Difference between revisions of "VPN"
(Created page with "The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is av...") |
|||
Line 4: | Line 4: | ||
The setup is client-server, with per-client certificates. | The setup is client-server, with per-client certificates. | ||
− | == | + | == Openvpn client configuration == |
− | + | Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf: | |
− | == | + | <pre> |
+ | remote louvre.softwareheritage.org | ||
+ | ns-cert-type server | ||
+ | comp-lzo | ||
+ | nobind | ||
+ | dev tun | ||
+ | proto udp | ||
+ | port 1194 | ||
+ | log /var/log/openvpn.log | ||
+ | up-restart | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | client | ||
+ | ca /etc/openvpn/keys/softwareheritage-ca.crt | ||
+ | cert /etc/openvpn/keys/softwareheritage.crt | ||
+ | key /etc/openvpn/keys/softwareheritage.key | ||
+ | user nobody | ||
+ | group nogroup | ||
+ | </pre> | ||
+ | |||
+ | In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys: | ||
+ | |||
+ | * [[File:softwareheritage-ca.crt]]: public certificate for the Software Heritage certification authority (CA) | ||
+ | * softwareheritage.crt: public, client-specific certificate (see below) | ||
+ | * softwareheritage.key: ''private'', client-specific key (see below) | ||
+ | |||
+ | == Obtaining a client certificate == | ||
'''TODO''' | '''TODO''' |
Revision as of 19:53, 17 July 2015
The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on OpenVPN is available.
The setup is client-server, with per-client certificates.
Openvpn client configuration
Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
remote louvre.softwareheritage.org ns-cert-type server comp-lzo nobind dev tun proto udp port 1194 log /var/log/openvpn.log up-restart persist-key persist-tun client ca /etc/openvpn/keys/softwareheritage-ca.crt cert /etc/openvpn/keys/softwareheritage.crt key /etc/openvpn/keys/softwareheritage.key user nobody group nogroup
In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
- File:Softwareheritage-ca.crt: public certificate for the Software Heritage certification authority (CA)
- softwareheritage.crt: public, client-specific certificate (see below)
- softwareheritage.key: private, client-specific key (see below)
Obtaining a client certificate
TODO
/etc/hosts recommended entries
TODO