Experiences with OpenVPN-client on ALIX.2D3: Difference between revisions

From Alpine Linux
(Picture on ALIX, Notes on serial console, Modifying instructions to specify how you do things by using ACF)
(Openvpn config)
Line 101: Line 101:
Next we create a config-file called 'openvpn.conf'
Next we create a config-file called 'openvpn.conf'
* Networking > openvpn > config > (write 'openvpn.conf' in the "file name" field and then press [Create])
* Networking > openvpn > config > (write 'openvpn.conf' in the "file name" field and then press [Create])
Now we have a record called 'openvpn.conf' in the list, now it's time to configure it by chosing "Expert" action.
Our file looks something like this:
<PRE>
client
dev tun
proto udp
remote "public IP" 1194
resolv-retry infinite
nobind
ns-cert-type server
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
</PRE>


== firewall ==
== firewall ==

Revision as of 14:02, 30 July 2009

OpenVPN client on ALIX.2D3

We needed to connect a RemoteDesktop client (a thinclient) and a SIP-phone to a OpenVPN-network to be able to reach some services.
It was not possible to install openvpn in ether the thinclient or the SIP-phone, so we needed a OpenVPN gateway.

We bought a ALIX.2D3 which would act as gateway for the various clients.
File:Alix2b3.jpg
(This board has 3 nics)

Preparing the ALIX

The ALIX-board was shipped with a enclosure and a CF-card.

Prepare CF

Installing_Alpine_on_Compact_Flash has instructions on how to prepare a CF.
Basically we followed this doc (except that we used Alpine-1.8.3 instead of installing Alpine-1.9).

Connecting to the ALIX board

The board has no graphic-card, so before we get the network configured, we need to configure it through a serial-cable.
We need to modify the 'syslinux.cfg' which now is on our CF-card.

Append the following to the lines that start with 'append'.

console=tty1,38400 console=ttyS0,9600

This will cause the console to be displayed on the serial port.

Now you can attach a computer to your ALIX with a serial cable and put your serial-program to listen on 9600/8/N/1

Mounting

The CF-card was mounted in the ALIX-board and the board was mounted in the enclosure.

setup-alpine

We got connected to your ALIX board through the serial console and could start configuring it.
A nice command is available to setup the basic settings for a new Alpine box.

setup-alpine

setup-webconf

Next we want to configure/install the ACF (webconfiguration) that gives you posibility to administer your box with a web-browser

setup-webconf

The box now has a ACF running and you can start browsing this box.
But first you need to attach it to a network and figure out what IP-address it got.

Because we are running Alpine_1.8 we need to change the default user/password by using a webbrowser to

  • go to https://{ip_of_our_ALIX_box}/
  • Login with username=alpine password=test123
  • Chose 'User management' from the menu at left and delete existing default-accounts and create a new

Note: From now on we use ACF to do our configuration and installation.
If we need to use the console, you will be instructed.

sshd

Install required packages

  • System > Packages > Available > acf-openssh > "Install"

We put our private keys in it to be able to administer this box remotely

  • Applications > ssh > Authorized users > root "Edit this account"

Pasted our keys in the 'SSH Certificate Contents' box and press [Save]

Now we need to make sure the process starts at next reboot

  • Applications > ssh > Status > "Schedule autostart"

We chose the following values

  • Startup Sequence = 40
  • Add kill link for shutdown = Yes

Saved our settings with [Save] button

dhcpd

Install required packages

  • System > Packages > Available > acf-dhcp > "Install"

Now we can start configuring dhcpd

  • Networking > DHCP > Config

We configured the global settings and added a subnet to give out IP-addresses.

We need to modify some values from the {Expert} tab.
Update the config with the following values (and press [Save] when done).

ddns-update-style ad-hoc;

Next we need to tell dhcpd which nics to listen on
Note: This needs to be done from console because ACF-dhcp is missing the feature on how to do this.

vi /etc/conf.d/dhcpd

Modify the file so it looks like this:

DHCPD_IFACE="eth1 eth2"

Back to ACF and we now start up dhcp

  • Networking > DHCP > Config > [Start]

Now we need to make sure the process starts at next reboot

  • Applications > dhcp > Status > "Schedule autostart"

We chose the following values

  • Startup Sequence = 90
  • Add kill link for shutdown = Yes

Saved our settings with [Save] button

openvpn

Install required packages

  • System > Packages > Available > acf-openvpn > "Install"

Now we need to make sure the process starts at next reboot

  • Networking > openvpn > Status > "Schedule autostart"

We chose the following values

  • Startup Sequence = 80
  • Add kill link for shutdown = Yes

Saved our settings with [Save] button

Next we create a config-file called 'openvpn.conf'

  • Networking > openvpn > config > (write 'openvpn.conf' in the "file name" field and then press [Create])

Now we have a record called 'openvpn.conf' in the list, now it's time to configure it by chosing "Expert" action.

Our file looks something like this:

client
dev tun
proto udp
remote "public IP" 1194
resolv-retry infinite
nobind
ns-cert-type server
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3

firewall

Now we install shorewall (the ACF-version)

apk_add acf-shorewall

Now through the webinterface (ACF) you can modify the next files as follows:

interfaces

zones

policy

rules