1
edit
Changes
no edit summary
[[Category:Enterprise Hyperscale Lab]]
The [[EHL]] has a OpenVPN and PPTP VPN for remote access.
== OpenVPN method == === Generate OpenVPN certificates for your machine === 1. SSH to red and login as root ssh red sudo su - 2. Generate certificate with easy-rsa (Replace <HOSTNAME> with your own) cd /etc/openvpn/easy-rsa source ./vars ./build-key <HOSTNAME>'''NOTE:''' No information needed to be inputted except answering (y/n) === Copy certificates to your machine === 1. ON YOUR MACHINE: Create ~/.cert on your own machine: mkdir ~/.cert 2. ON RED: Copy certificates from red scp /etc/openvpn/easy-rsa/keys/{ca.crt,<HOSTNAME>.crt,<HOSTNAME>.key} <HOSTNAME>:~/.cert 3. ON YOUR MACHINE: Reset SELinux permissions restorecon -R ~/.cert === Setting up a OpenVPN connection in Gnome network settings === To set up access to the VPN from a remote Fedora system graphically: # Access the '''Network''' portion of the '''Setting''' application.# Click the '''+''' sign to add a new network connection.# Select '''VPN''' as the connection type.# Select '''OpenVPN''' as the VPN type.# Fill in these parameters:#* Gateway: <code>ehl.internal.cdot.systems</code> (currently: 10.46.52.62)#* Type: <code>Certificates (TLS)</code>#* User Certificate: <code>~/.cert/<HOSTNAME>.crt</code>#* CA Certificate: <code>~/.cert/ca.crt</code>#* Private Key: <code>~/.cert/<HOSTNAME>.key</code># Click on '''Advanced...''' button at the right corner#* Check the box marked '''"Use LZO data compression"'''#* In the '''Security''' tab, choose '''"AES-256-CBC"''' as cipher#* Click OK to finish advanced settings# In the '''IPv4''' tab, check the box marked '''"Use this connection only for resources on its network"'''.# Apply the changes.# Start the VPN with the control in the Network Settings screen or at the top of the Gnome screen. === Setting up OpenVPN connection via command line === Add a new basic vpn using nmcli: nmcli conn add con-name EHL type vpn ifname lo vpn-type openvpn Edit ''/etc/NetworkManager/system-connections/EHL'' and add following lines: [connection] ... #interface-name=lo <----- Remove this line autoconnect=true [vpn] ... connection-type=tls remote=ehl.internal.cdot.systems cipher=AES-256-CBC comp-lzo=yes cert-pass-flags=0 ca=/home/<user>/.cert/ca.crt key=/home/<user>/.cert/newzealand.key cert=/home/<user>/.cert/newzealand.crt [ipv6] method=auto [ipv4] method=auto never-default=true Reload configuration file: nmcli conn reload Turn on the VPN connection: nmcli conn up EHL == PPTP Method (Not recommended) == === Creating a VPN User ===
1. Add an entry to the /etc/ppp/chap-secrets file on <code>morocco</code>:
2. Reload the pptpd server: <code>sudo systemctl reload pptpd</code>
=== Setting up Remote Access Using NetworkManager GUI Setup Tools in Fedora (Gnome) ===
To set up access to the VPN from a remote Fedora system graphically:
Note: If you are unable to connect to the VPN after following the above steps, it is possibly due to the firewall restricting access. To check if that is the case, turn off the firewall temporarily with <code>sudo systemctl stop firewalld</code> and attempt to the connect to the VPN. Turn the firewall back on afterwards with <code>sudo systemctl start firewalld</code>.
=== Setting up VPN via command line ===
Add a new basic vpn using nmcli:
nmcli conn add con-name EHL type vpn ifname ppp0 vpn-type pptp
...
gateway=ehl.internal.cdot.systems
user=[<Your VPN Username]>
password-flags=0
[vpn-secrets]
password=[<Your VPN Password]>
[ipv6]
nmcli conn up EHL
=== Firewall Adjustment ===
To enable this to work through the Fedora firewall, issue these commands:
