|
|
(20 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | <!--<div style="border:3px solid black; text-align:center; color:red;"><b>THIS DOCUMENTATION IS ONLY PARTIALLY FINISHED FOR CHAOSVPN 2.0!</b></div>-->
| |
| | | |
| | | |
| | | |
− | = Install software =
| |
| | | |
− | The following is written assuming a fresh install of NetBSD 5.2 using the GENERIC kernel, with a pkgsrc repository and networking already configured.
| + | [[ChaosVPN:Netbsd NAT VPN router using chaosvpn and ipnat]] |
| | | |
− | == Install necessary programs from pkgsrc ==
| |
| | | |
− | # pkg_add tinc (will add lzo as a dependancy)
| + | [[ChaosVPN:Tims_NetBSD_chaosvpn_rc.d]] |
− | # pkg_add zlib
| |
− | # pkg_add bison (will install m4 as a dependancy)
| |
− | # pkg_add flex
| |
− | # pkg_add openssl
| |
− | # pkg_add gmake
| |
| | | |
− | we will also need to install git. Installing git from pkgsrc brings in a long list of other packages (mostly related to Perl) which I list below.
| + | [[ChaosVPN:Tims_ipf_conf]] |
| | | |
− | # pkg_add scmgit
| + | [[ChaosVPN:Tims_netbsd_route_hack_attempt]] |
| | | |
− | adds the following packages as dependancies:
| |
| | | |
− | scmgit-base
| + | [[ChaosVPN:Tims_random_router_configs]] |
− | scmgit-docs
| |
− | tcl
| |
− | tk
| |
− | scmgit-gitk
| |
− | perl-5
| |
− | p5-Error
| |
− | p5-MIME-Base64
| |
− | p5-TimeDate
| |
− | p5-MailTools
| |
− | p5-Digest-SHA
| |
− | p5-Digest-MD5
| |
− | p5-Digest-HMAC
| |
− | p5-Net-IP
| |
− | p5-Sockets
| |
− | p5-Net-DNS
| |
− | p5-IO-Socket-INET6
| |
− | p5-Email-Valid
| |
− | p5-Net-LibIDN
| |
− | p5-Net-SSLeay
| |
− | p5-IO-Socket-SSL
| |
− | p5-Net-SMTP
| |
− | p5-GSSAPI
| |
− | p5-Authen-SASL
| |
− | libffi
| |
− | python27
| |
− | curl
| |
− | | |
− | == Create config directory ==
| |
− | | |
− | # mkdir -p /usr/pkgsrc/etc/tinc/chaos
| |
− | | |
− | == Build ChaosVPN ==
| |
− | | |
− | === Security concerns ===
| |
− | | |
− | It’s best to create a new, non-root user specifically for running ChaosVPN. This user will need to be listed in the '''sudoers''' file, and will need to be a member of the '''wheel''' group, so you can run the <code>sudo</code> and <code>su</code> commands, respectively. In the file <code>/usr/local/etc/tinc/chaosvpn.conf</code>, change the option '''$tincd_user''' to that new user.
| |
− | | |
− | | |
− | | |
− | === Get the ChaosVPN source from the git repository ===
| |
− | | |
− | Always needed to compile:
| |
− | | |
− | $ git clone git://github.com/ryd/chaosvpn.git
| |
− | $ cd chaosvpn
| |
− | | |
− | | |
− | | |
− | === Editing the Makefile ===
| |
− | | |
− | We are actually kind of using the FreeBSD install options, since there is no NetBSD specific install at this time. So we will have to edit the Makefile.
| |
− | | |
− | Navigate to the directory where you installed git information for chaosvpn. Open the Makefile with your favorite text editor, and change the following lines:
| |
− | | |
− | '''line 7'''
| |
− | ifneq (,$(findstring FreeBSD,$(OS)))
| |
− | ''needs to change to:''
| |
− | ifneq (,$(findstring '''NetBSD''',$(OS)))
| |
− | | |
− | '''line 10'''
| |
− | PREFIX?=/usr/local
| |
− | ''needs to change to:''
| |
− | PREFIX?='''/usr/pkg'''
| |
− | | |
− | '''line 11'''
| |
− | TINCDIR?=/usr/local/etc/tinc
| |
− | ''needs to change to:''
| |
− | TINCDIR?='''/usr/pkg/etc/tinc'''
| |
− | | |
− | '''line 93'''
| |
− | install -m 0755 freebsd.rc.d $(DESTDIR)$(PREFIX)/etc/rc.d/chaosvpn
| |
− | ''needs to change to:''
| |
− | '''install -m 0755 freebsd.rc.d /etc/rc.d/chaosvpn''''''
| |
− | | |
− | | |
− | === Build and Install the application ===
| |
− | | |
− | After editing the makefile, we need to make and install the application.
| |
− | | |
− | $ gmake
| |
− | $ su -
| |
− | # gmake bsdinstall
| |
− | | |
− | | |
− | | |
− | | |
− | = Get your new node added to the central configuration =
| |
− | | |
− | {{Template:ChaosVPNMailit}}
| |
− |
| |
− | | |
− | = Customize config file =
| |
− | | |
− | edit the chaosvpn.conf in /usr/pkg/etc/tinc/
| |
− | | |
− | $my_peerid = <nodename>
| |
− |
| |
− | $my_vpn_ip = 172.31.<your Subnet>.[1-255]
| |
− | | |
− | = Enable Starting of ChaosVPN =
| |
− | | |
− | | |
− | | |
− | On other systems you have to take a look at our debian/init.d example script and adapt it for your environment.
| |
− | | |
− | | |
− | | |
− | | |
− | You installed it manually with make install. You have to set up chaosvpn to auto-start however you desire.
| |
− | | |
− | | |
− | and with luck, it will function beautifully! ;)
| |
− | | |
− | | |
− | = Uninstall =
| |
− | | |
− | But why would you want to? :)
| |
− | | |
− | rm /etc/rc.d/chaosvpn
| |
− | rm /usr/pkg/sbin/chaosvpn
| |
− | rm -rf /usr/pkg/etc/tinc/*
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | [[Category:ChaosVPN]]
| |