Difference between revisions of "VPN"

From Software Heritage Wiki
Jump to: navigation, search
(Created page with "The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on [https://openvpn.net/ OpenVPN] is av...")
 
Line 4: Line 4:
 
The setup is client-server, with per-client certificates.
 
The setup is client-server, with per-client certificates.
  
== Obtaining a certificate ==
+
== Openvpn client configuration ==
  
'''TODO'''
+
Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:
  
== Openvpn client configuration ==
+
<pre>
 +
remote louvre.softwareheritage.org
 +
ns-cert-type server
 +
comp-lzo
 +
nobind
 +
dev tun
 +
proto udp
 +
port 1194
 +
log /var/log/openvpn.log
 +
up-restart
 +
persist-key
 +
persist-tun
 +
client
 +
ca /etc/openvpn/keys/softwareheritage-ca.crt
 +
cert /etc/openvpn/keys/softwareheritage.crt
 +
key /etc/openvpn/keys/softwareheritage.key
 +
user nobody
 +
group nogroup
 +
</pre>
 +
 
 +
In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:
 +
 
 +
* [[File:softwareheritage-ca.crt]]: public certificate for the Software Heritage certification authority (CA)
 +
* softwareheritage.crt: public, client-specific certificate (see below)
 +
* softwareheritage.key: ''private'', client-specific key (see below)
 +
 
 +
== Obtaining a client certificate ==
  
 
'''TODO'''
 
'''TODO'''

Revision as of 19:53, 17 July 2015

The Software Heritage server and the VMs running on it are severely firewalled. To get onto their network unrestricted, a VPN based on OpenVPN is available.

The setup is client-server, with per-client certificates.

Openvpn client configuration

Sample configuration file, e.g., /etc/openvpn/softwareheritage.conf:

remote louvre.softwareheritage.org
ns-cert-type server 
comp-lzo 
nobind
dev tun
proto udp 
port 1194 
log /var/log/openvpn.log
up-restart 
persist-key 
persist-tun 
client 
ca /etc/openvpn/keys/softwareheritage-ca.crt
cert /etc/openvpn/keys/softwareheritage.crt
key /etc/openvpn/keys/softwareheritage.key
user nobody
group nogroup

In addition to the above configuration file, you will need to install the following 3 files under /etc/openvpn/keys:

  • File:Softwareheritage-ca.crt: public certificate for the Software Heritage certification authority (CA)
  • softwareheritage.crt: public, client-specific certificate (see below)
  • softwareheritage.key: private, client-specific key (see below)

Obtaining a client certificate

TODO

/etc/hosts recommended entries

TODO