SCAR-iT/LWM-Linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LWM-Linux/12 - Network Configuration and Troubleshooting/Configuring VPN's and Tunnels.md

186 lines
3.9 KiB
Markdown
Raw Blame History

# Configuring VPNs and Tunnels
## 1. Understanding VPNs and Tunnels
VPNs (Virtual Private Networks) and tunnels are technologies used to create secure, encrypted connections over a public network. They're essential for maintaining privacy, bypassing geographical restrictions, and securing communications.
## 2. Types of VPNs and Tunnels in Linux
- a) OpenVPN
- b) WireGuard
- c) IPsec/L2TP
- d) PPTP (less secure, not recommended for sensitive data)
- e) SSH Tunnels
3. OpenVPN Configuration
OpenVPN is one of the most popular and secure VPN solutions for Linux.
Installation:
```
sudo apt-get update
sudo apt-get install openvpn
```
Configuration:
1. Obtain .ovpn configuration file from your VPN provider
2. Move the .ovpn file to /etc/openvpn/
3. Connect using:
```
sudo openvpn --config /etc/openvpn/your-config-file.ovpn
```
For automatic connection on boot:
1. Rename your .ovpn file to client.conf
2. Move it to /etc/openvpn/
## 3. Enable the OpenVPN service:
```
sudo systemctl enable openvpn@client
sudo systemctl start openvpn@client
```
## 4. WireGuard Configuration
WireGuard is a newer, high-performance VPN protocol.
Installation:
```
sudo apt-get update
sudo apt-get install wireguard
```
### Configuration:
- 1. Generate private and public keys:
```
wg genkey | tee privatekey | wg pubkey > publickey
```
- 2. Create a configuration file /etc/wireguard/wg0.conf:
```
[Interface]
PrivateKey = your_private_key
Address = 10.0.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = server_public_key
Endpoint = server_ip:51820
AllowedIPs = 0.0.0.0/0
```
- 3. Start WireGuard:
```
sudo wg-quick up wg0
```
## 5. IPsec/L2TP Configuration
IPsec/L2TP is widely supported and offers good security.
### Installation:
```
sudo apt-get update
sudo apt-get install strongswan xl2tpd
```
### Configuration:
- 1. Edit /etc/ipsec.conf:
```
conn VPN
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024!
esp=aes128-sha1!
left=%defaultroute
leftprotoport=17/1701
right=your_vpn_server_ip
rightprotoport=17/1701
auto=add
```
- 2. Edit /etc/ipsec.secrets:
```
: PSK "your_preshared_key"
```
- 3. Edit /etc/xl2tpd/xl2tpd.conf:
```
[lac vpn-connection]
lns = your_vpn_server_ip
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
```
- 4. Create /etc/ppp/options.l2tpd.client:
```
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name your_username
password your_password
```
- 5. Start the services:
```
sudo systemctl restart strongswan
sudo systemctl restart xl2tpd
```
## 6. SSH Tunnels
SSH tunnels are versatile for creating encrypted connections.
### Local port forwarding:
```
ssh -L local_port:remote_host:remote_port username@ssh_server
```
### Remote port forwarding:
```
ssh -R remote_port:local_host:local_port username@ssh_server
```
### Dynamic port forwarding (SOCKS proxy):
```
ssh -D local_port username@ssh_server
```
## 7. Troubleshooting and Verification
- Check connection status:
```
ip addr show
```
- Verify DNS resolution:
```
nslookup example.com
```
- Check for IP leaks:
```
curl ifconfig.me
```
- Monitor VPN logs:
```
sudo journalctl -u openvpn
```
## 8. Security Considerations
- Keep your system and VPN software updated
- Use strong authentication methods (certificates, 2FA)
- Implement a kill switch to prevent data leaks if the VPN disconnects
- Regularly audit your VPN configurations
- Use perfect forward secrecy (PFS) when available
## 9. Performance Optimization
- Choose nearby servers for better latency
- Experiment with different protocols (e.g., UDP vs TCP)
- Adjust MTU settings if needed
- Consider using split-tunneling for non-sensitive traffic
Reference in New Issue View Git Blame Copy Permalink