Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:pppossh:client [2023/03/15 01:40] – [1. Preparation] vgaetera | docs:guide-user:services:vpn:pppossh:client [2023/10/29 01:01] – consolidate naming vgaetera | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| Install the required packages. | Install the required packages. | ||
| - | Specify | + | Specify configuration parameters |
| - | Generate server [[docs: | + | |
| <code bash> | <code bash> | ||
| Line 24: | Line 23: | ||
| VPN_PORT=" | VPN_PORT=" | ||
| VPN_SERV=" | VPN_SERV=" | ||
| - | VPN_ADDR=" | + | VPN_ADDR=" |
| VPN_USER=" | VPN_USER=" | ||
| - | VPN_PRIV="/ | + | </ |
| - | VPN_PUB=" | + | |
| + | ==== 2. Key management ==== | ||
| + | Generate and exchange [[docs: | ||
| + | Set up key-based authentication. | ||
| + | |||
| + | <code bash> | ||
| + | # Client private key | ||
| + | VPN_KEY="/ | ||
| + | |||
| + | # Generate client public key | ||
| + | dropbearkey -y -f ${VPN_KEY} \ | ||
| + | | sed -n -e "/ | ||
| + | |||
| + | # Server public key | ||
| + | VPN_PUB=" | ||
| # Configure PKI | # Configure PKI | ||
| - | mkdir -p ~root/.ssh | + | mkdir -p /root/.ssh |
| - | cat << EOF >> | + | cat << EOF >> |
| ${VPN_SERV} ${VPN_PUB% *} | ${VPN_SERV} ${VPN_PUB% *} | ||
| + | EOF | ||
| + | cat << EOF >> / | ||
| + | /root/.ssh | ||
| EOF | EOF | ||
| </ | </ | ||
| - | ==== 2. Firewall ==== | + | ==== 3. Firewall ==== |
| - | Consider VPN network as public. | + | {{section>docs: |
| - | Assign VPN interface to WAN zone to minimize firewall setup. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Configure | + | |
| - | uci rename firewall.@zone[0]=" | + | |
| - | uci rename firewall.@zone[1]=" | + | |
| - | uci del_list firewall.wan.network=" | + | |
| - | uci add_list firewall.wan.network=" | + | |
| - | uci commit firewall | + | |
| - | / | + | |
| - | </ | + | |
| - | ==== 3. Network ==== | + | ==== 4. Network ==== |
| Set up VPN interface. | Set up VPN interface. | ||
| Line 63: | Line 68: | ||
| uci set network.${VPN_IF}.peeraddr=" | uci set network.${VPN_IF}.peeraddr=" | ||
| uci set network.${VPN_IF}.sshuser=" | uci set network.${VPN_IF}.sshuser=" | ||
| - | uci add_list network.${VPN_IF}.identity=" | + | uci add_list network.${VPN_IF}.identity=" |
| uci set network.${VPN_IF}.ipv6=" | uci set network.${VPN_IF}.ipv6=" | ||
| uci commit network | uci commit network | ||
| - | / | + | service |
| </ | </ | ||
| Line 79: | Line 84: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||