Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pppossh:client [2023/03/16 12:53] – consolidate variable naming vgaeteradocs:guide-user:services:vpn:pppossh:client [2023/10/29 01:01] – consolidate naming vgaetera
Line 23: Line 23:
 VPN_PORT="22" VPN_PORT="22"
 VPN_SERV="SERVER_ADDRESS" VPN_SERV="SERVER_ADDRESS"
-VPN_ADDR="192.168.5.2 192.168.5.1"+VPN_ADDR="192.168.9.2 192.168.9.1"
 VPN_USER="root" VPN_USER="root"
 </code> </code>
  
 ==== 2. Key management ==== ==== 2. Key management ====
-Generate and exchange [[docs:guide-user:services:vpn:pppossh:start#key_management|keys]] between client and server.+Generate and exchange [[docs:guide-user:services:vpn:pppossh:start#key_management|keys]] between server and client.
 Set up key-based authentication. Set up key-based authentication.
  
Line 43: Line 43:
  
 # Configure PKI # Configure PKI
-mkdir -p ~root/.ssh +mkdir -p /root/.ssh 
-cat << EOF >> ~root/.ssh/known_hosts+cat << EOF >> /root/.ssh/known_hosts
 ${VPN_SERV} ${VPN_PUB% *} ${VPN_SERV} ${VPN_PUB% *}
 +EOF
 +cat << EOF >> /etc/sysupgrade.conf
 +/root/.ssh
 EOF EOF
 </code> </code>
  
 ==== 3. Firewall ==== ==== 3. Firewall ====
-Consider VPN network as public. +{{section>docs:guide-user:services:vpn:wireguard:client#firewall&noheader&nofooter&noeditbutton}}
-Assign VPN interface to WAN zone to minimize firewall setup. +
- +
-<code bash> +
-Configure firewall +
-uci rename firewall.@zone[0]="lan" +
-uci rename firewall.@zone[1]="wan" +
-uci del_list firewall.wan.network="${VPN_IF}+
-uci add_list firewall.wan.network="${VPN_IF}+
-uci commit firewall +
-/etc/init.d/firewall restart +
-</code>+
  
 ==== 4. Network ==== ==== 4. Network ====
Line 79: Line 71:
 uci set network.${VPN_IF}.ipv6="1" uci set network.${VPN_IF}.ipv6="1"
 uci commit network uci commit network
-/etc/init.d/network restart+service network restart
 </code> </code>
  
Line 92: Line 84:
 <code bash> <code bash>
 # Restart services # Restart services
-/etc/init.d/log restart; /etc/init.d/network restart; sleep 10+service log restart; service network restart; sleep 10
  
 # Log and status # Log and status
  • Last modified: 2023/10/29 03:23
  • by vgaetera