vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vpn.conf

Browse Source
This commit is contained in:
Vasco
2026-04-20 11:15:10 +01:00
parent e56634a027
commit 104d2d5070
2 changed files with 46 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
VM_VPN_GATEWAY.sh
View File

@@ -19,30 +19,46 @@ ip_dentro="10.60.0.3"
mega_tunel="tun0" mega_tunel="tun0"
ip_mega_tunel="10.8.0.1/24" ip_mega_tunel="10.8.0.1/24"
# --- interfaces --- # --- interfaces --- #
ifconfig $if_fora $ip_fora netmask 255.255.255.0 sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
# --- instalar packages --- # --- instalar packages --- #
yum install -y epel-release openvpn iptables-services sudo yum install -y epel-release openvpn iptables-services
# --- desativar firewalld --- # --- desativar firewalld --- #
systemctl stop firewalld sudo systemctl stop firewalld
systemctl disable firewalld sudo systemctl disable firewalld
systemctl mask firewalld sudo systemctl mask firewalld
systemctl enable iptables sudo systemctl enable iptables
iptables -F sudo iptables -F
# ativar poen vpn
systemctl enable --now openvpn
# --- ip forwarding --- # # --- ip forwarding --- #
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf
# --- nat forwardin de vpn para clientes --- # # --- nat forwardin de vpn para clientes --- #
iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O
iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P sudo iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
iptables-save > /etc/sysconfig/iptables # :3 sudo iptables-save > /etc/sysconfig/iptables # :3
# NOTA(vasco): temos que copiar isto tudo para as pastas correctas
# e configurar também,
# deviamos meter os comandos utlizados no relatorio
# os ficheiros ja estao criados
ca ca.crt #
cert gw-vpn.crt #
key gw-vpn.key # ya
cp vpn.conf /etc/openvpn/server/
# NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço
# NOTA(vasco): talvez deviamos correr diretamente via o comando
# em vez de via serviços
sudo systemctl enable --now openvpn-server@vpn.service

9
vpn.conf Normal file
View File

@@ -0,0 +1,9 @@
local 192.168.1.1
port 1194
proto udp
dev tun
ca ca.crt #
cert gw-vpn.crt #
key gw-vpn.key # ya
dh dh2048.pem
server 10.60.0.0 255.255.255.0