Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:pppossh:server [2023/03/12 23:43] – [3. VPN service] vgaetera | docs:guide-user:services:vpn:pppossh:server [2023/03/16 12:52] – consolidate variable naming vgaetera | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | * This how-to describes the method for setting up [[https:// | + | * This how-to describes the method for setting up PPPoSSH server on OpenWrt. |
| * Follow [[docs: | * Follow [[docs: | ||
| Line 11: | Line 11: | ||
| ===== Command-line instructions ===== | ===== Command-line instructions ===== | ||
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| - | Specify | + | Specify configuration parameters |
| <code bash> | <code bash> | ||
| # Configuration parameters | # Configuration parameters | ||
| VPN_PORT=" | VPN_PORT=" | ||
| - | VPN_PUB="/ | ||
| </ | </ | ||
| - | ==== 2. Firewall ==== | + | ==== 2. Key management ==== |
| + | Generate and exchange [[docs: | ||
| + | Set up key-based authentication. | ||
| + | |||
| + | <code bash> | ||
| + | # Server private key | ||
| + | VPN_KEY="/ | ||
| + | |||
| + | # Generate server public key | ||
| + | dropbearkey -y -f ${VPN_KEY} \ | ||
| + | | sed -n -e "/ | ||
| + | |||
| + | # Client public key | ||
| + | VPN_PUB=" | ||
| + | |||
| + | # Configure PKI | ||
| + | cat << EOF >> / | ||
| + | ${VPN_PUB} | ||
| + | EOF | ||
| + | </ | ||
| + | |||
| + | ==== 3. Firewall ==== | ||
| Consider VPN network as private. | Consider VPN network as private. | ||
| Assign VPN interface to LAN zone to minimize firewall setup. | Assign VPN interface to LAN zone to minimize firewall setup. | ||
| Line 41: | Line 61: | ||
| </ | </ | ||
| - | ==== 3. VPN service ==== | + | ==== 4. VPN service ==== |
| Configure VPN service. | Configure VPN service. | ||
| + | Disable password authentication. | ||
| <code bash> | <code bash> | ||
| # Configure VPN service | # Configure VPN service | ||
| - | cat << EOI > / | ||
| - | ${VPN_PUB} | ||
| - | EOI | ||
| uci set dropbear.@dropbear[0].Port=" | uci set dropbear.@dropbear[0].Port=" | ||
| uci set dropbear.@dropbear[0].PasswordAuth=" | uci set dropbear.@dropbear[0].PasswordAuth=" | ||