Experiences with OpenVPN-client on ALIX.2D3: Difference between revisions
(→firewall: Initial shorewall notes) |
(Picture on ALIX, Notes on serial console, Modifying instructions to specify how you do things by using ACF) |
||
| Line 3: | Line 3: | ||
It was not possible to install openvpn in ether the thinclient or the SIP-phone, so we needed a OpenVPN gateway. | It was not possible to install openvpn in ether the thinclient or the SIP-phone, so we needed a OpenVPN gateway. | ||
We bought a ALIX.2D3 which would act as gateway for the various clients. ( | We bought a ALIX.2D3 which would act as gateway for the various clients.<BR> | ||
[[Image:Alix2b3.jpg]]<BR> | |||
(This board has 3 nics) | |||
== Preparing the ALIX == | == Preparing the ALIX == | ||
| Line 13: | Line 13: | ||
[[Installing_Alpine_on_Compact_Flash]] has instructions on how to prepare a CF.<BR> | [[Installing_Alpine_on_Compact_Flash]] has instructions on how to prepare a CF.<BR> | ||
Basically we followed this doc (except that we used Alpine-1.8.3 instead of installing Alpine-1.9). | Basically we followed this doc (except that we used Alpine-1.8.3 instead of installing Alpine-1.9). | ||
=== Connecting to the ALIX board === | |||
The board has no graphic-card, so before we get the network configured, we need to configure it through a serial-cable.<BR> | |||
We need to modify the 'syslinux.cfg' which now is on our CF-card. | |||
Append the following to the lines that start with 'append'. | |||
console=tty1,38400 console=ttyS0,9600 | |||
This will cause the console to be displayed on the serial port. | |||
Now you can attach a computer to your ALIX with a serial cable and put your serial-program to listen on 9600/8/N/1 | |||
=== Mounting === | === Mounting === | ||
| Line 18: | Line 28: | ||
== setup-alpine == | == setup-alpine == | ||
We got connected to your ALIX board through the serial console and could start configuring it.<BR> | |||
A nice command is available to setup the basic settings for a new Alpine box. | |||
setup-alpine | |||
== setup-webconf == | == setup-webconf == | ||
Next we want to configure/install the ACF (webconfiguration) that gives you posibility to administer your box with a web-browser | |||
setup-webconf | |||
The box now has a ACF running and you can start browsing this box.<BR> | |||
But first you need to attach it to a network and figure out what IP-address it got. | |||
Because we are running Alpine_1.8 we need to change the default user/password by using a webbrowser to | |||
* go to https://{ip_of_our_ALIX_box}/ | |||
* Login with username=alpine password=test123 | |||
* Chose 'User management' from the menu at left and delete existing default-accounts and create a new | |||
'''''Note:''' From now on we use ACF to do our configuration and installation.''<BR> | |||
''If we need to use the console, you will be instructed.'' | |||
== sshd == | == sshd == | ||
Install required packages | |||
* System > Packages > Available > acf-openssh > "Install" | |||
We put our private keys in it to be able to administer this box remotely | |||
* Applications > ssh > Authorized users > root "Edit this account" | |||
Pasted our keys in the 'SSH Certificate Contents' box and press [Save] | |||
== | Now we need to make sure the process starts at next reboot | ||
* Applications > ssh > Status > "Schedule autostart" | |||
We chose the following values | |||
* Startup Sequence = 40 | |||
* Add kill link for shutdown = Yes | |||
Saved our settings with [Save] button | |||
== dhcpd == | == dhcpd == | ||
Install required packages | |||
* System > Packages > Available > acf-dhcp > "Install" | |||
Next we need to tell dhcpd which nics to listen on | |||
Now we can start configuring dhcpd | |||
* Networking > DHCP > Config | |||
We configured the global settings and added a subnet to give out IP-addresses. | |||
We need to modify some values from the {Expert} tab.<BR> | |||
Update the config with the following values (and press [Save] when done). | |||
ddns-update-style ad-hoc; | |||
Next we need to tell dhcpd which nics to listen on<BR> | |||
'''''Note:''' This needs to be done from console because ACF-dhcp is missing the feature on how to do this.'' | |||
vi /etc/conf.d/dhcpd | vi /etc/conf.d/dhcpd | ||
Modify the file so it looks like this: | Modify the file so it looks like this: | ||
DHCPD_IFACE="eth1 eth2" | DHCPD_IFACE="eth1 eth2" | ||
Now we | |||
Back to ACF and we now start up dhcp | |||
* Networking > DHCP > Config > [Start] | |||
Now we need to make sure the process starts at next reboot | |||
* Applications > dhcp > Status > "Schedule autostart" | |||
We chose the following values | |||
* Startup Sequence = 90 | |||
* Add kill link for shutdown = Yes | |||
Saved our settings with [Save] button | |||
== openvpn == | |||
Install required packages | |||
* System > Packages > Available > acf-openvpn > "Install" | |||
Now we need to make sure the process starts at next reboot | |||
* Networking > openvpn > Status > "Schedule autostart" | |||
We chose the following values | |||
* Startup Sequence = 80 | |||
* Add kill link for shutdown = Yes | |||
Saved our settings with [Save] button | |||
Next we create a config-file called 'openvpn.conf' | |||
* Networking > openvpn > config > (write 'openvpn.conf' in the "file name" field and then press [Create]) | |||
== firewall == | == firewall == | ||
Revision as of 13:58, 30 July 2009
OpenVPN client on ALIX.2D3
We needed to connect a RemoteDesktop client (a thinclient) and a SIP-phone to a OpenVPN-network to be able to reach some services.
