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (here we will save it as /opt/ssh-tunnel.sh):
<pre>
<pre>
#!/bin/sh
#!/bin/sh
#
#
su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'
su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'
</pre>
</pre>
{| class="wikitable"
{| class="wikitable"
<pre>
<pre>
chmod +x <name_of_script>.sh
chmod +x /opt/ssh-tunnel.sh
</pre>
</pre>
===Tunnel at startup===
===Tunnel at startup===
To have this tunnel automatically start if the system is rebooted, add a call to the script to rc.local.
To have the tunnel up when the system restarts, choose one of the following methods
====rc.local====
Add a line to /etc/rc.local that calls the script.
<pre>
<pre>
/opt/<name_of_script>.sh
# Start AutoSSH tunnel at boot
/opt/ssh-tunnel.sh
</pre>
</pre>
''Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. Refer to your distributions documentation for information on how to enable it.''
''Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. Refer to your distributions documentation for information on how to enable it.''
====systemd====
To have the script start at boot with systemd, create the following file and add it to /etc/systemd/system/ssh-tunnel.service
=====ssh-tunnel.service=====
<pre>
[Unit]
Description=AutoSSH Tunnel at boot
[Service]
Type=oneshot
ExecStart=/opt/ssh-tunnel.sh
[Install]
WantedBy=multi-user.target
</pre>
=====Enable service=====
To enable the service to run via systemd run:
<pre>
systemctl enable ssh-tunnel.service
</pre>
== GRE Tunnel ==
== GRE Tunnel ==