docs: update vpn/openvpn/servidor

2022-05-25 23:45:56 +00:00 · 2022-05-25 23:45:56 +00:00 · 5b1905e9bc
commit 5b1905e9bc
parent bb90567abb
1 changed files with 73 additions and 15 deletions
--- a/vpn/openvpn/servidor.md
+++ b/vpn/openvpn/servidor.md
@ -2,7 +2,7 @@
 title: OpenVPN - Servidor
 description: Tutorial de instalación del Servidor OpenVPN
 published: true
-date: 2022-05-25T23:19:11.192Z
+date: 2022-05-25T23:45:52.556Z
 tags: vpn, servidor, debian
 editor: markdown
 dateCreated: 2022-05-18T16:48:57.246Z
@ -647,6 +647,7 @@ cd ~/client-configs
 sudo ./make_config.sh client1
 sudo ./make_config.sh client2
 sudo ./make_config.sh client3
 sudo ./make_config.sh client3
 ```
 * Los fichero resultantes, `bastionado-client{1,2,3}.ovpn` deberán entregarse a los clientes para que éstos puedan conectar a la VPN.
@ -681,7 +682,7 @@ table inet filter {
                # allow existing connections
                ct state related,established accept
-                # allow packats from vpn interface
+                # allow packets from vpn interface
                iifname $vpn_if oifname $outside_if accept
        }
@ -719,17 +720,69 @@ sudo systemctl restart nftables.service && sudo systemctl status nftables.servic
 sudo systemctl enable nftables.service
 ```
 ## OpenVPN + TOR
 ### Configuración de OpenVPN
 ```bash
 sudo cp /etc/openvpn/server.conf /etc/openvpn/tor.conf
 ```
 ```bash
 sudo vim /etc/openvpn/tor.conf
 ```
 ```bash
 port 6175
 dev tun1
 server 10.10.20.0 255.255.255.0
 ifconfig-pool-persist /var/log/openvpn/ipp-tor.txt
 push "dhcp-option DNS 10.10.20.1"
 push "dhcp-option DNS 1.1.1.1"
 status /var/log/openvpn/openvpn-status-tor.log
 log-append  /var/log/openvpn/openvpn-tor.log
 ```
 ### Puesta en funcionamiento del servicio
 * Arrancar y comprobar el estado del servicio OpenVPN
 ```bash
 sudo systemctl restart openvpn@tor && sudo systemctl status openvpn@tor
 ```
 * Comprobar la existencia de la intefaz virtual de OpenVPN
 ```bash
 ip addr show tun1
 ```
 * Habilitar el arranque automático de OpenVPN
 ```bash
 sudo systemctl enable openvpn@tor
 ```
 ## Habilitando tor
 ```bash
-sudo apt install tor
+sudo apt install tor -y
 sudo vim /etc/tor/torrc
-  VirtualAddrNetwork 10.192.0.0/10
+VirtualAddrNetwork 10.192.0.0/10
-  AutomapHostsOnResolve 1
+AutomapHostsOnResolve 1
-  DNSPort 10.8.0.1:53530
+AutomapHostsSuffixes .onion,.exit
-  TransPort 10.8.0.1:9040
+DNSPort 10.10.20.1:53530
 TransPort 10.10.20.1:9040
 ExitNodes {us} 
 StrictNodes 1
 sudo systemctl restart tor.service
@ -740,10 +793,14 @@ sudo netstat -tulpen | grep tor
 #!/usr/sbin/nft -f
 flush ruleset
-define vpn_port=1194
+define vpn_port=6174
 define vpn_if=tun0
 define outside_if=enp0s17
-define vpn_subnet=10.8.0.0/24
+define vpn_subnet=10.10.10.0/24
 define vpn_port_tor=6175
 define vpn_if_tor=tun1
 define vpn_subnet_tor=10.10.20.0/24
 table inet filter {
@ -751,6 +808,9 @@ table inet filter {
        chain input {
                # allow OpenVPN connections to the Server
                udp dport $vpn_port accept
                # allow OpenVPN TOR connections to the Server
                udp dport $vpn_port_tor accept
        }
        chain forward {
@ -760,9 +820,8 @@ table inet filter {
                # allow existing connections
                ct state related,established accept
-                # allow packats from vpn interface
+                # allow packets from vpn interface
                iifname $vpn_if oifname $outside_if accept
        }
        chain output {
@ -781,15 +840,14 @@ table ip nat {
                # enable NAT for VPN
                iifname $vpn_if oifname $outside_if ip saddr $vpn_subnet masquerade
        }
        chain prerouting {
            # Transparent proxy to TOR
            type nat hook prerouting priority 0;
-            iifname $vpn_if ip saddr $vpn_subnet udp dport 53 counter dnat to 10.8.0.1:53530
+            iifname $vpn_if_tor ip saddr $vpn_subnet udp dport 53 counter dnat to 10.10.20.1:53530
-            iifname $vpn_if ip protocol tcp ip saddr $vpn_subnet counter dnat to 10.8.0.1:9040
+            iifname $vpn_if_tor ip protocol tcp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
-            iifname $vpn_if ip protocol udp ip saddr $vpn_subnet counter dnat to 10.8.0.1:9040
+            iifname $vpn_if_tor ip protocol udp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
        }
 }