It was not possible to install openvpn in ether the thinclient or the SIP-phone, so we needed a OpenVPN gateway.
We bought a ALIX.2D3 which would act as gateway for the various clients.
File:Alix2b3.jpg
(This board has 3 nics)
Preparing the ALIX
The ALIX-board was shipped with a enclosure and a CF-card.
Prepare CF
Installing_Alpine_on_Compact_Flash has instructions on how to prepare a CF.
Basically we followed this doc (except that we used Alpine-1.8.3 instead of installing Alpine-1.9).
Connecting to the ALIX board
The board has no graphic-card, so before we get the network configured, we need to configure it through a serial-cable.
We need to modify the 'syslinux.cfg' which now is on our CF-card.
Append the following to the lines that start with 'append'.
console=tty1,38400 console=ttyS0,9600
This will cause the console to be displayed on the serial port.
Now you can attach a computer to your ALIX with a serial cable and put your serial-program to listen on 9600/8/N/1
Mounting
The CF-card was mounted in the ALIX-board and the board was mounted in the enclosure.
setup-alpine
We got connected to your ALIX board through the serial console and could start configuring it.
A nice command is available to setup the basic settings for a new Alpine box.
setup-alpine
setup-webconf
Next we want to configure/install the ACF (webconfiguration) that gives you posibility to administer your box with a web-browser
setup-webconf
The box now has a ACF running and you can start browsing this box.
But first you need to attach it to a network and figure out what IP-address it got.
Because we are running Alpine_1.8 we need to change the default user/password by using a webbrowser to
- go to https://{ip_of_our_ALIX_box}/
- Login with username=alpine password=test123
- Chose 'User management' from the menu at left and delete existing default-accounts and create a new
Note: From now on we use ACF to do our configuration and installation.
If we need to use the console, you will be instructed.
sshd
Install required packages
- System > Packages > Available > acf-openssh > "Install"
We put our private keys in it to be able to administer this box remotely
- Applications > ssh > Authorized users > root "Edit this account"
Pasted our keys in the 'SSH Certificate Contents' box and press [Save]
Now we need to make sure the process starts at next reboot
- Applications > ssh > Status > "Schedule autostart"
We chose the following values
- Startup Sequence = 40
- Add kill link for shutdown = Yes
Saved our settings with [Save] button
dhcpd
Install required packages
- System > Packages > Available > acf-dhcp > "Install"
Now we can start configuring dhcpd
- Networking > DHCP > Config
We configured the global settings and added a subnet to give out IP-addresses.
We need to modify some values from the {Expert} tab.
Update the config with the following values (and press [Save] when done).
ddns-update-style ad-hoc;
Next we need to tell dhcpd which nics to listen on
Note: This needs to be done from console because ACF-dhcp is missing the feature on how to do this.
vi /etc/conf.d/dhcpd
Modify the file so it looks like this:
DHCPD_IFACE="eth1 eth2"
Back to ACF and we now start up dhcp
- Networking > DHCP > Config > [Start]
Now we need to make sure the process starts at next reboot
- Applications > dhcp > Status > "Schedule autostart"
We chose the following values
- Startup Sequence = 90
- Add kill link for shutdown = Yes
Saved our settings with [Save] button
openvpn
Install required packages
- System > Packages > Available > acf-openvpn > "Install"
Now we need to make sure the process starts at next reboot
- Networking > openvpn > Status > "Schedule autostart"
We chose the following values
- Startup Sequence = 80
- Add kill link for shutdown = Yes
Saved our settings with [Save] button
Next we create a config-file called 'openvpn.conf'
- Networking > openvpn > config > (write 'openvpn.conf' in the "file name" field and then press [Create])
firewall
Now we install shorewall (the ACF-version)
apk_add acf-shorewall
Now through the webinterface (ACF) you can modify the next files as follows: