Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pppossh:client [2023/03/12 23:56] – [Command-line instructions] vgaeteradocs:guide-user:services:vpn:pppossh:client [2023/10/29 01:01] – consolidate naming vgaetera
Line 3: Line 3:
  
 ===== Introduction ===== ===== Introduction =====
-  * This how-to describes the method for setting up [[https://github.com/openwrt/packages/blob/master/net/pppossh/README.md|PPPoSSH]] client on OpenWrt.+  * This how-to describes the method for setting up PPPoSSH client on OpenWrt.
   * Follow [[docs:guide-user:services:vpn:pppossh:server|PPPoSSH server]] for server setup and [[docs:guide-user:services:vpn:pppossh:extras|PPPoSSH extras]] for additional tuning.   * Follow [[docs:guide-user:services:vpn:pppossh:server|PPPoSSH server]] for server setup and [[docs:guide-user:services:vpn:pppossh:extras|PPPoSSH extras]] for additional tuning.
  
Line 12: Line 12:
 ==== 1. Preparation ==== ==== 1. Preparation ====
 Install the required packages. Install the required packages.
-Specify the VPN client configuration parameters.+Specify configuration parameters for VPN client.
  
 <code bash> <code bash>
Line 23: Line 23:
 VPN_PORT="22" VPN_PORT="22"
 VPN_SERV="SERVER_ADDRESS" VPN_SERV="SERVER_ADDRESS"
-VPN_ADDR="192.168.5.2 192.168.5.1" +VPN_ADDR="192.168.9.2 192.168.9.1" 
-VPN_USER="USERNAME" +VPN_USER="root"
-VPN_PRIV="/etc/dropbear/dropbear_ed25519_host_key" +
-VPN_PUB="SERVER_PUBLIC_KEY" +
- +
-# Configure SSH keys +
-mkdir -p ~root/.ssh +
-cat << EOI > ~root/.ssh/known_hosts +
-${VPN_PUB} +
-EOI+
 </code> </code>
  
-==== 2. Firewall ==== +==== 2. Key management ==== 
-Consider VPN network as public+Generate and exchange [[docs:guide-user:services:vpn:pppossh:start#key_management|keys]] between server and client
-Assign VPN interface to WAN zone to minimize firewall setup.+Set up key-based authentication.
  
 <code bash> <code bash>
-Configure firewall +Client private key 
-uci rename firewall.@zone[0]="lan+VPN_KEY="/etc/dropbear/dropbear_ed25519_host_key
-uci rename firewall.@zone[1]="wan" + 
-uci del_list firewall.wan.network="${VPN_IF}+# Generate client public key 
-uci add_list firewall.wan.network="${VPN_IF}" +dropbearkey -y -f ${VPN_KEY} \ 
-uci commit firewall +| sed -n -e "/^ssh-\S*\s/p> sshclient.pub 
-/etc/init.d/firewall restart+ 
 +# Server public key 
 +VPN_PUB="$(cat sshserver.pub)
 + 
 +# Configure PKI 
 +mkdir -p /root/.ssh 
 +cat << EOF >> /root/.ssh/known_hosts 
 +${VPN_SERV} ${VPN_PUB% *
 +EOF 
 +cat << EOF >> /etc/sysupgrade.conf 
 +/root/.ssh 
 +EOF
 </code> </code>
  
-==== 3. Network ====+==== 3. Firewall ==== 
 +{{section>docs:guide-user:services:vpn:wireguard:client#firewall&noheader&nofooter&noeditbutton}} 
 + 
 +==== 4. Network ====
 Set up VPN interface. Set up VPN interface.
  
Line 62: Line 68:
 uci set network.${VPN_IF}.peeraddr="${VPN_ADDR#* }" uci set network.${VPN_IF}.peeraddr="${VPN_ADDR#* }"
 uci set network.${VPN_IF}.sshuser="${VPN_USER}" uci set network.${VPN_IF}.sshuser="${VPN_USER}"
-uci add_list network.${VPN_IF}.identity="${VPN_PRIV}"+uci add_list network.${VPN_IF}.identity="${VPN_KEY}"
 uci set network.${VPN_IF}.ipv6="1" uci set network.${VPN_IF}.ipv6="1"
 uci commit network uci commit network
-/etc/init.d/network restart+service network restart
 </code> </code>
  
Line 78: Line 84:
 <code bash> <code bash>
 # Restart services # Restart services
-/etc/init.d/log restart; /etc/init.d/network restart; sleep 10+service log restart; service network restart; sleep 10
  
 # Log and status # Log and status
  • Last modified: 2023/10/29 03:23
  • by vgaetera