docs: update vpn/openvpn/servidor
This commit is contained in:
José Antonio Yáñez Jiménez
parent
5b1905e9bc
commit
d559c24c87
@ -2,7 +2,7 @@
|
||||
title: OpenVPN - Servidor
|
||||
description: Tutorial de instalación del Servidor OpenVPN
|
||||
published: true
|
||||
date: 2022-05-25T23:45:52.556Z
|
||||
date: 2022-05-26T00:06:30.918Z
|
||||
tags: vpn, servidor, debian
|
||||
editor: markdown
|
||||
dateCreated: 2022-05-18T16:48:57.246Z
|
||||
@ -781,8 +781,7 @@ AutomapHostsOnResolve 1
|
||||
AutomapHostsSuffixes .onion,.exit
|
||||
DNSPort 10.10.20.1:53530
|
||||
TransPort 10.10.20.1:9040
|
||||
ExitNodes {us}
|
||||
StrictNodes 1
|
||||
ExitNodes {us} StrictNodes 1
|
||||
|
||||
sudo systemctl restart tor.service
|
||||
|
||||
@ -822,6 +821,9 @@ table inet filter {
|
||||
|
||||
# allow packets from vpn interface
|
||||
iifname $vpn_if oifname $outside_if accept
|
||||
|
||||
# allow packets from vpn interface
|
||||
iifname $vpn_if_tor oifname $outside_if accept
|
||||
}
|
||||
|
||||
chain output {
|
||||
@ -840,12 +842,15 @@ table ip nat {
|
||||
|
||||
# enable NAT for VPN
|
||||
iifname $vpn_if oifname $outside_if ip saddr $vpn_subnet masquerade
|
||||
|
||||
# enable NAT for TOR VPN
|
||||
iifname $vpn_if_tor oifname $outside_if ip saddr $vpn_subnet_tor masquerade
|
||||
}
|
||||
|
||||
chain prerouting {
|
||||
# Transparent proxy to TOR
|
||||
type nat hook prerouting priority 0;
|
||||
iifname $vpn_if_tor ip saddr $vpn_subnet udp dport 53 counter dnat to 10.10.20.1:53530
|
||||
iifname $vpn_if_tor ip saddr $vpn_subnet_tor udp dport 53 counter dnat to 10.10.20.1:53530
|
||||
iifname $vpn_if_tor ip protocol tcp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
|
||||
iifname $vpn_if_tor ip protocol udp ip saddr $vpn_subnet_tor counter dnat to 10.10.20.1:9040
|
||||
}
|
||||
@ -857,16 +862,15 @@ table ip nat {
|
||||
sudo systemctl restart nftables.service && sudo systemctl status nftables.service
|
||||
```
|
||||
|
||||
```bash
|
||||
sudo vim /etc/openvpn/server.conf
|
||||
|
||||
push "dhcp-option DNS 10.8.0.1"
|
||||
```
|
||||
### Configuración de script de cliente
|
||||
|
||||
```bash
|
||||
sudo systemctl restart openvpn@server.service && sudo systemctl status openvpn@server.service
|
||||
cp ~/client-configs/base.conf ~/client-configs/base-tor.conf
|
||||
|
||||
cp ~/client-configs/make_config.sh ~/client-configs/make_config_tor.sh
|
||||
```
|
||||
|
||||
|
||||
## Landing Page para descarga de configuración cliente
|
||||
|
||||
```bash
|
||||
@ -884,7 +888,10 @@ sudo apt install nginx-core nginx-common nginx nginx-full apache2-utils
|
||||
```bash
|
||||
cd /var/www
|
||||
|
||||
sudo htpasswd -c .htpasswd client1
|
||||
sudo htpasswd -c .htpasswd1 client1
|
||||
sudo htpasswd -c .htpasswd2 client2
|
||||
sudo htpasswd -c .htpasswd3 client3
|
||||
sudo htpasswd -c .htpasswd4 client4
|
||||
```
|
||||
|
||||
```bash
|
||||
@ -941,11 +948,30 @@ server {
|
||||
|
||||
server_name _;
|
||||
|
||||
location /download {
|
||||
location /download/client1 {
|
||||
try_files $uri $uri/ =404;
|
||||
auth_basic "Client Area";
|
||||
auth_basic_user_file /var/www/.htpasswd;
|
||||
auth_basic_user_file /var/www/.htpasswd1;
|
||||
}
|
||||
|
||||
location /download/client2 {
|
||||
try_files $uri $uri/ =404;
|
||||
auth_basic "Client Area";
|
||||
auth_basic_user_file /var/www/.htpasswd2;
|
||||
}
|
||||
|
||||
location /download/client3 {
|
||||
try_files $uri $uri/ =404;
|
||||
auth_basic "Client Area";
|
||||
auth_basic_user_file /var/www/.htpasswd2;
|
||||
}
|
||||
|
||||
location /download/client4 {
|
||||
try_files $uri $uri/ =404;
|
||||
auth_basic "Client Area";
|
||||
auth_basic_user_file /var/www/.htpasswd4;
|
||||
}
|
||||
|
||||
}
|
||||
```
|
||||
|
||||
@ -957,7 +983,10 @@ scp -i .\.ssh\id_admin_bastionado .\bastionado-vpn.tar ovpn@ovpn.bastionado.es:/
|
||||
|
||||
sudo tar -xvf bastionado-vpn.tar -C /var/www/html
|
||||
|
||||
sudo cp /home/ovpn/client-configs/files/bastionado-client1.ovpn /var/www/html/download
|
||||
sudo cp /home/ovpn/client-configs/files/bastionado-client1.ovpn /var/www/html/download/client1
|
||||
sudo cp /home/ovpn/client-configs/files/bastionado-client2.ovpn /var/www/html/download/client2
|
||||
sudo cp /home/ovpn/client-configs/files/bastionado-client3.ovpn /var/www/html/download/client3
|
||||
sudo cp /home/ovpn/client-configs/files/bastionado-client4.ovpn /var/www/html/download/client4
|
||||
|
||||
sudo chown -R www-data:www-data /var/www
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user