|
|
| (20 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | <!--<div style="border:3px solid black; text-align:center; color:red;"><b>THIS DOCUMENTATION IS ONLY PARTIALLY FINISHED FOR CHAOSVPN 2.0!</b></div>-->
| |
| | | | |
| | | | |
| | | | |
| − | = Install software =
| |
| | | | |
| − | The following is written assuming a fresh install of NetBSD 5.2 using the GENERIC kernel, with a pkgsrc repository and networking already configured.
| + | [[ChaosVPN:Netbsd NAT VPN router using chaosvpn and ipnat]] |
| | | | |
| − | == Install necessary programs from pkgsrc ==
| |
| | | | |
| − | # pkg_add tinc (will add lzo as a dependancy)
| + | [[ChaosVPN:Tims_NetBSD_chaosvpn_rc.d]] |
| − | # pkg_add zlib
| |
| − | # pkg_add bison (will install m4 as a dependancy)
| |
| − | # pkg_add flex
| |
| − | # pkg_add openssl
| |
| − | # pkg_add gmake
| |
| | | | |
| − | we will also need to install git. Installing git from pkgsrc brings in a long list of other packages (mostly related to Perl) which I list below.
| + | [[ChaosVPN:Tims_ipf_conf]] |
| | | | |
| − | # pkg_add scmgit
| + | [[ChaosVPN:Tims_netbsd_route_hack_attempt]] |
| | | | |
| − | adds the following packages as dependancies:
| |
| | | | |
| − | scmgit-base
| + | [[ChaosVPN:Tims_random_router_configs]] |
| − | scmgit-docs
| |
| − | tcl
| |
| − | tk
| |
| − | scmgit-gitk
| |
| − | perl-5
| |
| − | p5-Error
| |
| − | p5-MIME-Base64
| |
| − | p5-TimeDate
| |
| − | p5-MailTools
| |
| − | p5-Digest-SHA
| |
| − | p5-Digest-MD5
| |
| − | p5-Digest-HMAC
| |
| − | p5-Net-IP
| |
| − | p5-Sockets
| |
| − | p5-Net-DNS
| |
| − | p5-IO-Socket-INET6
| |
| − | p5-Email-Valid
| |
| − | p5-Net-LibIDN
| |
| − | p5-Net-SSLeay
| |
| − | p5-IO-Socket-SSL
| |
| − | p5-Net-SMTP
| |
| − | p5-GSSAPI
| |
| − | p5-Authen-SASL
| |
| − | libffi
| |
| − | python27
| |
| − | curl
| |
| − | | |
| − | == Create config directory ==
| |
| − | | |
| − | # mkdir -p /usr/pkgsrc/etc/tinc/chaos
| |
| − | | |
| − | == Build ChaosVPN ==
| |
| − | | |
| − | === Security concerns ===
| |
| − | | |
| − | It’s best to create a new, non-root user specifically for running ChaosVPN. This user will need to be listed in the '''sudoers''' file, and will need to be a member of the '''wheel''' group, so you can run the <code>sudo</code> and <code>su</code> commands, respectively. In the file <code>/usr/local/etc/tinc/chaosvpn.conf</code>, change the option '''$tincd_user''' to that new user.
| |
| − | | |
| − | | |
| − | | |
| − | === Get the ChaosVPN source from the git repository ===
| |
| − | | |
| − | Always needed to compile:
| |
| − | | |
| − | $ git clone git://github.com/ryd/chaosvpn.git
| |
| − | $ cd chaosvpn
| |
| − | | |
| − | | |
| − | | |
| − | === Editing the Makefile ===
| |
| − | | |
| − | We are actually kind of using the FreeBSD install options, since there is no NetBSD specific install at this time. So we will have to edit the Makefile.
| |
| − | | |
| − | Navigate to the directory where you installed git information for chaosvpn. Open the Makefile with your favorite text editor, and change the following lines:
| |
| − | | |
| − | '''line 7'''
| |
| − | ifneq (,$(findstring FreeBSD,$(OS)))
| |
| − | ''needs to change to:''
| |
| − | ifneq (,$(findstring '''NetBSD''',$(OS)))
| |
| − | | |
| − | '''line 10'''
| |
| − | PREFIX?=/usr/local
| |
| − | ''needs to change to:''
| |
| − | PREFIX?='''/usr/pkg'''
| |
| − | | |
| − | '''line 11'''
| |
| − | TINCDIR?=/usr/local/etc/tinc
| |
| − | ''needs to change to:''
| |
| − | TINCDIR?='''/usr/pkg/etc/tinc'''
| |
| − | | |
| − | '''line 93'''
| |
| − | install -m 0755 freebsd.rc.d $(DESTDIR)$(PREFIX)/etc/rc.d/chaosvpn
| |
| − | ''needs to change to:''
| |
| − | '''install -m 0755 freebsd.rc.d /etc/rc.d/chaosvpn''''''
| |
| − | | |
| − | | |
| − | === Build and Install the application ===
| |
| − | | |
| − | After editing the makefile, we need to make and install the application.
| |
| − | | |
| − | $ gmake
| |
| − | $ su -
| |
| − | # gmake bsdinstall
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | = Get your new node added to the central configuration =
| |
| − | | |
| − | {{Template:ChaosVPNMailit}}
| |
| − |
| |
| − | | |
| − | = Customize config file =
| |
| − | | |
| − | edit the chaosvpn.conf in /usr/pkg/etc/tinc/
| |
| − | | |
| − | $my_peerid = <nodename>
| |
| − |
| |
| − | $my_vpn_ip = 172.31.<your Subnet>.[1-255]
| |
| − | | |
| − | = Enable Starting of ChaosVPN =
| |
| − | | |
| − | | |
| − | | |
| − | On other systems you have to take a look at our debian/init.d example script and adapt it for your environment.
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | You installed it manually with make install. You have to set up chaosvpn to auto-start however you desire.
| |
| − | | |
| − | | |
| − | and with luck, it will function beautifully! ;)
| |
| − | | |
| − | | |
| − | = Uninstall =
| |
| − | | |
| − | But why would you want to? :)
| |
| − | | |
| − | rm /etc/rc.d/chaosvpn
| |
| − | rm /usr/pkg/sbin/chaosvpn
| |
| − | rm -rf /usr/pkg/etc/tinc/*
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | [[Category:ChaosVPN]]
| |
