docs

a slatepencil documentail site

View on GitHub

VPN (Virtual Private Network)

Install

# simple install
apt-get install openvpn
# or install specific version
tar xfz openvpn-[version].tar.gz
cd path/to/openvpn
./configure
make
make install

# To see the OpenVPN dependencies:
apt-cache depends openvpn

# To see the OpenVPN version available:
apt-cache policy openvpn

# To see installed version
openvpn --version

# To run openvpn
openvpn myconfig.ovpn

# To check the available CIPHER ALGORITHM:
openvpn --show-ciphers

# To check the available HASH FUNCTION ALGORITHM:
openvpn --show-digests

# To display the cipher and message authentication code (MAC) used during the SSL/TLS negotiation
openvpn --show-tls

RFC 1918:

The best candidates are subnets in the middle of the vast 10.0.0.0/8 netblock (for example 10.66.77.0/24)

IP Address Subnet Mask mask
10.0.0.0 10.255.255.255 (10/8 prefix)
172.16.0.0 172.31.255.255 (172.16/12 prefix)
192.168.0.0 192.168.255.255 (192.168/16 prefix)

building the CA and PKI infrastructure

wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
cd ~
tar xvf EasyRSA-3.0.8.tgz

# To Configuring the EasyRSA Variables and Building the CA
# https://openmaniak.com/openvpn_pki.php

TUNNEL MODE:

You can choose between an IP (TUN driver) and an Ethernet (TAP driver) tunnel. IP tunneling is also referred as routing mode, and Ethernet tunneling as bridging mode. Prefer the IP tunnel mode (default setting) unless you need to pass Ethernet traffic such as NetBIOS inside the tunnel.

ETHERNET/IP TUNNEL:

You can choose to build either Ethernet (Bridged) or IP (Routed) VPNs with the help of respectively the TAP or TUN network drivers. TAP/TUN are available on all the platforms and are already bundled with the Linux 2.4 kernel or higher. Prefer TUN (default setting) unless you need to pass Ethernet traffic such as NetBIOS inside the VPN.

# To check whether or not the TUN/TAP drivers are properly loaded:
lsmod | grep tun
# tun 12672 1

# Note that the "tun" driver is also the TAP driver.
# If you don't receive any answer, you can load the kernel module as follows:
modprobe tun

# "dev tun" will create a routed IP tunnel
dev tun
# "dev tap" will create an Ethernet tunnel
dev tap
# use "dev tun" or "dev tap" but not both

VNC

sudo apt install vino

mkdir -p ~/.config/autostart
cp /usr/share/applications/vino-server.desktop ~/.config/autostart
# install dconf-editor or using cmd
gsettings set org.gnome.Vino prompt-enabled false
gsettings set org.gnome.Vino require-encryption false
gsettings set org.gnome.Vino authentication-methods "['vnc']"
gsettings set org.gnome.Vino vnc-password $(echo -n hostname | base64)
# vnc GUI client https://www.realvnc.com/en/connect/download/viewer/