|
|
| (29 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | The [[Software Heritage]] server and the VMs running on it are severely firewalled.
| + | #REDIRECT [[swhdocs:sysadm/user-management/openvpn/openvpn.html]] |
| − | To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is available.
| |
| − | | |
| − | The setup is client-server, with per-client certificates.
| |
| − | | |
| − | == Openvpn client configuration ==
| |
| − | | |
| − | Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
| |
| − | | |
| − | <pre>
| |
| − | remote louvre.softwareheritage.org
| |
| − | ns-cert-type server
| |
| − | comp-lzo
| |
| − | nobind
| |
| − | dev tun
| |
| − | proto udp
| |
| − | port 1194
| |
| − | log /var/log/openvpn.log
| |
| − | up-restart
| |
| − | persist-key
| |
| − | persist-tun
| |
| − | client
| |
| − | ca /etc/openvpn/keys/softwareheritage-ca.crt
| |
| − | cert /etc/openvpn/keys/softwareheritage.crt
| |
| − | key /etc/openvpn/keys/softwareheritage.key
| |
| − | user nobody
| |
| − | group nogroup
| |
| − | </pre>
| |
| − | | |
| − | In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
| |
| − | | |
| − | * [[File:softwareheritage-ca.crt]]: public certificate for the Software Heritage certification authority (CA)
| |
| − | * softwareheritage.crt: public, client-specific certificate (see below)
| |
| − | * softwareheritage.key: ''private'', client-specific key (see below)
| |
| − | | |
| − | == Obtaining a client certificate ==
| |
| − | | |
| − | '''TODO'''
| |
| − | | |
| − | == /etc/hosts recommended entries ==
| |
| − | | |
| − | '''TODO'''
| |
| − | | |
| − | [[Category:Infrastructure]]
| |
