vpn.conf

VM_VPN_GATEWAY.sh

@@ -10,7 +10,7 @@
 # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8)
 # E a rede interna como a segunda interface (enp0s9).
 
-# --- variaveis aqui pf joao fr fr fr aaaaa ---#
+# --- variaveis aqui pf joao fr fr fr aaaaa --- #
 helloworld="print"
 if_fora="enp0s8"
 if_dentro="enp0s9"
@@ -19,30 +19,46 @@ ip_dentro="10.60.0.3"
 mega_tunel="tun0"
 ip_mega_tunel="10.8.0.1/24"
 
-# --- interfaces ---
-ifconfig $if_fora $ip_fora netmask 255.255.255.0
-ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
+# --- interfaces --- #
+sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0
+sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
 
-# --- instalar packages ---
-yum install -y epel-release openvpn iptables-services
+# --- instalar packages --- #
+sudo yum install -y epel-release openvpn iptables-services
 
 
-# --- desativar firewalld ---
-systemctl stop firewalld
-systemctl disable firewalld
-systemctl mask firewalld
-systemctl enable iptables
-iptables -F
-# ativar poen vpn
-systemctl enable --now openvpn
+# --- desativar firewalld --- #
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
+sudo iptables -F
 
 # --- ip forwarding --- #
-echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
-sysctl -p /etc/sysctl.conf
+sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
 
 # --- nat forwardin de vpn para clientes --- #
-iptables -A INPUT  -p udp --dport 1194 -j ACCEPT # :O
-iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
-iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
-iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
-iptables-save > /etc/sysconfig/iptables # :3
+sudo iptables -A INPUT  -p udp --dport 1194 -j ACCEPT # :O
+sudo iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
+sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
+sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
+sudo iptables-save > /etc/sysconfig/iptables # :3
+
+
+# NOTA(vasco): temos que copiar isto tudo para as pastas correctas
+# e configurar também,
+# deviamos meter os comandos utlizados no relatorio
+# os ficheiros ja estao criados
+
+ca ca.crt           #
+cert gw-vpn.crt     #
+key gw-vpn.key      # ya
+
+cp vpn.conf /etc/openvpn/server/
+
+# NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço
+
+# NOTA(vasco): talvez deviamos correr diretamente via o comando
+# em vez de via serviços
+sudo systemctl enable --now openvpn-server@vpn.service

vpn.conf

@@ -0,0 +1,9 @@
+local 192.168.1.1
+port 1194
+proto udp
+dev tun
+ca ca.crt           #
+cert gw-vpn.crt     #
+key gw-vpn.key      # ya
+dh dh2048.pem
+server 10.60.0.0 255.255.255.0