###ChaosVPN配置方法
引用chaosvpn 官方档案来介绍一下:
*ChaosVPN is a VPN to connect Hackers and Hackerspaces -
这是官方文档 有兴趣同学直接参看官方档案了解更多。
简单介绍一下配置方法,以及可能遇到的错误和解决方法:
废话不多说:
以下操作均在Linux下完成
安装依赖
apt-get install tinc iproute2
apt-get install build-essential git bison flex libssl-dev zlib1g-dev debhelper devscripts
//如果tinc已经自带可以直接跳过安装
可能会遇到错误:
E: 软件包 bison 没有可安装候选
不要管,继续
添加chaosvpn的软件源:
vi /etc/apt/sources.list:
添加:
deb http://debian.sdinet.de/ stable chaosvpn
deb-src http://debian.sdinet.de/ stable chaosvpn
然后
apt-get update
可能会提示GPG 错误
apt-get install chaosvpn
如果提示错误无法安装
vi /etc/apt/sources.list
添加:
deb http://security.debian.org/debian-security wheezy/updates main
apt-get update
apt-get install libssl1.0.0
然后
apt-get install chaosvpn
进行tinc和chaosvpn的对接操作
mkdir -p /etc/tinc/chaos
tincd --ne=chaosvpn --generate-keys=2048
可能会提示
Error opening file `/etc/tinc/=chaosvpn/rsa_key.priv': No such file or directory
输入
mkdir /etc/tinc/chaos/ecdsa_key.priv
再执行
tincd --ne=chaosvpn --generate-keys=2048
两次选择路径保存公钥和私钥(写信时候需要)
之后:
vi /etc/tinc/chaosvpn.conf
都有英文提示修改一下就ok,保存退出,注意一下ip地址要改为172.31.x.x。到此配置文件结束。
ps:你要加入他们还必须写一封介绍信来表明你的动机,发送邮件到
[email protected]
如果成功加入,在终端输入chaosvpn,可以看一些信息(由于我懒得写介绍信了这里就不截图了有兴趣同学可以自己搞)
介绍信的内容为:
[<nodename>]
sponsor=
# Name a person/nickname/nodename or organisation/hackerspace already on ChaosVPN that will
# vouch for you getting access.
gatewayhost=<clienthost>
# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.
network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.
owner=
# (mandatory, must include)
# Admin of the VPN gateway, with email address - a way to contact the responsible
# person in case of problems with your network link.
port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.
hidden=0
# (optional)
# "I cannot accept inbound tunnel connections, I can only connect out."
# (e.g. behind a NAT)
silent=0
# (optional)
# "I cannot connect out, but you can connect to me."
# Only ONE of hidden=1 or silent=1 is possible.
Ed25519PublicKey=<something>
# (optional)
# tinc 1.1pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub
-----BEGIN RSA PUBLIC KEY-----
....
-----END RSA PUBLIC KEY-----
# (mandatory)
# rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub
ps:你要删除那些#号开头的行,那些只是介绍。
最后
启动chaosvpn
/etc/init.d/chaosvpn start
提示ok即代表启动成功
查看chaosvpn网络接口
route -n
//由于个人水平很菜,难免有疏漏。欢迎大家补充和指出错误。