|
|
(28 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
− | The [[Software Heritage]] server and the VMs running on it are severely firewalled.
| + | #REDIRECT [[swhdocs:sysadm/user-management/openvpn/openvpn.html]] |
− | To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is available.
| |
− | | |
− | The setup is client-server, with per-client certificates.
| |
− | | |
− | == Openvpn client configuration ==
| |
− | | |
− | Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
| |
− | | |
− | <pre>
| |
− | remote louvre.softwareheritage.org
| |
− | ns-cert-type server
| |
− | comp-lzo
| |
− | nobind
| |
− | dev tun
| |
− | proto udp
| |
− | port 1194
| |
− | log /var/log/openvpn.log
| |
− | up-restart
| |
− | persist-key
| |
− | persist-tun
| |
− | client
| |
− | ca /etc/openvpn/keys/softwareheritage-ca.crt
| |
− | cert /etc/openvpn/keys/softwareheritage.crt
| |
− | key /etc/openvpn/keys/softwareheritage.key
| |
− | user nobody
| |
− | group nogroup
| |
− | </pre>
| |
− | | |
− | In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
| |
− | | |
− | * [[softwareheritage-ca.crt]]: public certificate for the Software Heritage certification authority (CA)
| |
− | * softwareheritage.crt: public, client-specific certificate (see below)
| |
− | * softwareheritage.key: ''private'', client-specific key (see below)
| |
− | | |
− | == Obtaining a client certificate ==
| |
− | | |
− | '''TODO'''
| |
− | | |
− | == /etc/hosts recommended entries ==
| |
− | | |
− | '''TODO'''
| |
− | | |
− | [[Category:Infrastructure]]
| |