Difference between revisions of "VPN"

From "PTTLink Wiki"
Jump to navigation Jump to search
Line 101: Line 101:
 
     tincd -n vpn -D -d3
 
     tincd -n vpn -D -d3
  
To run tinc as sercice:
+
To run tinc as service:
 
     tincd -n vpn
 
     tincd -n vpn
  

Revision as of 06:20, 15 November 2020

VPN

The following contains information on various VPN setups that you can use.

IPSEC

Information on how to setup IPSEC tunnels.

Mikrotik to Strongswan

Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC.

Strongswan config

/etc/ipsec.conf: 

  conn <name>
            authby=secret
            auto=route
            keyexchange=ike
            left=<your local IP>
            right=<remote IP of Mikrotik system>
            leftikeport=500
            rightikeport=500
            type=transport
            ike=aes256-sha1-modp1024!
            esp=aes256-sha1!
            dpddelay=5
            dpdtimeout=20
            dpdaction=clear

/etc/ipsec.secrets: 

   <your local IP> <remote IP of Mikrotik system> :  PSK "<Put your preshared key here>"

Mikrotik Config

 /ip ipsec policy
 add src-address=0.0.0.0/0 dst-address=<remote IP of strongswan system> proposal=ike2 ipsec-protocols=esp
 
 /ip ipsec proposal
 add name="ike2" auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
 
 /ip ipsec peer
 add name="<name of strongswan system>" address=<local IP> profile=ike2 exchange-mode=main send-initial-contact=yes
 
 /ip ipsec identity
 add peer=<remote IP of strongswan system> auth-method=pre-shared-key secret="<Put your preshared key here>" generate-policy=no
 
 /ip ipsec profile
 add name="ike2" hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des,des dh-group=modp2048,modp1024 lifetime=8h proposal-check=obey nat-traversal=no dpd-interval=2m dpd-maximum-failures=5

OpenVPN

Information on how to setup OpenVPN.

L2TP

Information on how to setup L2TP.

TINC

Information on how to setup tinc.

You can download tinc for *nix and Windows systems from https://www.tinc-vpn.org/

Simplified Windows setup

Examples on how to setup Windows as either a server or client.

Server side config

  1. Download tinc
  2. Install tinc# Open command prompt and type the following:
   cd "C:\Program Files\tinc"
   tinc -n vpn init master
   tinc -n vpn add subnet 10.0.1.1
   tinc -n vpn add address=public.domain-or-ip
   cd tap-win64
   addtap.bat
   netsh interface ipv4 show interfaces      (Note disconnected interface.  May be called Ethernet 2)
   netsh interface set interface name = "Ethernet 2" newname = "tinc"
   netsh interface ip set address "tinc" static 10.0.1.1  255.255.255.0
   netsh interface ipv4 show config          (Should create a tinc interface with IP and subnet)
   cd ..

To start tinc: 

   tincd -n vpn

To invite clients: 

   tinc -n vpn invite client1


Client side config

  1. Download tinc
  2. Install tinc
  3. Open command prompt and type the following:
   cd "C:\Program Files\tinc"
   tinc join <invite-url>
   tinc -n vpn add subnet 10.0.1.2
   cd tap-win64
   addtap.bat
   netsh interface ipv4 show interfaces      (Note disconnected interface.  May be called Ethernet 2)
   netsh interface set interface name = "Ethernet 2" newname = "tinc"
   netsh interface ip set address "tinc" static 10.0.1.2  255.255.255.0
   cd ..

To test connection: 

   tincd -n vpn -D -d3

To run tinc as service: 

   tincd -n vpn

Wireguard

Information on how to setup Wireguard.

Other

Any other information that doesn't fit elsewhere.

Retrieved from "http://wiki.pttlink.org/index.php?title=VPN&oldid=1986"