Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Difference between revisions of "ChaosVPN:DebianHowto"
(removed german version, only the english one will be updated) |
(first changes for chaosvpn 2.0 integrated) |
||
Line 5: | Line 5: | ||
= QUICK HOWTO FOR DEBIAN USER = | = QUICK HOWTO FOR DEBIAN USER = | ||
− | == 0. Install necessary | + | == 0. Install necessary helper programs == |
− | + | needed to use the chaosvpn client: | |
− | |||
− | + | # apt-get install iproute | |
− | # apt-get install | + | needed to compile the chaosvpn-client if not using a precreated debian package for it: |
+ | |||
+ | # apt-get install build-essential debhelper devscripts git-core libcurl4-openssl-dev | ||
== 1. Install tinc == | == 1. Install tinc == | ||
Line 18: | Line 19: | ||
# apt-get install tinc | # apt-get install tinc | ||
− | Either the package from Debian unstable, or my | + | Either the package from Debian unstable, or my lenny backport of [http://debian.sdinet.de/lenny/sdinet/tinc/ http://debian.sdinet.de/lenny/sdinet/tinc/] |
− | This should be at least version 1.0. | + | This should be at least version 1.0.10. |
Or visit [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/], download and build yourself - | Or visit [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/], download and build yourself - | ||
Line 63: | Line 64: | ||
I need the following info: | I need the following info: | ||
− | + | [<nodename>] | |
gatewayhost=<clienthost> | gatewayhost=<clienthost> | ||
+ | This should be the external name or ip address of the client host, not a VPN address. | ||
+ | If the client is not reachable over the internet leave it out and set hidden=1 below. | ||
network=<ipv4 subnet in the vpn> | network=<ipv4 subnet in the vpn> | ||
network6=<ipv6 subnet in the vpn> | network6=<ipv6 subnet in the vpn> | ||
Line 70: | Line 73: | ||
These subnets must be unique in our vpn, | These subnets must be unique in our vpn, | ||
− | simply renumber your home network with a network block that is still free. | + | simply renumber your home network (or use something like NETMAP) with a network block that is still free. |
− | |||
− | |||
− | + | Please use the list of assigned networks on [[ChaosVPN]], and add yourself there. | |
owner= | owner= | ||
− | Admin of the VPN gateway, with email address. | + | Admin of the VPN gateway, with email address - a way to contact the responsible |
+ | person in case of problems with your network link. | ||
key | key | ||
Line 98: | Line 100: | ||
== 8. goto 6 unless $success == | == 8. goto 6 unless $success == | ||
− | == 9. | + | == 9. chaosvpn-client download and compile == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ** TODO: THIS PART NEEDS TO BE EXPANDED ** | |
− | |||
− | + | # git checkout git://github.com/ryd/chaosvpn.git | |
+ | # cd chaosvpn | ||
− | + | way 1: just compile and install: | |
− | |||
− | + | # make | |
+ | # sudo make install | ||
− | + | way 2: create debian package and install this: | |
− | |||
− | + | # debuild | |
+ | Answer the "This package has a Debian revision number but there does not seem to be | ||
+ | an appropriate original tar file or .orig directory in the parent directory" with "y" | ||
+ | # sudo dpkg -i ../chaosvpn_2.0*.deb | ||
+ | install the generated package file, replace filename above with real name. | ||
− | + | == 10. Customize configfile == | |
− | |||
− | + | /etc/tinc/chaosvpn.conf | |
In the top part are the variables. | In the top part are the variables. | ||
− | == | + | == 11. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron == |
and with luck, it will function beautifully! ;) | and with luck, it will function beautifully! ;) |
Revision as of 23:10, 27 December 2009
Contents
- 1 QUICK HOWTO FOR DEBIAN USER
- 1.1 0. Install necessary helper programs
- 1.2 1. Install tinc
- 1.3 2. Create config directory
- 1.4 3. Generate keys
- 1.5 4. Devise a network-nick
- 1.6 5. Hostname
- 1.7 6. Mail haegar@ccc.de the info
- 1.8 7. Awaiting Response
- 1.9 8. goto 6 unless $success
- 1.10 9. chaosvpn-client download and compile
- 1.11 10. Customize configfile
- 1.12 11. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron
QUICK HOWTO FOR DEBIAN USER
0. Install necessary helper programs
needed to use the chaosvpn client:
# apt-get install iproute
needed to compile the chaosvpn-client if not using a precreated debian package for it:
# apt-get install build-essential debhelper devscripts git-core libcurl4-openssl-dev
1. Install tinc
# apt-get install tinc
Either the package from Debian unstable, or my lenny backport of http://debian.sdinet.de/lenny/sdinet/tinc/
This should be at least version 1.0.10.
Or visit http://tinc.nl.linux.org/, download and build yourself - at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script
If the tinc installation gives the following error:
> ./MAKEDEV: don't know how to make device "tun"
Then create the device by hand:
# mkdir -p /dev/net # mknod /dev/net/tun c 10 200 # chown root:root /dev/net/tun # chmod 600 /dev/net/tun
2. Create config directory
# mkdir -p /etc/tinc/chaos
3. Generate keys
# tincd -n chaos --generate-keys=2048
and press return a few times...
4. Devise a network-nick
This is the name of the network endpoints/gatewways, not necessarily the users, it may even be more gateways per user.
Used below where <nodename> is.
5. Hostname
The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.
Used below where <clienthost> is.
6. Mail haegar@ccc.de the info
I need the following info:
[<nodename>] gatewayhost=<clienthost> This should be the external name or ip address of the client host, not a VPN address. If the client is not reachable over the internet leave it out and set hidden=1 below. network=<ipv4 subnet in the vpn> network6=<ipv6 subnet in the vpn> this may be more than one, IPv4 or IPv6
These subnets must be unique in our vpn, simply renumber your home network (or use something like NETMAP) with a network block that is still free.
Please use the list of assigned networks on ChaosVPN, and add yourself there.
owner= Admin of the VPN gateway, with email address - a way to contact the responsible person in case of problems with your network link.
key rsa-public-key - contents of /etc/tinc/chaos/rsa_key.pub
optional the following details:
use-tcp-only=1 "I don't do udp, we only use suboptimal tcp"
hidden=1 "I cannot accept inbound tunnel connections, I can only connect out." (e.g. behind a NAT)
silent=1 "I cannot connect out, but you can connect to me."
7. Awaiting Response
8. goto 6 unless $success
9. chaosvpn-client download and compile
- TODO: THIS PART NEEDS TO BE EXPANDED **
# git checkout git://github.com/ryd/chaosvpn.git # cd chaosvpn
way 1: just compile and install:
# make # sudo make install
way 2: create debian package and install this:
# debuild Answer the "This package has a Debian revision number but there does not seem to be an appropriate original tar file or .orig directory in the parent directory" with "y" # sudo dpkg -i ../chaosvpn_2.0*.deb install the generated package file, replace filename above with real name.
10. Customize configfile
/etc/tinc/chaosvpn.conf
In the top part are the variables.
11. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron
and with luck, it will function beautifully! ;)
todo:
tons ;)
test in particular, and adjust docs for other linux distros, and perhaps even with *bsd