VPN: Difference between revisions

← Older edit

VPN (view source)

Revision as of 01:18, 23 February 2024

193 bytes added , 1 year ago

no edit summary

Kg7qin

Bureaucrats, Interface administrators, Administrators

268

edits

@@ Line 34: / Line 34: @@
 === strongSwan to MikroTik ===
-Use the following configurations to connect a system running strongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC.
+Use the following configurations to connect a system running strongSwan to a MikroTik<ref>MikroTik Official Site [https://mikrotik.com/]</ref> device using IPSEC.
 ==== strongSwan config ====
 The following configuration will work on FreeBSD or Linux systems with strongSwan installed.
-''Note:  You can use this config to connect two non-MikroTik systems as well.  Just replicate the config below for each system you wish to connect.''
 =====ipsec.conf=====
@@ Line 228: / Line 226: @@
 {{go to top}}
-== Persistent SSH Tunnels ==
+==Persistent SSH Tunnels==
-{{go to top}}
 The following is how to create a persistent SSH Tunnel between two systems.  This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.
@@ Line 241: / Line 238: @@
 Now switch to the user and generate an SSH key:
 <pre>
-su -s /bin/bash useradd
+su -s /bin/bash autossh
 cd ~
 ssh-keygen -b 4096
@@ Line 253: / Line 250: @@
 ===Copy public key to target system===
-You will need to copy '''''id_rsa.pub''''' file from '''''/home/useradd/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.
+You will need to copy '''''id_rsa.pub''''' file from '''''/home/autossh/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.
 ''Note:  It is recommended that you also create a normal user on the remote system and not use root.''
@@ Line 264: / Line 261: @@
 ===Setup script===
-Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (usually /opt):
+Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (here we will save it as /opt/ssh-tunnel.sh):
 <pre>
 #!/bin/sh
 #
-# Uses autossh to establish a tunnel to allstarlink.org for the Graylog Collector Sidecar
-# on seal to pass data.
 su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'
 </pre>
 {| class="wikitable"
@@ Line 303: / Line 298: @@
 <pre>
-chmod +x <name_of_script>.sh
+chmod +x /opt/ssh-tunnel.sh
 </pre>
 ===Tunnel at startup===
-To have this tunnel automatically start if the system is rebooted, add a call to the script to rc.local.
+To have the tunnel up when the system restarts, choose one of the following methods
+====rc.local====
+Add a line to /etc/rc.local that calls the script.
 <pre>
-/opt/<name_of_script>.sh
+# Start AutoSSH tunnel at boot
+/opt/ssh-tunnel.sh
 </pre>
 ''Note:  You may have to enable rc.local on Ubuntu and Debian based systems via systemd.  Refer to your distributions documentation for information on how to enable it.''
+====systemd====
+To have the script start at boot with systemd, create the following file and add it to /etc/systemd/system/ssh-tunnel.service
+=====ssh-tunnel.service=====
+<pre>
+[Unit]
+Description=AutoSSH Tunnel at boot
+[Service]
+Type=oneshot
+ExecStart=/opt/ssh-tunnel.sh
+[Install]
+WantedBy=multi-user.target
+</pre>
+=====Enable service=====
+To enable the service to run via systemd run:
+<pre>
+systemctl enable ssh-tunnel.service
+</pre>
 == GRE Tunnel ==

VPN: Difference between revisions

VPN (view source)

Revision as of 01:18, 23 February 2024

Navigation menu

Search