tanner/personal-site
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add subpages, and wine crate coffee table

Browse Source
This commit is contained in:
Tanner Collin
2022-02-14 23:01:50 +00:00
parent 25a2de77a1
commit 42cbd0e54a
17 changed files with 180 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/bypassing-ports.md
+17 -15
View File
@@ -15,16 +15,15 @@ This article explains how I set it up and is targeted towards Linux sysadmins.
## Overview
I have a cheap $5 per month virtual server with [Digital
Ocean](https://digitalocean.com) that runs Debian GNU/Linux 10. An OpenVPN
server is running on this virtual server.
I have a cheap $5 per month virtual server with [Digital Ocean](https://digitalocean.com) that runs
Debian GNU/Linux 10. An OpenVPN server is running on this virtual server.
My media server at home has an OpenVPN client connected to the server and is
assigned a static IP on the VPN network.
The virtual server has routing enabled and forwards inbound traffic __from the
internet__ to my media server at home. This allows me to have external HTTP and SSH
access.
internet__ to my media server at home. This allows me to have external HTTP and
SSH access.
## Server Setup
@@ -41,8 +40,7 @@ $ sudo apt install openvpn ufw
### OpenVPN Server
These steps roughly follow [this
guide](https://wiki.debian.org/OpenVPN#TLS-enabled_VPN).
These steps roughly follow [this guide](https://wiki.debian.org/OpenVPN#TLS-enabled_VPN).
Generate TLS certificates and keys:
@@ -89,7 +87,8 @@ We make a `mediaserver` client because we want to assign a static IP to it. You
need to make a different one for each client you want with a static IP.
Also, if you want generic clients that all get dynamic IPs for use on your
laptop, phone, etc. to protect you from public WiFi (like a normal VPN), create only a single extra one:
laptop, phone, etc. to protect you from public WiFi (like a normal VPN), create
only a single extra one:
```
$ ./easyrsa build-client-full client nopass # optional
@@ -136,7 +135,8 @@ $ sudo mkdir ccd
$ sudo touch ccd/mediaserver
```
Replace `mediaserver` with whatever client name you used above. Edit it like so:
Replace `mediaserver` with whatever client name you used above. Edit it like
so:
<span class="aside">Your home server will be `10.8.0.100`</span>
@@ -221,11 +221,11 @@ COMMIT
Replace `123.123.123.123` with your VPN server's external IP address and `eth0`
with the external interface.
This will forward TCP traffic on port 2222 to your home server. If you want to use
port 22, then you need to set the VPN SSH server to something else.
This will forward TCP traffic on port 2222 to your home server. If you want to
use port 22, then you need to set the VPN SSH server to something else.
A full example of `/etc/ufw/before.rules` with other ports included can be found
here:
A full example of `/etc/ufw/before.rules` with other ports included can be
found here:
[https://txt.t0.vc/URUG](https://txt.t0.vc/URUG)
@@ -248,7 +248,8 @@ $ sudo apt install openvpn
### Client Configs
For static IP clients (like your home server), create the config file `/etc/openvpn/client.conf`:
For static IP clients (like your home server), create the config file
`/etc/openvpn/client.conf`:
```
client
@@ -288,7 +289,8 @@ $ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt
Also replace `vpn.example.com` with the subdomain you assigned earlier.
For device clients (like your laptop and phone), create the config file `client.ovpn`:
For device clients (like your laptop and phone), create the config file
`client.ovpn`:
<span class="aside">`redirect-gateway def1` forces traffic over the VPN</span>