Update README.md
This commit is contained in:
bedefaced
GitHub
parent
11b4d1997f
commit
3f558a3ff0
150
README.md
150
README.md
@ -1,6 +1,150 @@
|
||||
# vpn-install
|
||||
Simple PPTP, L2TP/IPsec, OpenVPN installers
|
||||
Simple PPTP, L2TP/IPsec, OpenVPN installers for fast, user-friendly deployment.
|
||||
|
||||
**Under development (not fully tested).**
|
||||
## Requirements
|
||||
Tested only on Ubuntu 16.04. All packages will be installed from Ubuntu repository.
|
||||
|
||||
**Please test only on virtual machines.**
|
||||
## Installation
|
||||
Download: `git clone --depth=1 https://github.com/bedefaced/vpn-install.git`
|
||||
|
||||
And then some of (under root or using *sudo*):
|
||||
* `vpn-install/pptp/install.sh`
|
||||
* `vpn-install/openvpn/install.sh`
|
||||
* `vpn-install/ipsec/install.sh`
|
||||
|
||||
These "wizards" will install required packages, generate necessary config files, update network configurations (to enable routing), add iptables rules, add cron jobs (for restarting servers, restoring iptables rules after reboot).
|
||||
|
||||
You will be answered for login-passwords of VPN users, some network information, preferred DNS-resolvers, client-to-client routing possibility.
|
||||
|
||||
|
||||
## PPTP
|
||||
Only MS-CHAP v2 with MPPE-128 encryption is allowed.
|
||||
|
||||
Note that PPTP is **NOT** recommended for transmission secret data, because all strong PPTP authentication algorithms have been already hacked: see [link](https://isc.sans.edu/forums/diary/End+of+Days+for+MSCHAPv2/13807/) for more information.
|
||||
|
||||
By default (see [pptpd.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/pptp/pptpd.conf.dist) and [env.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/env.sh)) it uses 172.16.0.0/24 subnet.
|
||||
|
||||
### Files
|
||||
* [adduser.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/adduser.sh) - script for user-friendly chap-secrets file editing.
|
||||
* [autostart.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/autostart.sh) - script for adding cron jobs (iptables restoring after boot and server running state checking).
|
||||
* [checkserver.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/checkserver.sh) - script for cron job, which check server running state.
|
||||
* [checkuser.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/checkuser.sh) - script for user-friendly chap-secrets file existing user checking.
|
||||
* [deluser.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/deluser.sh) - script for user-friendly chap-secrets file existing user removing.
|
||||
* [dns.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/dns.sh) - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
|
||||
* [env.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/env.sh) - common for all scripts config variables (subnet, ip, config files paths).
|
||||
* [install.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/install.sh) - main installation script (wizard).
|
||||
* [iptables-setup.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/iptables-setup.sh) - iptables configuration script.
|
||||
* [options.pptp.dist](https://github.com/bedefaced/vpn-install/blob/master/pptp/options.pptp.dist) - [PPP options](https://ppp.samba.org/pppd.html) template.
|
||||
* [pptpd.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/pptp/pptpd.conf.dist) - [PPTPD config](https://www.freebsd.org/cgi/man.cgi?query=pptpd.conf&sektion=5&manpath=FreeBSD+8.0-RELEASE+and+Ports) template.
|
||||
* [sysctl.sh](https://github.com/bedefaced/vpn-install/blob/master/pptp/sysctl.sh) - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).
|
||||
|
||||
### Client
|
||||
**On Linux:**
|
||||
|
||||
Use default Network Manager (if Ubuntu) VPN-connection creation wizard or set it up manually:
|
||||
|
||||
`apt-get install pptp`
|
||||
|
||||
Create a new file (for example) **/etc/ppp/peers/pptpserver** and add the following lines, replacing name and password with your own values:
|
||||
```
|
||||
pty "pptp [IP of VPN] --nolaunchpppd"
|
||||
name [LOGIN]
|
||||
remotename pptp
|
||||
noauth
|
||||
require-mppe-128
|
||||
```
|
||||
Add `[LOGIN] * [PASSWORD] *` line to **/etc/ppp/chap-secrets**.
|
||||
|
||||
then
|
||||
`pppd call pptpserver` and `poff pptpserver` to close connection.
|
||||
|
||||
**On Windows:**
|
||||
|
||||
Create new VPN-connection using standart 'Set up a new connection or network' wizard, select PPTP VPN and provide host, login and password information. In the 'Security' tab of created connection check only MS-CHAP v2 protocol.
|
||||
|
||||
|
||||
## IPsec
|
||||
IPsec over L2TP VPN server with pre-shared key.
|
||||
|
||||
Only MS-CHAP v2 is allowed on L2TP.
|
||||
|
||||
IPsec implementation: strongSwan.
|
||||
|
||||
L2TP implementation: xl2tpd.
|
||||
|
||||
By default (see [xl2tpd.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/ipsec/xl2tpd.conf.dist) and [env.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/env.sh)) it uses 172.18.0.0/24 subnet.
|
||||
|
||||
IKE encryption algorithms: aes256-sha1, aes128-sha1, 3des-sha1.
|
||||
|
||||
See [ipsec.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/ipsec/ipsec.conf.dist) for more information.
