Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

ChaosVPN:DebianHowto

From CCCHHWiki
Revision as of 22:55, 27 December 2009 by Haegar (talk | contribs) (removed german version, only the english one will be updated)
Jump to: navigation, search

Back

THIS DOCUMENTATION NEEDS TO BE UPDATED FOR CHAOSVPN 2.0!

QUICK HOWTO FOR DEBIAN USER

0. Install necessary perl modules and helper programs

# apt-get install libwww-perl
# apt-get install libcrypt-ssleay-perl

Alternatively these may be installed via CPAN, but of course these each have many prerequisite modules.

# apt-get install iproute

1. Install tinc

# apt-get install tinc

Either the package from Debian unstable, or my sarge backport of http://debian.sdinet.de/sarge/sdinet/tinc/

This should be at least version 1.0.4, but to reach some subnets (due to an error) tincd SVN r1450 or 1.0.5 (when released)

Or visit http://tinc.nl.linux.org/, download and build yourself - at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script

If the tinc installation gives the following error:

> ./MAKEDEV: don't know how to make device "tun"

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

2. Create config directory

# mkdir -p /etc/tinc/chaos

3. Generate keys

# tincd -n chaos --generate-keys=2048

and press return a few times...

4. Devise a network-nick

This is the name of the network endpoints/gatewways, not necessarily the users, it may even be more gateways per user.

Used below where <nodename> is.

5. Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Used below where <clienthost> is.

6. Mail haegar@ccc.de the info

I need the following info:

nodename=<nodename>
gatewayhost=<clienthost>
network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
  this may be more than one, IPv4 or IPv6
 These subnets must be unique in our vpn,
 simply renumber your home network with a network block that is still free.
 *.23.*, *.42.*, *.0.* and *.1.* are bad candidates ;)
 Currently, there is no searchable list of assigned subnets.
owner=
 Admin of the VPN gateway, with email address.
key
 rsa-public-key - contents of /etc/tinc/chaos/rsa_key.pub
optional the following details:
use-tcp-only=1
 "I don't do udp, we only use suboptimal tcp"
hidden=1
 "I cannot accept inbound tunnel connections, I can only connect out."
 (e.g. behind a NAT)
silent=1
 "I cannot connect out, but you can connect to me."

7. Awaiting Response

8. goto 6 unless $success

9. chaos-client download:

# cd /usr/local/bin
# wget -nd https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl

Newer wget versions may require:

# cd /usr/local/bin
# wget -nd --no-check-certificate https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl

Make executable, set ownership:

# chmod 700 /usr/local/bin/chaosvpn-client.pl
# chown root.root /usr/local/bin/chaosvpn-client.pl

10. config-template download:

# cd /etc/tinc
# wget -nd https://www.vpn.hamburg.ccc.de/chaosvpn.conf

Newer wget versions may require:

# cd /etc/tinc
# wget -nd --no-check-certificate https://www.vpn.hamburg.ccc.de/chaosvpn.conf

11. Customize configfile

In the top part are the variables.

12. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

and with luck, it will function beautifully! ;)


todo: tons ;) test in particular, and adjust docs for other linux distros, and perhaps even with *bsd