diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh index b27ffdc..fd6e7b9 100644 --- a/VM_VPN_GATEWAY.sh +++ b/VM_VPN_GATEWAY.sh @@ -10,7 +10,7 @@ # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8) # E a rede interna como a segunda interface (enp0s9). -# --- variaveis aqui pf joao fr fr fr aaaaa ---# +# --- variaveis aqui pf joao fr fr fr aaaaa --- # helloworld="print" if_fora="enp0s8" if_dentro="enp0s9" @@ -19,30 +19,46 @@ ip_dentro="10.60.0.3" mega_tunel="tun0" ip_mega_tunel="10.8.0.1/24" -# --- interfaces --- -ifconfig $if_fora $ip_fora netmask 255.255.255.0 -ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 +# --- interfaces --- # +sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0 +sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 -# --- instalar packages --- -yum install -y epel-release openvpn iptables-services +# --- instalar packages --- # +sudo yum install -y epel-release openvpn iptables-services -# --- desativar firewalld --- -systemctl stop firewalld -systemctl disable firewalld -systemctl mask firewalld -systemctl enable iptables -iptables -F -# ativar poen vpn -systemctl enable --now openvpn +# --- desativar firewalld --- # +sudo systemctl stop firewalld +sudo systemctl disable firewalld +sudo systemctl mask firewalld +sudo systemctl enable iptables +sudo iptables -F # --- ip forwarding --- # -echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf -sysctl -p /etc/sysctl.conf +sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf +sudo sysctl -p /etc/sysctl.conf # --- nat forwardin de vpn para clientes --- # -iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O -iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P -iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) -iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D -iptables-save > /etc/sysconfig/iptables # :3 \ No newline at end of file +sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O +sudo iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P +sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) +sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D +sudo iptables-save > /etc/sysconfig/iptables # :3 + + +# NOTA(vasco): temos que copiar isto tudo para as pastas correctas +# e configurar também, +# deviamos meter os comandos utlizados no relatorio +# os ficheiros ja estao criados + +ca ca.crt # +cert gw-vpn.crt # +key gw-vpn.key # ya + +cp vpn.conf /etc/openvpn/server/ + +# NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço + +# NOTA(vasco): talvez deviamos correr diretamente via o comando +# em vez de via serviços +sudo systemctl enable --now openvpn-server@vpn.service diff --git a/vpn.conf b/vpn.conf new file mode 100644 index 0000000..6fbe93d --- /dev/null +++ b/vpn.conf @@ -0,0 +1,9 @@ +local 192.168.1.1 +port 1194 +proto udp +dev tun +ca ca.crt # +cert gw-vpn.crt # +key gw-vpn.key # ya +dh dh2048.pem +server 10.60.0.0 255.255.255.0