-
Notifications
You must be signed in to change notification settings - Fork 202
Two hosts configuration sample
In this tutorial, you will learn how to setup a virtual private network between two hosts with freelan.
For simplicity's sake, we will name the first host AlicePC and the second host BobPC.
Before continuing this tutorial, ensure that the following conditions are satisfied:
- You know how to generate X509 certificates.
- You have read about the configuration files.
- You have administrative privileges on both AlicePC and BobPC (or have access to someone who does).
- Freelan is installed on both hosts.
- If either host is behind a NATed router, you have administrative privileges on the router and are allowed to change its configuration.
- You have a legal right to establish a virtual private network tunnel between the two hosts.
Ready then ? Move on !
AlicePC's public hostname is alice.freelan.org
.
BobPC's public hostname is bob.freelan.org
.
Both AlicePC and BobPC are behind a NATed router and the following port forwarding settings have been set:
-
alice.freelan.org:12000 UDP
is forwarded toAlicePC:12000 UDP
. -
bob.freelan.org:12001 UDP
is forwarded toBobPC:12000 UDP
.
At the end of this tutorial the hosts will have the following settings:
- Virtual IPv4 network:
9.0.0.0/24
-
AlicePC's Virtual IPv4 address:
9.0.0.1
-
AlicePC's Virtual IPv6 address:
2aa1::1
-
BobPC's Virtual IPv4 address:
9.0.0.2
-
BobPC's Virtual IPv6 address:
2aa1::2
For all scenarios, we will assume that your initial configuration is the one written by default by the freelan installer.
First we will add a contact address so that the hosts knows who to contact.
Find the line beginning with #contact=
. Below this line, add a contact
line.
For AlicePC:
contact=bob.freelan.org:12001
For BobPC:
contact=alice.freelan.org:12000
Note: If you don't specify a port number for a contact
entry, freelan will assume 12000
as a default.
We will then configure the virtual IPv4 address settings. Ensure that the following parameters have the specified values:
For AlicePC:
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
For BobPC:
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
Finally, we need to configure the certificates on both hosts.
For AlicePC:
Copy the alice.crt
, alice.key
and bob.crt
files into the config
folder.
In the configuration file, set the following parameters:
signature_certificate_file=config/alice.crt
signature_private_key_file=config/alice.key
authority_certificate_file=config/alice.crt
authority_certificate_file=config/bob.crt
For BobPC:
Copy the bob.crt
, bob.key
and alice.crt
files into the config
folder.
In the configuration file, set the following parameters:
signature_certificate_file=config/bob.crt
signature_private_key_file=config/bob.key
authority_certificate_file=config/bob.crt
authority_certificate_file=config/alice.crt
Then type the following commands (as an administrator) to restart the Windows service:
>net stop "freelan service"
>net start "freelan service"
If the service starts, congratulations ! It works !
The changes to the configuration files are exaclty the same than the ones described in the Windows. Just remember that linux require absolute paths for external files like the certificates.
Once you are done with the configuration changes, start (or restart) the freelan daemon (as root):
# /etc/init.d/freelan restart
If the command runs without any error: congratulations ! It works.
The configuration files for both hosts, after the comments have been stripped are:
For AlicePC:
[fscp]
hostname_resolution_protocol=ipv4
listen_on=0.0.0.0:12000
hello_timeout=3000
contact=bob.freelan.org:12001
[tap_adapter]
enabled=yes
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
arp_proxy_enabled=no
arp_proxy_fake_ethernet_address=00:aa:bb:cc:dd:ee
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
[switch]
routing_method=switch
relay_mode_enabled=no
[security]
signature_certificate_file=config/alice.crt
signature_private_key_file=config/alice.key
certificate_validation_method=default
authority_certificate_file=config/alice.crt
authority_certificate_file=config/bob.crt
certificate_revocation_validation_method=none
For BobPC:
[fscp]
hostname_resolution_protocol=ipv4
listen_on=0.0.0.0:12000
hello_timeout=3000
contact=alice.freelan.org:12000
[tap_adapter]
enabled=yes
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
arp_proxy_enabled=no
arp_proxy_fake_ethernet_address=00:aa:bb:cc:dd:ee
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
[switch]
routing_method=switch
relay_mode_enabled=no
[security]
signature_certificate_file=config/bob.crt
signature_private_key_file=config/bob.key
certificate_validation_method=default
authority_certificate_file=config/bob.crt
authority_certificate_file=config/alice.crt
certificate_revocation_validation_method=none
These files contain Windows paths so be sure to change them if you intend to use them on Linux.