VPN: Difference between revisions

From Software Heritage Wiki
Jump to navigation Jump to search
(Install redirection to the docs page)
Tag: New redirect
 
(25 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The [[Software Heritage]] server and the VMs running on it are severely firewalled.
#REDIRECT [[swhdocs:sysadm/user-management/openvpn/openvpn.html]]
To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is available.
 
The setup is client-server, with per-client certificates.
 
== Openvpn client configuration ==
 
Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
 
<pre>
remote louvre.softwareheritage.org
ns-cert-type server
comp-lzo
nobind
dev tun
proto udp
port 1194
log /var/log/openvpn.log
up-restart
persist-key
persist-tun
client
ca /etc/openvpn/keys/softwareheritage-ca.crt
cert /etc/openvpn/keys/softwareheritage.crt
key /etc/openvpn/keys/softwareheritage.key
user nobody
group nogroup
</pre>
 
In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
 
* '''[[softwareheritage-ca.crt]]''': ''public'' certificate for the Software Heritage certification authority (CA)
* '''softwareheritage.crt''': ''public'', client-specific certificate (see below)
* '''softwareheritage.key''': ''private'', client-specific key (see below)
 
== Obtaining a client certificate ==
 
=== For users ===
 
Ask an admin ([[Olasd]] or [[Zack]], currently) to produce a pair of client-specific certificate/key for you.
 
Please ensure there is a way to send you the certificate and the key securely (e.g., GPG).
 
=== For admins ===
 
On louvre:
 
<pre>
root@louvre:~# cd /etc/openvpn/easy-rsa/
root@louvre:/etc/openvpn/easy-rsa# . vars
root@louvre:/etc/openvpn/easy-rsa# ./build-key USERNAME
[ accept defaults, they should be OK ]
</pre>
 
At the end of the process certificate and key will be in /etc/openvpn/keys/USERNAME.{crt,key}.
Send them to USERNAME (securely).
 
== /etc/hosts recommended entries ==
 
'''TODO'''
 
[[Category:Infrastructure]]

Latest revision as of 12:59, 28 October 2021

Redirect to:

Retrieved from "https://wiki.softwareheritage.org/index.php?title=VPN&oldid=1625"