Sie befinden sich hier: ZERINA / ZERINA for IPCop / HowTos / HOWTO net2net (short)
English
Deutsch
Tuesday, 21.11.2017

Introduction

Introduction

 

This howto will explain how you can set up an OpenVPN based net2net connection between 2 IPCop's in a few minutes.

To follow this howto we need following software installed, configured and running.

  1. 2 IPCop's IPCop 1.4.1x
  2. IPCop addon ZERINA latest alpha version

 

Our Example setup looks like this:

 

IPCop A (Hamburg) has two interfaces

RED = 192.168.61.2/255.255.255.0

GREEN = 192.168.191.2/255.255.255.0

 

 

IPCop B (Paris) has two interfaces

RED = 192.168.61.3/255.255.255.0

GREEN = 192.168.85.2/255.255.255.0

IPCop A will be our server side and IPCop B will be our client side.

 

First we need to access the OpenVPN controll page.

 

The initial OpenVPN page will open and showing us 4 boxes

 

 

 Certificate Authorities, thats what we frist start to configure

 Roadwarrior Server, this part is not needed for a net2net connection

 Roadwarrior Client status and control, this part is not needed for a net2net connection

 Net to Net Connection status and control, this part will be explained later

 

 

 

 

 

 

1.) Certificate Authorities

As we just started, we don't have any certificates, note that this addon uses its own PKI, we thought it would be better to seperate it from the standard IPCop VPN PKI.

To be able to accept/authenticate connections we need a root and a host certificate, so lets create them

No

Fieldname

Discription

Example input

 

 

 

Generate Root/Host certificates

 

 

Push this button to step inot the generate process

 

 

push

 

 

 

 

CA Name

 

 

We don't need this function right now

 

 

none

 

 

 

 

Research

 

 

We don't need this function right now

 

 

none

 

 

 

 

Upload CA Certificate

 

 

We don't need this function right now

 

 

none

 

Show Certificate Revocation List

We don't need this function right now

none

 

After we have done so a new page will be open

Generate Root/Host certificates:

 

No

Fieldname

Discription

Example input

 

 

 

Oragnization Name

 

 

Type in your organization Name

 

 

Hamburg

 

 

 

 

IPCop's Hostname

 

 

This field is pre filled with either your red ip or your hostname.

 

 

ipcop1.localdomain

 

 

 

 

Your E-mail Address

 

 

Input is not necessary, type in your contact e-mail

 

 

it@myhost.com

 

 

 

 

Your Department

 

 

Input is not necessary, type in your department

 

 

IT

 

 

 

 

City

 

 

Input is not necessary, type in your City

 

 

Hamburg

 

 

 

 

State or Province

 

 

Input is not necessary, type in your State or Province

 

 

Hamburg

 

 

 

 

Country

 

 

Choose your country

 

 

Germany

 

 

 

 

Generate button

 

 

If all necessary data (point 1,2,3) is enterd, you can hit that button to start the generate process

 

 

push

 

 

 

 

Research-PKCS12 file

 

 

This is optional,either you genrate a new certificate or you can upload an existingif you already have certifcates wich you want to use, then you can upload them, point here to the certificate location, the certificate has to be in PKCS12 format.

 

 

upload file PKCS12

 

 

 

 

PKCS12 File Password

 

 

This is optional,type in the PKCS12 file Password

 

 

PKCS12 file password

 

 

 

 

Upload PKCS12 file

 

 

This is optional, button to start the upload

 

 

push

 

 

After you have entered the data, the box will looks like this

Now when all neceassary data is enterd (point 1,2,3) we hit the Generate Root/Host Certificates button .

!!!Depending on your hardware this realy can take very very long, as also a dh file (Diffie Hellman) is beeing generated, wich the OpenVPN server needs, so hold on till everything is finished!!!

After the (hopefully) succsessful generate process, the main OpenVPN status page will open and the Certificate Authorities box will look like this

2.) Adding a new connection

step2

 

 

 

 

 

 

 

3.) Downloading client package

step3

 

 

 

 

4.) uploading a ZERINA client package

step4

 

 

 

 

 

 

 

 

 

 

 

5.) Start the net2net connection

step5

 

 

 

 

6.) Logfiles

step6