Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pppossh:server [2023/03/13 12:57] – [Introduction] vgaeteradocs:guide-user:services:vpn:pppossh:server [2023/03/16 12:52] – consolidate variable naming vgaetera
Line 11: Line 11:
 ===== Command-line instructions ===== ===== Command-line instructions =====
 ==== 1. Preparation ==== ==== 1. Preparation ====
-Specify the VPN server configuration parameters.+Specify configuration parameters for VPN server.
  
 <code bash> <code bash>
 # Configuration parameters # Configuration parameters
 VPN_PORT="22" VPN_PORT="22"
-VPN_PUB="CLIENT_PUBLIC_KEY"+</code> 
 + 
 +==== 2. Key management ==== 
 +Generate and exchange [[docs:guide-user:services:vpn:pppossh:start#key_management|keys]] between client and server. 
 +Set up key-based authentication. 
 + 
 +<code bash> 
 +# Server private key 
 +VPN_KEY="/etc/dropbear/dropbear_ed25519_host_key" 
 + 
 +# Generate server public key 
 +dropbearkey -y -f ${VPN_KEY} \ 
 +| sed -n -e "/^ssh-\S*\s/p" > sshserver.pub 
 + 
 +# Client public key 
 +VPN_PUB="$(cat sshclient.pub)"
  
 # Configure PKI # Configure PKI
-cat << EOI > /etc/dropbear/authorized_keys+cat << EOF >> /etc/dropbear/authorized_keys
 ${VPN_PUB} ${VPN_PUB}
-EOI+EOF
 </code> </code>
  
-==== 2. Firewall ====+==== 3. Firewall ====
 Consider VPN network as private. Consider VPN network as private.
 Assign VPN interface to LAN zone to minimize firewall setup. Assign VPN interface to LAN zone to minimize firewall setup.
Line 46: Line 61:
 </code> </code>
  
-==== 3. VPN service ====+==== 4. VPN service ====
 Configure VPN service. Configure VPN service.
 +Disable password authentication.
  
 <code bash> <code bash>
  • Last modified: 2023/10/29 02:26
  • by vgaetera