Difference between revisions of "VPN"
Jump to navigation
Jump to search
(Created page with "The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is av...") |
|||
| Line 4: | Line 4: | ||
The setup is client-server, with per-client certificates. | The setup is client-server, with per-client certificates. | ||
| − | == | + | == Openvpn client configuration == |
| − | + | Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf: | |
| − | == | + | <pre> |
| + | remote louvre.softwareheritage.org | ||
| + | ns-cert-type server | ||
| + | comp-lzo | ||
| + | nobind | ||
| + | dev tun | ||
| + | proto udp | ||
| + | port 1194 | ||
| + | log /var/log/openvpn.log | ||
| + | up-restart | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | client | ||
| + | ca /etc/openvpn/keys/softwareheritage-ca.crt | ||
| + | cert /etc/openvpn/keys/softwareheritage.crt | ||
| + | key /etc/openvpn/keys/softwareheritage.key | ||
| + | user nobody | ||
| + | group nogroup | ||
| + | </pre> | ||
| + | |||
| + | In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys: | ||
| + | |||
| + | * [[File:softwareheritage-ca.crt]]: public certificate for the Software Heritage certification authority (CA) | ||
| + | * softwareheritage.crt: public, client-specific certificate (see below) | ||
| + | * softwareheritage.key: ''private'', client-specific key (see below) | ||
| + | |||
| + | == Obtaining a client certificate == | ||
'''TODO''' | '''TODO''' | ||
Revision as of 19:53, 17 July 2015
The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on OpenVPN is available.
The setup is client-server, with per-client certificates.
Openvpn client configuration
Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
remote louvre.softwareheritage.org ns-cert-type server comp-lzo nobind dev tun proto udp port 1194 log /var/log/openvpn.log up-restart persist-key persist-tun client ca /etc/openvpn/keys/softwareheritage-ca.crt cert /etc/openvpn/keys/softwareheritage.crt key /etc/openvpn/keys/softwareheritage.key user nobody group nogroup
In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
- File:Softwareheritage-ca.crt: public certificate for the Software Heritage certification authority (CA)
- softwareheritage.crt: public, client-specific certificate (see below)
- softwareheritage.key: private, client-specific key (see below)
Obtaining a client certificate
TODO
/etc/hosts recommended entries
TODO