Difference between revisions of "Netbsd vpn gateway basic setup"

From ENTS
Jump to: navigation, search
m (ipfilter setup)
m (ipfilter setup)
Line 132: Line 132:
 
---
 
---
  
---remove this next bit later if testing shows that statically linking in kernel actually works---
+
'''remove this next bit later if testing shows that statically linking in kernel actually works'''
 
Set ipfilter to run by default
 
Set ipfilter to run by default
  

Revision as of 22:28, 31 July 2013

basic setup after vanilla install

---

 vi /root/.profile
change the path for the pkgsrc repo to:
ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/5.0/All/

convenience packages

pkg_add lynx
pkg_add pico
pkg_add screen

---

vi /etc/ifconfig.fxp0

192.168.0.20{1,2} netmask 255.255.255.0 

---

vi /etc/sysctl.conf

net.inet.ip.forwarding=1

---

vi /etc/resolv.conf

nameserver 64.59.184.13

---

vi /etc/rc.conf

hostname=chaosvpn{1,2}.440bx.net
defaultroute=192.168.0.1
sshd=yes

---

useradd -m -G wheel chaosvpn_user
passwd chaosvpn_user

---

continue with the steps at:

https://wiki.hamburg.ccc.de/ChaosVPN:NetBSDHowto


---

Recompile the kernel

make directories

# mkdir /usr/src
# chown chaosvpn_user /usr/src

get the actual source

$ ftp -i ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2/source/sets/
  mget *.tgz

extract

$ for i in *.tgz
  do
  tar -xzf $i 
  done

after you realize youve extracted to the wrong dir

$ mv /usr/src/usr/src/* /usr/src

copy config stuff

$ cd /usr/src/sys/arch/i386
$ cp GENERIC i686_CVPN_x300


vi ./i686_CVPN_x300

CFLAGS:

   #use whatever is applicable
   #see:  http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
   #
   CPUFLAGS="-march=pentium3m -mtune=pentium3m"

Uncommented:

   PERFCTRS #since this is going to be non-smp kernel (may or may not ever use this)
   GATEWAY
   IPSEC
   IPSEC_ESP
   IPSEC_NAT_T
   pseudo-device carp
   pseudo-device pf
   pseudo-device pflog

Might dig more into "tuning" later.

Time to start building the new kernel

$ config ./i686_CVPN_x300
$ cd ../compile/i686_CVPN_x300
$ make clean && make depend && make

And install

$ su 
# cp /netbsd /netbsd.orig
# cp netbsd /

Reboot using the new kernel.


ipfilter setup

ipfilter is installed by default on Netbsd 5.2 No special packages are required.

---

remove this next bit later if testing shows that statically linking in kernel actually works Set ipfilter to run by default

vi /etc/rc.conf

ipfilter_enable=yes

---

Personal tools
Namespaces

Variants
Actions
Navigation
Members
Toolbox