Difference between pages "File:FouLab Banner.png" and "Netbsd vpn gateway basic setup"

From ENTS
(Difference between pages)
Jump to: navigation, search
 
(pf setup)
 
Line 1: Line 1:
  
 +
===basic setup after vanilla install===
 +
 +
---
 +
 +
  vi /root/.profile
 +
 +
change the path for the pkgsrc repo to:<br />
 +
ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/5.0/All/
 +
 +
convenience packages
 +
 +
pkg_add lynx
 +
pkg_add pico
 +
pkg_add screen
 +
 +
---
 +
 +
vi /etc/ifconfig.fxp0
 +
 +
192.168.0.20{1,2} netmask 255.255.255.0
 +
 +
---
 +
 +
vi /etc/sysctl.conf
 +
 +
net.inet.ip.forwarding=1
 +
 +
---
 +
 +
vi /etc/resolv.conf
 +
 +
nameserver 64.59.184.13
 +
 +
---
 +
 +
vi /etc/rc.conf
 +
 +
hostname=chaosvpn{1,2}.440bx.net<br />
 +
defaultroute=192.168.0.1<br />
 +
sshd=yes
 +
 +
---
 +
 +
useradd -m -G wheel chaosvpn_user<br />
 +
passwd chaosvpn_user
 +
 +
---
 +
 +
continue with the steps at:
 +
 +
https://wiki.hamburg.ccc.de/ChaosVPN:NetBSDHowto
 +
 +
 +
---
 +
 +
===Recompile the kernel===
 +
 +
make directories
 +
 +
# mkdir /usr/src
 +
# chown chaosvpn_user /usr/src
 +
 +
get the actual source
 +
 +
$ ftp -i ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2/source/sets/
 +
  mget *.tgz
 +
 +
extract
 +
 +
$ for i in *.tgz
 +
  do
 +
  tar -xzf $i
 +
  done
 +
 +
after you realize youve extracted to the wrong dir
 +
 +
$ mv /usr/src/usr/src/* /usr/src
 +
 +
copy config stuff
 +
 +
$ cd /usr/src/sys/arch/i386
 +
$ cp GENERIC i686_CVPN_x300
 +
 +
 +
vi ./i686_CVPN_x300
 +
 +
<pre>
 +
CFLAGS:
 +
 +
  #use whatever is applicable
 +
  #see:  http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
 +
  #
 +
  CPUFLAGS="-march=pentium3m -mtune=pentium3m"
 +
 +
Uncommented:
 +
 +
  PERFCTRS #since this is going to be non-smp kernel (may or may not ever use this)
 +
  GATEWAY
 +
  IPSEC
 +
  IPSEC_ESP
 +
  IPSEC_NAT_T
 +
  pseudo-device carp
 +
  pseudo-device pf
 +
  pseudo-device pflog
 +
</pre>
 +
 +
Might dig more into "tuning" later.
 +
 +
Time to start building the new kernel
 +
 +
$ config ./i686_CVPN_x300
 +
$ cd ../compile/i686_CVPN_x300
 +
$ make clean && make depend && make
 +
 +
And install
 +
 +
$ su
 +
# cp /netbsd /netbsd.orig
 +
# cp netbsd /
 +
 +
Reboot using the new kernel.
 +
 +
 +
 +
===ipfilter setup===
 +
 +
 +
 +
ipfilter is installed by default on Netbsd 5.2 No special packages are required.
 +
 +
---
 +
 +
Set ipfilter to run by default
 +
 +
vi /etc/rc.conf
 +
 +
ipfilter_enable=yes
 +
 +
---

Revision as of 22:26, 31 July 2013

basic setup after vanilla install

---

 vi /root/.profile
change the path for the pkgsrc repo to:
ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/5.0/All/

convenience packages

pkg_add lynx
pkg_add pico
pkg_add screen

---

vi /etc/ifconfig.fxp0

192.168.0.20{1,2} netmask 255.255.255.0 

---

vi /etc/sysctl.conf

net.inet.ip.forwarding=1

---

vi /etc/resolv.conf

nameserver 64.59.184.13

---

vi /etc/rc.conf

hostname=chaosvpn{1,2}.440bx.net
defaultroute=192.168.0.1
sshd=yes

---

useradd -m -G wheel chaosvpn_user
passwd chaosvpn_user

---

continue with the steps at:

https://wiki.hamburg.ccc.de/ChaosVPN:NetBSDHowto


---

Recompile the kernel

make directories

# mkdir /usr/src
# chown chaosvpn_user /usr/src

get the actual source

$ ftp -i ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2/source/sets/
  mget *.tgz

extract

$ for i in *.tgz
  do
  tar -xzf $i 
  done

after you realize youve extracted to the wrong dir

$ mv /usr/src/usr/src/* /usr/src

copy config stuff

$ cd /usr/src/sys/arch/i386
$ cp GENERIC i686_CVPN_x300


vi ./i686_CVPN_x300

CFLAGS:

   #use whatever is applicable
   #see:  http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
   #
   CPUFLAGS="-march=pentium3m -mtune=pentium3m"

Uncommented:

   PERFCTRS #since this is going to be non-smp kernel (may or may not ever use this)
   GATEWAY
   IPSEC
   IPSEC_ESP
   IPSEC_NAT_T
   pseudo-device carp
   pseudo-device pf
   pseudo-device pflog

Might dig more into "tuning" later.

Time to start building the new kernel

$ config ./i686_CVPN_x300
$ cd ../compile/i686_CVPN_x300
$ make clean && make depend && make

And install

$ su 
# cp /netbsd /netbsd.orig
# cp netbsd /

Reboot using the new kernel.


ipfilter setup

ipfilter is installed by default on Netbsd 5.2 No special packages are required.

---

Set ipfilter to run by default

vi /etc/rc.conf

ipfilter_enable=yes

---

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeThumbnailDimensionsUserComment
current14:41, 2 February 2013Thumbnail for version as of 14:41, 2 February 2013128 × 128 (1 KB)Admin (Talk | contribs)

The following page links to this file:

Metadata

Personal tools
Namespaces

Variants
Actions
Navigation
Members
Toolbox