diff options
-rwxr-xr-x | etc/anytun/client1/post-up.sh | 5 | ||||
-rw-r--r-- | etc/anytun/server/conf.d/client1 | 48 | ||||
-rw-r--r-- | etc/anytun/server/config | 80 | ||||
-rwxr-xr-x | etc/anytun/server/post-up.sh | 22 |
4 files changed, 118 insertions, 37 deletions
diff --git a/etc/anytun/client1/post-up.sh b/etc/anytun/client1/post-up.sh index bf01387..e9e3a8b 100755 --- a/etc/anytun/client1/post-up.sh +++ b/etc/anytun/client1/post-up.sh @@ -3,5 +3,10 @@ ip link set dev $1 up ip link set dev $1 mtu 1400 ip addr add dev $1 192.168.123.1/24 +ip addr add dev $1 fec0::1/128 + +# Disable ICMP Redirects as they don't work within the tunnel +echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects +echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects exit 0 diff --git a/etc/anytun/server/conf.d/client1 b/etc/anytun/server/conf.d/client1 index c9b6f56..894fee7 100644 --- a/etc/anytun/server/conf.d/client1 +++ b/etc/anytun/server/conf.d/client1 @@ -1,9 +1,45 @@ -route 192.168.123.1/32 -window-size 0 +############################# +## main options # +############################# + +## Client ID +## (has to be unique for each client) mux 1 -key 0123456789ABCDEF0123456789ABCDEF -salt 0123456789ABCD0123456789ABCD -## remote host (autodetect if skiped) + +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy + +## Staticially configure remote address +## (autodetect if skiped) #remote-host <hostname|ip> -## remote host (autodetect if skiped) #remote-port 4444 + +############################# +## routing options # +############################# + +## Internal Routing entries +## multible routes allowed +## make sure to also set a system route in the post-up script +route 192.168.123.1/32 +route fec0::1/128 + +## Add a subnet route +## make sure to also set a system route in the post-up script +#route 192.168.12.0/24 +#route fec0:1::/48 + + +############################# +## Expert options # +############################# + +##Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF +#salt 0123456789ABCD0123456789ABCD +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/anytun/server/config b/etc/anytun/server/config index 2706b97..a23ddfb 100644 --- a/etc/anytun/server/config +++ b/etc/anytun/server/config @@ -1,45 +1,63 @@ -## Global Parameters -## don't run in background -#nodaemonize -## the sender id to use (has to be unique for multible anycast servers) -sender-id 1 -## local anycast ip address to bind to -#interface <ip-address> -## local anycast(data) port to bind to -port 4444 -## local unicast(sync) ip address to bind to -# sync-interface <ip-address> -## local unicast(sync) port to bind to -#sync-port 1234 -## remote hosts to sync with -#sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] +############################# +## multi connection support # +############################# + +## Controll Host for multi client support +## This enables multi-connection support and split configuration files per client +## Make sure to use a unique port for each server, when runnig multible servers +control-host 127.0.0.1:4444 + +############################# +## Main options # +############################# + ## Device name dev anytun0 + # device type tun = ip/ipv6, tap = ethernet type tun + ## payload encryption algorithm cipher aes-ctr #cipher null + ## message authentication algorithm auth-algo sha1 #auth-algo null + +## local ip address to bind to (for tunnel data) +## (if you operate an anycast cluster this must be the anycast ip address) +#interface <ip-address> + +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4444 + +############################# +## Debug options # +############################# +## don't run in background +#nodaemonize + +############################# +## Expert options # +############################# ## Automaticaly configure the interface an set a route +## +## We highly recommend the use of the post up script to do this +## ## 1st argument the local address for the tun/tap device ## 2nd argument is either the remote address(tun) or netmask(tap) #ifconfig <local> <remote|netmask> -## Controll Host for multi client support -control-host 127.0.0.1:4445 -### Connection Parameters (for clients without config server) -## remote host -#remote-host <hostname|ip> -## remote port -#remote-port <port> -##seqence number window size -## 0 turns off replay protection (for manualk keying) -#window-size 0 -## the multiplex id to use -#mux <mux-id> -## master key to use for encryption -#key <master key> -## master salt to use for encryption -#salt <master salt> + +############################# +## Cluster options # +############################# +## the sender id to use (has to be unique for multible anycast servers) +#sender-id 1 +## local unicast(sync) ip address to bind to +# sync-interface <ip-address> +## local unicast(sync) port to bind to +#sync-port 1234 +## remote hosts to sync with +#sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] diff --git a/etc/anytun/server/post-up.sh b/etc/anytun/server/post-up.sh index 1a3c443..dc30f09 100755 --- a/etc/anytun/server/post-up.sh +++ b/etc/anytun/server/post-up.sh @@ -1,4 +1,26 @@ #!/bin/sh ip link set dev $1 up ip link set mtu 1400 dev $1 + +# Add tunnel addresses ip addr add 192.168.123.254/24 dev $1 +ip addr add fec0::fd/64 dev $1 + +# Add routes to client subnets +# you also have to add these routes to the client configuration file of one client +# ip route add 192.168.12.0/24 dev $1 +# ip route add fec0:1::/48 dev $1 + +# Disable ICMP Redirects as they don't work within the tunnel +echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects +echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects + +# Enable Packet forwarding +echo 1 > /proc/sys/net/ipv6/conf/$1/forwarding +echo 1 > /proc/sys/net/ipv4/conf/$1/forwarding + +# Enable Routing to lokal ethernet interface +# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding +# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding + +exit 0 |