ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Line 2:
Line 2: − + − + − + − + + + Line 29:
Line 31: + − + Line 51:
Line 54: − + − − == L2TP == − Information on how to setup L2TP. Line 111:
Line 111: − '''Server1:'''+ − Line 143:
Line 142: − '''Server2:'''+ − Line 175:
Line 173: − '''Server3:'''+ − Line 207:
Line 204: + + Line 228:
Line 227: + Line 293:
Line 293: − + − Information on how to setup Wireguard.+ + + + + + + + + + + + + Line 518:
Line 530: + + +
Added external links with references to respective software packages official sites/homepages. Removed L2TP section.
= VPN =
= VPN =
The following contains information on various VPN setups that you can use.
The following contains information on how to setup a Virtual Private Network (VPN) connection using various popular packages.
== IPSEC ==
== IPSEC ==
Information on how to setup IPSEC tunnels.
Information on how to setup IPSEC tunnels.
=== Mikrotik to Strongswan ===
=== MikroTik to strongSwan ===
Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC.
Use the following configurations to connect a system running stongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC.
==== Strongswan config ====
==== strongSwan config ====
The following configuration will work on FreeBSD or Linux systems with strongSwan installed.
=====ipsec.conf=====
/etc/ipsec.conf:
/etc/ipsec.conf:
dpdaction=clear
dpdaction=clear
=====ipsec.secrets=====
/etc/ipsec.secrets:
/etc/ipsec.secrets:
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
==== Mikrotik Config ====
==== MikroTik Config ====
/ip ipsec policy
/ip ipsec policy
== OpenVPN ==
== OpenVPN ==
Information on how to setup OpenVPN.
Information on OpenVPN is available from https://openvpn.net/<ref>OpenVPN Official Site [https://openvpn.net/]</ref>
== TINC ==
== TINC ==
All servers used in this example will be running Ubuntu 18.04.
All servers used in this example will be running Ubuntu 18.04.
=====Server1=====
* Install tinc
* Install tinc
apt install tinc -y
apt install tinc -y
ip link set $INTERFACE down
ip link set $INTERFACE down
=====Server2=====
* Install tinc
* Install tinc
apt install tinc -y
apt install tinc -y
ip link set $INTERFACE down
ip link set $INTERFACE down
=====Server3=====
* Install tinc
* Install tinc
apt install tinc -y
apt install tinc -y
ip link set $INTERFACE down
ip link set $INTERFACE down
=====Create keypair=====
* On all servers create public/private keypair with:
* On all servers create public/private keypair with:
tincd -n NoMoreSecrets -K4096
tincd -n NoMoreSecrets -K4096
=====Synchronize host files=====
* Synchronize host files with public keys between all three servers with rsync:
* Synchronize host files with public keys between all three servers with rsync:
chmod +x /etc/tinc/NoMoreSecrets/tinc-down
chmod +x /etc/tinc/NoMoreSecrets/tinc-down
=====Start tinc=====
* On all servers enable and start tinc
* On all servers enable and start tinc
systemctl enable tinc@NoMoreSecrets
systemctl enable tinc@NoMoreSecrets
Calling tinc with -k or --kill option will cause it to automatically unregister itself.
Calling tinc with -k or --kill option will cause it to automatically unregister itself.
== Wireguard ==
== Softether ==
SoftEther VPN is an Open-Source Free Cross-platform Multi-protocol VPN Program, that is an academic project from the University of Tsukuba in Japan.
You can download SoftEther for FreeBSD, Linux, Mac, Solaris, and Windows from https://www.softether.org/<ref>SoftEther VPN Official Site [https://www.softether.org/]</ref>
=== Features ===
*SSL-VPN tunnelling on HTTPS to pass though NATs and firewalls
*Revolutionary VPN over ICMP and VPN over DNS featuers
*Ethernet-bridging (L2) and IP-routing (L3) over VPN.
*Embedded dynamic-DNS and NAT-traversal
*SSL-VPN (HTTPS) and support for 6 major VPN protocols: [http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#Support_OpenVPN_Protocol OpenVPN], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server IPSEC], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server L2TP], [http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#Support_Microsoft_SSTP_VPN_Protocol MS-SSTP], [http://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/6.Cisco_IOS_L2TPv3%2F%2F%2F%2FIPsec_Edge-VPN_Router_Setup L2TPv3], and [http://www.softether.org/3-spec EtherIP])
== WireGuard ==
WireGuard can be downloaded from https://www.wireguard.com/<ref>WireGuard Offical Site [https://www.wireguard.com/]</ref>
== Other ==
== Other ==
#echo "Restarting fail2ban"
#echo "Restarting fail2ban"
#systemctl restart fail2ban
#systemctl restart fail2ban
==External Links==
<references />