Skip to content

Add FFEU VPN config #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
k3v1n-eu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add FFEU VPN config #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions freifunk/initial_configuration/openvpn.uci
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ config openvpn 'freifunk_kbu'
option enabled '0'
option config '/lib/freifunk/vpn/freifunk_kbu/client.conf'

# Freifunk-EU Exit-VPN
# # Weitere Infos:
Copy link
Copy Markdown
Owner

@yanosz yanosz Sep 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry für die späte Antwort: Ich würde den Request gerne merge ... fehlt an dieser Stelle noch eine Adresse, wo es weitere Infos gibt? D.h. an wen sich jmd. wenden soll um ein Zertifikat zu erhalten?
@k3v1n-eu Hier z.B. ergänzen? https://kbu.freifunk.net/wiki/index.php?title=Exit-VPN-Setup

config openvpn 'freifunk_eu'
option enabled '0'
option config '/lib/freifunk/vpn/ffeu/client.conf'

# yanosz Freifunk-Exit-VPN
# IdR fuer Tests --- ggf. instabil
Expand Down
29 changes: 29 additions & 0 deletions freifunk/vpn/ffeu/ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIJAIbJL752n4nzMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
VQQGEwJERTEMMAoGA1UECBMDTlJXMQ0wCwYDVQQHEwRCb25uMQ8wDQYDVQQKEwZQ
cml2YXQxDzANBgNVBAsTBlByaXZhdDESMBAGA1UEAxMJUHJpdmF0IENBMRAwDgYD
VQQpEwdFYXN5UlNBMSIwIAYJKoZIhvcNAQkBFhNmcmVpZnVua0B5YW5vc3oubmV0
MB4XDTE2MDMxOTE5NTkxN1oXDTI2MDMxNzE5NTkxN1owgZYxCzAJBgNVBAYTAkRF
MQwwCgYDVQQIEwNOUlcxDTALBgNVBAcTBEJvbm4xDzANBgNVBAoTBlByaXZhdDEP
MA0GA1UECxMGUHJpdmF0MRIwEAYDVQQDEwlQcml2YXQgQ0ExEDAOBgNVBCkTB0Vh
c3lSU0ExIjAgBgkqhkiG9w0BCQEWE2ZyZWlmdW5rQHlhbm9zei5uZXQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDc9hlZFL5riOM3NDcLEJ6j6FE/ky1
TusMlsLowlAZg5RVH/czZ3TN02F0JMhiROGMsA7HBzttbiNE96f/wFj7Kmv1e66a
jvjEwR3IgVmkJVgkUa5Mj5D1vhm1GTuX2CSm9nBZfaa82O9SkibvEqERoRu/28hQ
ny+8iUIIxg+nyrySLz7a0wAX7cOpnmiQ5/ScAq0lhRAUamzSyBOKqusFlxDr4vGr
PEe2cHn+qqFgxgx9QjO8rIbJCSOuNu0MCAQotBdq+osxttpYmoP++xigrQoHW6M+
9xgPdZJLNNem70wVBVnnXMG3E2f4D1hwb0/kVUrcjQkGggrkaMwmYakpAgMBAAGj
gf4wgfswHQYDVR0OBBYEFGo5e+HPtU0BOHE+1otysVMZ6+NvMIHLBgNVHSMEgcMw
gcCAFGo5e+HPtU0BOHE+1otysVMZ6+NvoYGcpIGZMIGWMQswCQYDVQQGEwJERTEM
MAoGA1UECBMDTlJXMQ0wCwYDVQQHEwRCb25uMQ8wDQYDVQQKEwZQcml2YXQxDzAN
BgNVBAsTBlByaXZhdDESMBAGA1UEAxMJUHJpdmF0IENBMRAwDgYDVQQpEwdFYXN5
UlNBMSIwIAYJKoZIhvcNAQkBFhNmcmVpZnVua0B5YW5vc3oubmV0ggkAhskvvnaf
ifMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAMkBFovspvxxWn1t3
UQyDdtDLlyOc6wLm1s//CucD4Y1LRHGUuFbTkC0gNa6RT1uLgaBmWC1iHpS9vK/j
V8dpslpkQSHaF/MNAX0dC/BhAfrJ+Nd34K9yZ17gSCfMcPaTJDVck8VO9DemvLfQ
K2gBPcOB6E3c9XHDXGc4xvcxG6b1gaWSEKd1K18fDeLbpO+/VIphD0VwaJjOdXVF
WrZ/XEiJKjn8e9lRvS5Xw6bhWyZbt8BjdJS4s8XnHmbeBtHTA1u/+S9rD5K2y6OJ
gLY+P/As8erBGVxpRzKh1rqGuOFg0xUAqPX4QacGwSYjKJppMnhvvOLKsW/n5BP9
OOO4zA==
-----END CERTIFICATE-----

33 changes: 33 additions & 0 deletions freifunk/vpn/ffeu/client.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# FFEU Freifunk-Exit-VPN
# IdR fuer Tests --- ggf. instabil
# Falls Zugang gewuenscht bitte mail an support@ffeu.de

# Pfad ggf. anpassen
cert /lib/freifunk/vpn/ffeu/ffeu.crt
key /lib/freifunk/vpn/ffeu/ffeu.key

# Wichtig: OpenVPN konfiguriert kein Routing, da es mit dem Policy-Routing
# Des Freifunk-Setups nicht zusammen passt: Bei OpenVPN kann keine Routing-Tabelle konfiguriert werden
# Stattdessen wird via shell-script eine entspr. route gesetzt
route-nopull
up /lib/freifunk/vpn/up.sh

remote gw06.ffeu.de 1194
proto udp

# OpenVPN-Spezifika
client # Ein Client
dev vpn-nat
dev-type tun
cipher AES-256-CBC # 256-Bit AES Verschluesselung nutzen
auth SHA256
resolv-retry infinite # Verbindung fortlaufend aufbauen
nobind # Kein Client binding
persist-key # Config und key bei Neustart persistieren
persist-tun
comp-lzo # LZO-Kompression aktivieren
ping-restart 60 # 60 Sekunden Ping Restart Timer
script-security 2 # Scripts - wie up.sh duerfen ausgefuert werdehn
ca /lib/freifunk/vpn/ffeu/ca.crt # Fahrt zu mullvads CA
ping 10 # Tunnel alle 10 Sekunden durch Ping testen