Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pppossh:client [2023/03/12 22:21] – created vgaeteradocs:guide-user:services:vpn:pppossh:client [2023/10/29 01:01] – consolidate naming vgaetera
Line 3: Line 3:
  
 ===== Introduction ===== ===== Introduction =====
-  * This how-to describes the method for setting up [[https://github.com/openwrt/packages/blob/master/net/pppossh/README.md|PPPoSSH]] client on OpenWrt. +  * This how-to describes the method for setting up PPPoSSH client on OpenWrt. 
-  * Follow [[docs:guide-user:services:vpn:pppossh:server|PPPoSSH server]] to set up PPPoSSH server and [[docs:guide-user:services:vpn:pppossh:extras|PPPoSSH extras]] for additional tuning.+  * Follow [[docs:guide-user:services:vpn:pppossh:server|PPPoSSH server]] for server setup and [[docs:guide-user:services:vpn:pppossh:extras|PPPoSSH extras]] for additional tuning.
  
 ===== Goals ===== ===== Goals =====
Line 12: Line 12:
 ==== 1. Preparation ==== ==== 1. Preparation ====
 Install the required packages. Install the required packages.
-Specify the VPN client configuration parameters.+Specify configuration parameters for VPN client.
  
 <code bash> <code bash>
Line 23: Line 23:
 VPN_PORT="22" VPN_PORT="22"
 VPN_SERV="SERVER_ADDRESS" VPN_SERV="SERVER_ADDRESS"
-VPN_USER="USERNAME" +VPN_ADDR="192.168.9.2 192.168.9.1
-VPN_PRIV="/etc/dropbear/dropbear_ed25519_host_key" +VPN_USER="root"
-VPN_ADDR="192.168.5.2+
-VPN_PEER="192.168.5.1"+
 </code> </code>
  
-==== 2. Firewall ==== +==== 2. Key management ==== 
-Consider VPN network as public+Generate and exchange [[docs:guide-user:services:vpn:pppossh:start#key_management|keys]] between server and client
-Assign VPN interface to WAN zone to minimize firewall setup.+Set up key-based authentication.
  
 <code bash> <code bash>
-Configure firewall +Client private key 
-uci rename firewall.@zone[0]="lan+VPN_KEY="/etc/dropbear/dropbear_ed25519_host_key
-uci rename firewall.@zone[1]="wan" + 
-uci del_list firewall.wan.network="${VPN_IF}+# Generate client public key 
-uci add_list firewall.wan.network="${VPN_IF}" +dropbearkey -y -f ${VPN_KEY} \ 
-uci commit firewall +| sed -n -e "/^ssh-\S*\s/p> sshclient.pub 
-/etc/init.d/firewall restart+ 
 +# Server public key 
 +VPN_PUB="$(cat sshserver.pub)
 + 
 +# Configure PKI 
 +mkdir -p /root/.ssh 
 +cat << EOF >> /root/.ssh/known_hosts 
 +${VPN_SERV} ${VPN_PUB% *
 +EOF 
 +cat << EOF >> /etc/sysupgrade.conf 
 +/root/.ssh 
 +EOF
 </code> </code>
  
-==== 3. Network ====+==== 3. Firewall ==== 
 +{{section>docs:guide-user:services:vpn:wireguard:client#firewall&noheader&nofooter&noeditbutton}} 
 + 
 +==== 4. Network ====
 Set up VPN interface. Set up VPN interface.
  
Line 53: Line 65:
 uci set network.${VPN_IF}.server="${VPN_SERV}" uci set network.${VPN_IF}.server="${VPN_SERV}"
 uci set network.${VPN_IF}.port="${VPN_PORT}" uci set network.${VPN_IF}.port="${VPN_PORT}"
 +uci set network.${VPN_IF}.ipaddr="${VPN_ADDR% *}"
 +uci set network.${VPN_IF}.peeraddr="${VPN_ADDR#* }"
 uci set network.${VPN_IF}.sshuser="${VPN_USER}" uci set network.${VPN_IF}.sshuser="${VPN_USER}"
-uci add_list network.${VPN_IF}.identity="${VPN_PRIV}" +uci add_list network.${VPN_IF}.identity="${VPN_KEY}" 
-uci set network.ssh.ipaddr="${VPN_ADDR}+uci set network.${VPN_IF}.ipv6="1"
-uci set network.ssh.peeraddr="${VPN_PEER}"+
 uci commit network uci commit network
-/etc/init.d/network restart+service network restart
 </code> </code>
  
Line 71: Line 84:
 <code bash> <code bash>
 # Restart services # Restart services
-/etc/init.d/log restart; /etc/init.d/network restart; sleep 10+service log restart; service network restart; sleep 10
  
 # Log and status # Log and status
  • Last modified: 2023/10/29 03:23
  • by vgaetera