Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN:DebianHowto"

From CCCHHWiki
Jump to: navigation, search
(removed german version, only the english one will be updated)
(first changes for chaosvpn 2.0 integrated)
Line 5: Line 5:
 
= QUICK HOWTO FOR DEBIAN USER =
 
= QUICK HOWTO FOR DEBIAN USER =
  
== 0. Install necessary perl modules and helper programs ==
+
== 0. Install necessary helper programs ==
  
# apt-get install libwww-perl
+
needed to use the chaosvpn client:
# apt-get install libcrypt-ssleay-perl
 
  
Alternatively these may be installed via CPAN, but of course these each have many prerequisite modules.
+
# apt-get install iproute
  
  # apt-get install iproute
+
needed to compile the chaosvpn-client if not using a precreated debian package for it:
 +
 
 +
  # apt-get install build-essential debhelper devscripts git-core libcurl4-openssl-dev
  
 
== 1. Install tinc ==
 
== 1. Install tinc ==
Line 18: Line 19:
 
  # apt-get install tinc
 
  # apt-get install tinc
  
Either the package from Debian unstable, or my sarge backport of [http://debian.sdinet.de/sarge/sdinet/tinc/ http://debian.sdinet.de/sarge/sdinet/tinc/]
+
Either the package from Debian unstable, or my lenny backport of [http://debian.sdinet.de/lenny/sdinet/tinc/ http://debian.sdinet.de/lenny/sdinet/tinc/]
  
This should be at least version 1.0.4, but to reach some subnets (due to an error) tincd SVN r1450 or 1.0.5 (when released)
+
This should be at least version 1.0.10.
  
 
Or visit [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/], download and build yourself -
 
Or visit [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/], download and build yourself -
Line 63: Line 64:
 
I need the following info:
 
I need the following info:
  
  nodename=<nodename>
+
  [<nodename>]
 
  gatewayhost=<clienthost>
 
  gatewayhost=<clienthost>
 +
  This should be the external name or ip address of the client host, not a VPN address.
 +
  If the client is not reachable over the internet leave it out and set hidden=1 below.
 
  network=<ipv4 subnet in the vpn>
 
  network=<ipv4 subnet in the vpn>
 
  network6=<ipv6 subnet in the vpn>
 
  network6=<ipv6 subnet in the vpn>
Line 70: Line 73:
  
 
   These subnets must be unique in our vpn,
 
   These subnets must be unique in our vpn,
   simply renumber your home network with a network block that is still free.
+
   simply renumber your home network (or use something like NETMAP) with a network block that is still free.
 
 
  *.23.*, *.42.*, *.0.* and *.1.* are bad candidates ;)
 
  
   Currently, there is no searchable list of assigned subnets.
+
   Please use the list of assigned networks on [[ChaosVPN]], and add yourself there.
  
 
  owner=
 
  owner=
   Admin of the VPN gateway, with email address.
+
   Admin of the VPN gateway, with email address - a way to contact the responsible
 +
  person in case of problems with your network link.
  
 
  key
 
  key
Line 98: Line 100:
 
== 8. goto 6 unless $success ==
 
== 8. goto 6 unless $success ==
 
 
== 9. chaos-client download: ==
+
== 9. chaosvpn-client download and compile ==
 
 
# cd /usr/local/bin
 
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
 
 
Newer wget versions may require:
 
  
# cd /usr/local/bin
+
** TODO: THIS PART NEEDS TO BE EXPANDED **
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
  
Make executable, set ownership:
+
# git checkout git://github.com/ryd/chaosvpn.git
 +
# cd chaosvpn
  
# chmod 700 /usr/local/bin/chaosvpn-client.pl
+
way 1: just compile and install:
# chown root.root /usr/local/bin/chaosvpn-client.pl
 
  
== 10. config-template download: ==
+
# make
 +
# sudo make install
  
# cd /etc/tinc
+
way 2: create debian package and install this:
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
 
  
Newer wget versions may require:
+
# debuild
 +
  Answer the "This package has a Debian revision number but there does not seem to be
 +
  an appropriate original tar file or .orig directory in the parent directory" with "y"
 +
# sudo dpkg -i ../chaosvpn_2.0*.deb
 +
  install the generated package file, replace filename above with real name.
  
# cd /etc/tinc
+
== 10. Customize configfile ==
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
 
  
== 11. Customize configfile ==
+
/etc/tinc/chaosvpn.conf
  
 
In the top part are the variables.
 
In the top part are the variables.
  
== 12. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron ==
+
== 11. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron ==
  
 
and with luck, it will function beautifully! ;)
 
and with luck, it will function beautifully! ;)

Revision as of 23:10, 27 December 2009

Back

THIS DOCUMENTATION NEEDS TO BE UPDATED FOR CHAOSVPN 2.0!

QUICK HOWTO FOR DEBIAN USER

0. Install necessary helper programs

needed to use the chaosvpn client:

# apt-get install iproute

needed to compile the chaosvpn-client if not using a precreated debian package for it:

# apt-get install build-essential debhelper devscripts git-core libcurl4-openssl-dev

1. Install tinc

# apt-get install tinc

Either the package from Debian unstable, or my lenny backport of http://debian.sdinet.de/lenny/sdinet/tinc/

This should be at least version 1.0.10.

Or visit http://tinc.nl.linux.org/, download and build yourself - at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script

If the tinc installation gives the following error:

> ./MAKEDEV: don't know how to make device "tun"

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

2. Create config directory

# mkdir -p /etc/tinc/chaos

3. Generate keys

# tincd -n chaos --generate-keys=2048

and press return a few times...

4. Devise a network-nick

This is the name of the network endpoints/gatewways, not necessarily the users, it may even be more gateways per user.

Used below where <nodename> is.

5. Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Used below where <clienthost> is.

6. Mail haegar@ccc.de the info

I need the following info:

[<nodename>]
gatewayhost=<clienthost>
 This should be the external name or ip address of the client host, not a VPN address.
 If the client is not reachable over the internet leave it out and set hidden=1 below.
network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
  this may be more than one, IPv4 or IPv6
 These subnets must be unique in our vpn,
 simply renumber your home network (or use something like NETMAP) with a network block that is still free.
 Please use the list of assigned networks on ChaosVPN, and add yourself there.
owner=
 Admin of the VPN gateway, with email address - a way to contact the responsible
 person in case of problems with your network link.
key
 rsa-public-key - contents of /etc/tinc/chaos/rsa_key.pub
optional the following details:
use-tcp-only=1
 "I don't do udp, we only use suboptimal tcp"
hidden=1
 "I cannot accept inbound tunnel connections, I can only connect out."
 (e.g. behind a NAT)
silent=1
 "I cannot connect out, but you can connect to me."

7. Awaiting Response

8. goto 6 unless $success

9. chaosvpn-client download and compile

    • TODO: THIS PART NEEDS TO BE EXPANDED **
# git checkout git://github.com/ryd/chaosvpn.git
# cd chaosvpn

way 1: just compile and install:

# make
# sudo make install

way 2: create debian package and install this:

# debuild
 Answer the "This package has a Debian revision number but there does not seem to be
 an appropriate original tar file or .orig directory in the parent directory" with "y"
# sudo dpkg -i ../chaosvpn_2.0*.deb
 install the generated package file, replace filename above with real name.

10. Customize configfile

/etc/tinc/chaosvpn.conf

In the top part are the variables.

11. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

and with luck, it will function beautifully! ;)


todo: tons ;) test in particular, and adjust docs for other linux distros, and perhaps even with *bsd