CETI/wiki-bastionado
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: update vpn/openvpn/servidor

Browse Source
This commit is contained in:
José Antonio Yáñez Jiménez 2022-05-26 00:06:34 +00:00 committed by José Antonio Yáñez Jiménez
parent 5b1905e9bc
commit d559c24c87
1 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
vpn/openvpn/servidor.md
View File

@ -2,7 +2,7 @@
title: OpenVPN - Servidor title: OpenVPN - Servidor
description: Tutorial de instalación del Servidor OpenVPN description: Tutorial de instalación del Servidor OpenVPN
published: true published: true
date: 2022-05-25T23:45:52.556Z date: 2022-05-26T00:06:30.918Z
tags: vpn, servidor, debian tags: vpn, servidor, debian
editor: markdown editor: markdown
dateCreated: 2022-05-18T16:48:57.246Z dateCreated: 2022-05-18T16:48:57.246Z
@ -781,8 +781,7 @@ AutomapHostsOnResolve 1
AutomapHostsSuffixes .onion,.exit AutomapHostsSuffixes .onion,.exit
DNSPort 10.10.20.1:53530 DNSPort 10.10.20.1:53530
TransPort 10.10.20.1:9040 TransPort 10.10.20.1:9040
ExitNodes {us} ExitNodes {us} StrictNodes 1
StrictNodes 1
sudo systemctl restart tor.service sudo systemctl restart tor.service
@ -822,6 +821,9 @@ table inet filter {
# allow packets from vpn interface # allow packets from vpn interface
iifname $vpn_if oifname $outside_if accept iifname $vpn_if oifname $outside_if accept
# allow packets from vpn interface
iifname $vpn_if_tor oifname $outside_if accept
} }
chain output { chain output {
@ -840,12 +842,15 @@ table ip nat {
# enable NAT for VPN # enable NAT for VPN
iifname $vpn_if oifname $outside_if ip saddr $vpn_subnet masquerade iifname $vpn_if oifname $outside_if ip saddr $vpn_subnet masquerade
# enable NAT for TOR VPN
iifname $vpn_if_tor oifname $outside_if ip saddr $vpn_subnet_tor masquerade
} }
chain prerouting { chain prerouting {
# Transparent proxy to TOR # Transparent proxy to TOR
type nat hook prerouting priority 0; type nat hook prerouting priority 0;
iifname $vpn_if_tor ip saddr $vpn_subnet udp dport 53 counter dnat to 10.10.20.1:53530 iifname $vpn_if_tor ip saddr $vpn_subnet_tor udp dport 53 counter dnat to 10.10.20.1:53530
iifname $vpn_if_tor ip protocol tcp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040 iifname $vpn_if_tor ip protocol tcp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
iifname $vpn_if_tor ip protocol udp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040 iifname $vpn_if_tor ip protocol udp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
} }
@ -857,16 +862,15 @@ table ip nat {
sudo systemctl restart nftables.service && sudo systemctl status nftables.service sudo systemctl restart nftables.service && sudo systemctl status nftables.service
``` ```
```bash ### Configuración de script de cliente
sudo vim /etc/openvpn/server.conf
push "dhcp-option DNS 10.8.0.1"
```
```bash ```bash
sudo systemctl restart openvpn@server.service && sudo systemctl status openvpn@server.service cp ~/client-configs/base.conf ~/client-configs/base-tor.conf
cp ~/client-configs/make_config.sh ~/client-configs/make_config_tor.sh
``` ```
## Landing Page para descarga de configuración cliente ## Landing Page para descarga de configuración cliente
```bash ```bash
@ -884,7 +888,10 @@ sudo apt install nginx-core nginx-common nginx nginx-full apache2-utils
```bash ```bash
cd /var/www cd /var/www
sudo htpasswd -c .htpasswd client1 sudo htpasswd -c .htpasswd1 client1
sudo htpasswd -c .htpasswd2 client2
sudo htpasswd -c .htpasswd3 client3
sudo htpasswd -c .htpasswd4 client4
``` ```
```bash ```bash
@ -941,11 +948,30 @@ server {
server_name _; server_name _;
location /download { location /download/client1 {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
auth_basic "Client Area"; auth_basic "Client Area";
auth_basic_user_file /var/www/.htpasswd; auth_basic_user_file /var/www/.htpasswd1;
} }
location /download/client2 {
try_files $uri $uri/ =404;
auth_basic "Client Area";
auth_basic_user_file /var/www/.htpasswd2;
}
location /download/client3 {
try_files $uri $uri/ =404;
auth_basic "Client Area";
auth_basic_user_file /var/www/.htpasswd2;
}
location /download/client4 {
try_files $uri $uri/ =404;
auth_basic "Client Area";
auth_basic_user_file /var/www/.htpasswd4;
}
} }
``` ```
@ -957,7 +983,10 @@ scp -i .\.ssh\id_admin_bastionado .\bastionado-vpn.tar ovpn@ovpn.bastionado.es:/
sudo tar -xvf bastionado-vpn.tar -C /var/www/html sudo tar -xvf bastionado-vpn.tar -C /var/www/html
sudo cp /home/ovpn/client-configs/files/bastionado-client1.ovpn /var/www/html/download sudo cp /home/ovpn/client-configs/files/bastionado-client1.ovpn /var/www/html/download/client1
sudo cp /home/ovpn/client-configs/files/bastionado-client2.ovpn /var/www/html/download/client2
sudo cp /home/ovpn/client-configs/files/bastionado-client3.ovpn /var/www/html/download/client3
sudo cp /home/ovpn/client-configs/files/bastionado-client4.ovpn /var/www/html/download/client4
sudo chown -R www-data:www-data /var/www sudo chown -R www-data:www-data /var/www