Line 2: |
Line 2: |
| | | |
| = VPN = | | = VPN = |
− | The following contains information on various VPN setups that you can use. | + | The following contains information on how to setup a Virtual Private Network (VPN) connection using various popular packages. |
| | | |
| == IPSEC == | | == IPSEC == |
| Information on how to setup IPSEC tunnels. | | Information on how to setup IPSEC tunnels. |
| | | |
− | === Mikrotik to Strongswan === | + | === MikroTik to strongSwan === |
− | Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC. | + | Use the following configurations to connect a system running stongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC. |
| | | |
− | ==== Strongswan config ==== | + | ==== strongSwan config ==== |
| + | The following configuration will work on FreeBSD or Linux systems with strongSwan installed. |
| | | |
| + | =====ipsec.conf===== |
| /etc/ipsec.conf: | | /etc/ipsec.conf: |
| | | |
Line 29: |
Line 31: |
| dpdaction=clear | | dpdaction=clear |
| | | |
| + | =====ipsec.secrets===== |
| /etc/ipsec.secrets: | | /etc/ipsec.secrets: |
| | | |
| <your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>" | | <your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>" |
| | | |
− | ==== Mikrotik Config ==== | + | ==== MikroTik Config ==== |
| | | |
| /ip ipsec policy | | /ip ipsec policy |
Line 51: |
Line 54: |
| | | |
| == OpenVPN == | | == OpenVPN == |
− | Information on how to setup OpenVPN. | + | Information on OpenVPN is available from https://openvpn.net/<ref>OpenVPN Official Site [https://openvpn.net/]</ref> |
− | | |
− | == L2TP ==
| |
− | Information on how to setup L2TP.
| |
| | | |
| == TINC == | | == TINC == |
Line 111: |
Line 111: |
| All servers used in this example will be running Ubuntu 18.04. | | All servers used in this example will be running Ubuntu 18.04. |
| | | |
− | '''Server1:'''
| + | =====Server1===== |
− | | |
| * Install tinc | | * Install tinc |
| apt install tinc -y | | apt install tinc -y |
Line 143: |
Line 142: |
| ip link set $INTERFACE down | | ip link set $INTERFACE down |
| | | |
− | '''Server2:'''
| + | =====Server2===== |
− | | |
| * Install tinc | | * Install tinc |
| apt install tinc -y | | apt install tinc -y |
Line 175: |
Line 173: |
| ip link set $INTERFACE down | | ip link set $INTERFACE down |
| | | |
− | '''Server3:'''
| + | =====Server3===== |
− | | |
| * Install tinc | | * Install tinc |
| apt install tinc -y | | apt install tinc -y |
Line 207: |
Line 204: |
| ip link set $INTERFACE down | | ip link set $INTERFACE down |
| | | |
| + | =====Create keypair===== |
| * On all servers create public/private keypair with: | | * On all servers create public/private keypair with: |
| tincd -n NoMoreSecrets -K4096 | | tincd -n NoMoreSecrets -K4096 |
| | | |
| + | =====Synchronize host files===== |
| * Synchronize host files with public keys between all three servers with rsync: | | * Synchronize host files with public keys between all three servers with rsync: |
| | | |
Line 228: |
Line 227: |
| chmod +x /etc/tinc/NoMoreSecrets/tinc-down | | chmod +x /etc/tinc/NoMoreSecrets/tinc-down |
| | | |
| + | =====Start tinc===== |
| * On all servers enable and start tinc | | * On all servers enable and start tinc |
| systemctl enable tinc@NoMoreSecrets | | systemctl enable tinc@NoMoreSecrets |
Line 293: |
Line 293: |
| Calling tinc with -k or --kill option will cause it to automatically unregister itself. | | Calling tinc with -k or --kill option will cause it to automatically unregister itself. |
| | | |
− | == Wireguard == | + | == Softether == |
− | Information on how to setup Wireguard.
| + | SoftEther VPN is an Open-Source Free Cross-platform Multi-protocol VPN Program, that is an academic project from the University of Tsukuba in Japan. |
| + | |
| + | You can download SoftEther for FreeBSD, Linux, Mac, Solaris, and Windows from https://www.softether.org/<ref>SoftEther VPN Official Site [https://www.softether.org/]</ref> |
| + | |
| + | === Features === |
| + | *SSL-VPN tunnelling on HTTPS to pass though NATs and firewalls |
| + | *Revolutionary VPN over ICMP and VPN over DNS featuers |
| + | *Ethernet-bridging (L2) and IP-routing (L3) over VPN. |
| + | *Embedded dynamic-DNS and NAT-traversal |
| + | *SSL-VPN (HTTPS) and support for 6 major VPN protocols: [http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#Support_OpenVPN_Protocol OpenVPN], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server IPSEC], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server L2TP], [http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#Support_Microsoft_SSTP_VPN_Protocol MS-SSTP], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/6.Cisco_IOS_L2TPv3%2F%2F%2F%2FIPsec_Edge-VPN_Router_Setup L2TPv3], and [http://www.softether.org/3-spec EtherIP]) |
| + | |
| + | == WireGuard == |
| + | WireGuard can be downloaded from https://www.wireguard.com/<ref>WireGuard Offical Site [https://www.wireguard.com/]</ref> |
| | | |
| == Other == | | == Other == |
Line 518: |
Line 530: |
| #echo "Restarting fail2ban" | | #echo "Restarting fail2ban" |
| #systemctl restart fail2ban | | #systemctl restart fail2ban |
| + | |
| + | ==External Links== |
| + | <references /> |