secres:notes
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
secres:notes [2021/12/03 10:38] – [OpenVPN] orel | secres:notes [2024/03/18 15:06] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1019: | Line 1019: | ||
</ | </ | ||
+ | |||
+ | == VPN (niveau 2) == | ||
+ | |||
+ | Nous allons mettre en place un VPN de niveau 2 (Ethernet) qui va étendre le LAN 192.168.0.0/ | ||
+ | |||
+ | <code text server.conf> | ||
+ | port 1194 | ||
+ | proto udp | ||
+ | dev tap0 | ||
+ | script-security 3 #system | ||
+ | up /root/up.sh | ||
+ | down / | ||
+ | ca ca-cert.pem | ||
+ | cert server-cert.pem | ||
+ | key server-key.pem | ||
+ | dh server-dh.pem | ||
+ | ifconfig-pool-persist ipp.txt | ||
+ | # | ||
+ | verify-x509-name " | ||
+ | client-to-client | ||
+ | # Les adresses allant de .100 to .200 sont r´eserv´ees aux clients VPN. | ||
+ | server-bridge 192.168.0.1 255.255.255.0 192.168.0.100 192.168.0.200 | ||
+ | # Ajout d’une route sp´ecifique vers le r´eseau 140.77.13.0/ | ||
+ | push "route 212.27.48.0 255.255.255.0 192.168.0.1" | ||
+ | keepalive 10 120 | ||
+ | comp-lzo | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | status openvpn-status.log | ||
+ | verb 3 | ||
+ | </ | ||
+ | |||
+ | On rajoute également les fichiers /root/up.sh et / | ||
+ | |||
+ | < | ||
+ | $ openvpn --config server.conf | ||
+ | # ... | ||
+ | # Initialization Sequence Completed | ||
+ | |||
+ | $ ifconfig | ||
+ | tap0: flags=4419< | ||
+ | inet6 fe80:: | ||
+ | ether da: | ||
+ | RX packets 0 bytes 0 (0.0 B) | ||
+ | RX errors 0 dropped 0 overruns 0 frame 0 | ||
+ | TX packets 27 bytes 2210 (2.1 KiB) | ||
+ | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | ||
+ | |||
+ | </ | ||
+ | |||
+ | Configurons maintenant le client1 sur nile... | ||
+ | |||
+ | <code text client1.conf> | ||
+ | client | ||
+ | dev tap | ||
+ | proto udp | ||
+ | remote 172.16.0.2 1194 | ||
+ | nobind | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | ca ca-cert.pem | ||
+ | cert client1-cert.pem | ||
+ | key client1-key.pem | ||
+ | verify-x509-name " | ||
+ | comp-lzo | ||
+ | verb 3 | ||
+ | lladdr AA: | ||
+ | </ | ||
+ | |||
+ | Puis démarrons le client VPN, on récupère normalement sur l' | ||
+ | |||
+ | < | ||
+ | $ openvpn --config client1.conf | ||
+ | </ | ||
+ | |||
+ | à compléter... | ||
==== SSH et Progammation avec OpenSSL ==== | ==== SSH et Progammation avec OpenSSL ==== | ||
secres/notes.1638527887.txt.gz · Last modified: 2024/03/18 15:05 (external edit)