Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "User:Othtim"

From CCCHHWiki
Jump to: navigation, search
m (Customize config file)
m
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<!--<div style="border:3px solid black; text-align:center; color:red;"><b>THIS DOCUMENTATION IS ONLY PARTIALLY FINISHED FOR CHAOSVPN 2.0!</b></div>-->
 
  
  
  
= Install software =
 
  
The following is written assuming a fresh install of NetBSD 5.2 using the GENERIC kernel, with a pkgsrc repository and networking already configured.
+
[[ChaosVPN:Netbsd NAT VPN router using chaosvpn and ipnat]]
  
== Install necessary programs from pkgsrc ==
 
  
# pkg_add  tinc  (will add lzo as a dependancy)
+
[[ChaosVPN:Tims_NetBSD_chaosvpn_rc.d]]
# pkg_add  zlib
 
# pkg_add  bison (will install m4 as a dependancy)
 
# pkg_add  flex
 
# pkg_add  openssl
 
# pkg_add  gmake
 
  
we will also need to install git. Installing git from pkgsrc brings in a long list of other packages (mostly related to Perl) which I list below.
+
[[ChaosVPN:Tims_ipf_conf]]
  
# pkg_add  scmgit
+
[[ChaosVPN:Tims_netbsd_route_hack_attempt]]
  
adds the following packages as dependancies:
 
  
scmgit-base
+
[[ChaosVPN:Tims_random_router_configs]]
scmgit-docs
 
tcl
 
tk
 
scmgit-gitk
 
perl-5
 
p5-Error
 
p5-MIME-Base64
 
p5-TimeDate
 
p5-MailTools
 
p5-Digest-SHA
 
p5-Digest-MD5
 
p5-Digest-HMAC
 
p5-Net-IP
 
p5-Sockets
 
p5-Net-DNS
 
p5-IO-Socket-INET6
 
p5-Email-Valid
 
p5-Net-LibIDN
 
p5-Net-SSLeay
 
p5-IO-Socket-SSL
 
p5-Net-SMTP
 
p5-GSSAPI
 
p5-Authen-SASL
 
libffi
 
python27
 
curl
 
 
 
== Create config directory ==
 
 
 
# mkdir -p /usr/pkgsrc/etc/tinc/chaos
 
 
 
== Build ChaosVPN ==
 
 
 
=== Security concerns ===
 
 
 
It’s best to create a new, non-root user specifically for running ChaosVPN. This user will need to be listed in the '''sudoers''' file, and will need to be a member of the '''wheel''' group, so you can run the <code>sudo</code> and <code>su</code> commands, respectively. In the file <code>/usr/local/etc/tinc/chaosvpn.conf</code>, change the option '''$tincd_user''' to that new user.
 
 
 
 
 
 
 
=== Get the ChaosVPN source from the git repository ===
 
 
 
Always needed to compile:
 
 
 
$ git clone git://github.com/ryd/chaosvpn.git
 
$ cd chaosvpn
 
 
 
 
 
 
 
=== Editing the Makefile ===
 
 
 
We are actually kind of using the FreeBSD install options, since there is no NetBSD specific install at this time. So we will have to edit the Makefile.
 
 
 
Navigate to the directory where you installed git information for chaosvpn. Open the Makefile with your favorite text editor, and change the following lines:
 
 
 
'''line 7'''
 
ifneq (,$(findstring FreeBSD,$(OS)))
 
''needs to change to:''
 
ifneq (,$(findstring '''NetBSD''',$(OS)))
 
 
 
'''line 10'''
 
PREFIX?=/usr/local
 
''needs to change to:''
 
PREFIX?='''/usr/pkg'''
 
 
 
'''line 11'''
 
TINCDIR?=/usr/local/etc/tinc
 
''needs to change to:''
 
TINCDIR?='''/usr/pkg/etc/tinc'''
 
 
 
'''line 93'''
 
install -m 0755 freebsd.rc.d $(DESTDIR)$(PREFIX)/etc/rc.d/chaosvpn
 
''needs to change to:''
 
'''install -m 0755 freebsd.rc.d /etc/rc.d/chaosvpn''''''
 
 
 
 
 
=== Build and Install the application ===
 
 
 
After editing the makefile, we need to make and install the application.
 
 
 
$ gmake
 
$ su -
 
# gmake bsdinstall
 
 
 
 
 
 
 
 
 
= Get your new node added to the central configuration =
 
 
 
{{Template:ChaosVPNMailit}}
 
 
 
 
= Customize config file =
 
 
 
edit the chaosvpn.conf in /usr/pkg/etc/tinc/
 
 
 
$my_peerid = <nodename>
 
 
$my_vpn_ip = 172.31.<your Subnet>.[1-255]
 
 
 
= Enable Starting of ChaosVPN =
 
 
 
 
 
 
 
On other systems you have to take a look at our debian/init.d example script and adapt it for your environment.
 
 
 
 
 
 
 
 
 
You installed it manually with make install. You have to set up chaosvpn to auto-start however you desire.
 
 
 
 
 
and with luck, it will function beautifully! ;)
 
 
 
 
 
= Uninstall =
 
 
 
But why would you want to? :)
 
 
 
rm /etc/rc.d/chaosvpn
 
rm /usr/pkg/sbin/chaosvpn
 
rm -rf /usr/pkg/etc/tinc/*
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
[[Category:ChaosVPN]]
 

Latest revision as of 07:11, 8 December 2013