|
||||
|
||||
### Files
|
||||
* [adduser.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/adduser.sh) - script for user-friendly chap-secrets file editing.
|
||||
* [autostart.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/autostart.sh) - script for adding cron jobs (iptables restoring after boot and server running state checking).
|
||||
* [checkserver.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/checkserver.sh) - script for cron job, which check servers running state.
|
||||
* [checkuser.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/checkuser.sh) - script for user-friendly chap-secrets file existing user checking.
|
||||
* [deluser.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/deluser.sh) - script for user-friendly chap-secrets file existing user removing.
|
||||
* [dns.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/dns.sh) - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
|
||||
* [env.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/env.sh) - common for all scripts config variables (subnet, ip, config files paths).
|
||||
* [install.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/install.sh) - main installation script (wizard).
|
||||
* [ipsec.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/ipsec/ipsec.conf.dist) - [IPsec (strongSwan) config](https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection) file template.
|
||||
* [iptables-setup.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/iptables-setup.sh) - iptables configuration script.
|
||||
* [options.xl2tpd.dist](https://github.com/bedefaced/vpn-install/blob/master/ipsec/options.xl2tpd.dist) - [PPP options](https://ppp.samba.org/pppd.html) template.
|
||||
* [psk.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/psk.sh) - script for user-friendly creating pre-shared key in [ipsec.secrets](https://linux.die.net/man/5/ipsec.secrets) file.
|
||||
* [sysctl.sh](https://github.com/bedefaced/vpn-install/blob/master/ipsec/sysctl.sh) - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).
|
||||
* [xl2tpd.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/ipsec/xl2tpd.conf.dist) - [xl2tpd config](https://linux.die.net/man/5/xl2tpd.conf) file template.
|
||||
|
||||
### Client
|
||||
**On Linux:**
|
||||
|
||||
`apt-get install strongswan xl2tpd`
|
||||
|
||||
Download config files from server and follow [guide](https://smekkley.wordpress.com/2015/07/25/ipsec-over-l2tp-access-from-arch-linux-with-strongswan-and-xl2tpd/).
|
||||
|
||||
**On Windows:**
|
||||
|
||||
Create new VPN-connection using standart 'Set up a new connection or network' wizard, select 'L2TP/IPsec with pre-shared key', provide host, login and password information.
|
||||
|
||||
In the 'Security' tab of created connection check only MS-CHAP v2 protocol, then enter to 'Advanced settings' and enter your pre-shared key.
|
||||
|
||||
|
||||
## OpenVPN
|
||||
Server and client certificates and TLS auth are used for authentication (generating using Easy-RSA package, see [adduser.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/adduser.sh) and [install.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/install.sh)).
|
||||
|
||||
Used cipher: AES-256-CBC (see [openvpn-server.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/openvpn/openvpn-server.conf.dist)).
|
||||
|
||||
By default (see [openvpn-server.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/openvpn/openvpn-server.conf.dist) and [env.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/env.sh)) it uses 172.20.0.0/24 subnet.
|
||||
Port 1194 (default).
|
||||
|
||||
### Files
|
||||
* [adduser.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/adduser.sh) - script for user-friendly client config and key+certificate generating.
|
||||
* [autostart.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/autostart.sh) - script for adding cron jobs (iptables restoring after boot and server running state checking).
|
||||
* [checkserver.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/checkserver.sh) - script for cron job, which check server running state.
|
||||
* [dns.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/dns.sh) - script for user-friendly modifiying of DNS-resolver settings which will be pushed to Windows clients.
|
||||
* [env.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/env.sh) - common for all scripts config variables (subnet, ip, config files paths).
|
||||
* [install.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/install.sh) - main installation script (wizard).
|
||||
* [iptables-setup.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/iptables-setup.sh) - iptables configuration script.
|
||||
* [openvpn-server-embedded.ovpn.dist](https://github.com/bedefaced/vpn-install/blob/master/openvpn/openvpn-server-embedded.ovpn.dist) - client config file with embedded keys and certificates template.
|
||||
* [openvpn-server.conf.dist](https://github.com/bedefaced/vpn-install/blob/master/openvpn/openvpn-server.conf.dist) - OpenVPN server [config file](https://openvpn.net/index.php/open-source/documentation/howto.html) template.
|
||||
* [openvpn-server.ovpn.dist](https://github.com/bedefaced/vpn-install/blob/master/openvpn/openvpn-server.ovpn.dist) - client config file template.
|
||||
* [sysctl.sh](https://github.com/bedefaced/vpn-install/blob/master/openvpn/sysctl.sh) - script for set up IP forwarding and disabling some packets due to security reasons (using sysctl).
|
||||
|
||||
### Client
|
||||
**On Linux:**
|
||||
|
||||
```
|
||||
apt-get install openvpn
|
||||
openvpn --config config.ovpn
|
||||
```
|
||||
|
||||
**On Windows:**
|
||||
|
||||
Download OpenVPV GUI client: [https://openvpn.net/index.php/open-source/downloads.html](https://openvpn.net/index.php/open-source/downloads.html).
|
||||
|
||||
Import config and connect, or run explorer context menu command.
|
||||
|
||||
## TODO
|
||||
* more testing
|
||||
* support other OSs
|
||||
* PPTP Linux client files autogenerating
|
||||
* L2TP/IPsec Linux client files autogenerating
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user