This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
linux:ubuntu:cvechecktool [2019/02/14 13:40] – lunetikk | linux:ubuntu:cvechecktool [2022/03/03 12:09] (current) – lunetikk | ||
---|---|---|---|
Line 6: | Line 6: | ||
===== Installation ===== | ===== Installation ===== | ||
- | < | + | Clone the git repository |
+ | < | ||
+ | cd cve-check-tool</ | ||
- | ===== Configuration ===== | + | Execute autogen.sh |
- | + | < | |
- | Create your configuration | + | |
- | < | + | |
- | Edit the following in "/ | + | You might need some additional packages |
< | < | ||
- | #from | + | configure: error: Package requirements ( |
- | dh dh1024.pem | + | |
- | #to | + | |
- | dh dh2048.pem | + | |
+ | libcurl >= 7.29.0, | ||
+ | gobject-2.0 >= 2.0, | ||
+ | sqlite3, | ||
+ | openssl >= 1.0.0 | ||
</ | </ | ||
- | Edit and uncomment | + | If you see the following message "No package ' |
- | < | + | < |
- | user nobody | + | |
- | group nogroup | + | |
- | </ | + | |
- | ==== Create the Certificate Authority ==== | + | Install CVE-Check-Tool |
+ | < | ||
+ | make | ||
+ | make install</ | ||
- | < | + | Update the CVE feed |
- | cp -r / | + | < |
- | mkdir / | + | |
- | </ | + | |
- | Edit the default vars in "/ | + | ===== Configuration ===== |
- | < | + | |
- | export KEY_COUNTRY="YOUR COUNTRY eg. DE" | + | |
- | export KEY_PROVINCE="YOUR PROVINCE eg. BW" | + | |
- | export KEY_CITY="YOUR CITY eg. Karlsruhe" | + | |
- | export KEY_ORG="YOUR ORG eg. Lunetikk" | + | |
- | export KEY_EMAIL="YOUR MAILADDRESS" | + | |
- | export KEY_OU="YOUR OU eg. lunetikk" | + | |
- | export KEY_NAME=" | + | There is no need to configure anything, but just in case, the files are at the following |
- | </ | + | |
- | + | ||
- | Execute | + | |
< | < | ||
- | openssl dhparam -out /etc/openvpn/dh2048.pem 2048 | + | /usr/lib/cve-check-tool/ |
- | + | /usr/share/cve-check-tool/ | |
- | cd / | + | /usr/bin/cve-check-tool |
- | . ./vars | + | /usr/bin/cve-check-update |
- | ./clean-all | + | |
- | ./build-ca | + | |
- | </ | + | |
- | + | ||
- | Build the cert, if asked say " | + | |
- | < | + | |
- | + | ||
- | Copy your cert and keys | + | |
- | < | + | |
- | + | ||
- | and start the service | + | |
- | < | + | |
- | + | ||
- | ==== Create client certificate ==== | + | |
- | + | ||
- | execute the following, if asked say " | + | |
- | < | + | |
- | + | ||
- | copy the client sampleconfig | + | |
- | < | + | |
- | + | ||
- | edit "/ | + | |
- | < | + | |
- | remote YOUROPENVPNSERVER 1194 | + | |
- | + | ||
- | #use these on qnap, make sure they exist | + | |
- | user nobody | + | |
- | group everyone | + | |
- | + | ||
- | #comment the 3 lines | + | |
- | #ca ca.crt | + | |
- | #cert client.crt | + | |
- | #key client.key | + | |
- | + | ||
- | #at the end of the file, add your ca, client-cert and client-key | + | |
- | < | + | |
- | -----BEGIN CERTIFICATE----- | + | |
- | ... | + | |
- | -----END CERTIFICATE----- | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | Certificate: | + | |
- | ... | + | |
- | -----END CERTIFICATE----- | + | |
- | ... | + | |
- | -----END CERTIFICATE----- | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | -----BEGIN PRIVATE KEY----- | + | |
- | ... | + | |
- | -----END PRIVATE KEY----- | + | |
- | </ | + | |
- | </ | + | |
- | + | ||
- | ===== Connecting a QNAP as client ===== | + | |
- | + | ||
- | Edit the file "/ | + | |
- | < | + | |
- | [OPENVPN_CLIENT1] | + | |
- | Enable = TRUE | + | |
- | Status = 1 | + | |
- | Index = 1 | + | |
- | Gateway = 0 | + | |
- | Allow Connect = 0 | + | |
- | Reconnect = 1 | + | |
- | Server Address = lunetikk.de | + | |
- | Profile File = OpenVPN4 | + | |
- | VPN Proto Type = udp | + | |
- | VPN Port = 1194 | + | |
- | Compress = 1 | + | |
- | Re-direct gateway = 1 | + | |
- | Encryption = 1 | + | |
- | AccessCode = AAA | + | |
- | Time Stamp = 0 | + | |
- | </ | + | |
- | + | ||
- | Start your client (parameter 1 is the index in your config) | + | |
- | < | + | |
- | + | ||
- | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | + | |
- | < | + | |
- | # ifconfig | + | |
- | tun0 Link encap: | + | |
- | inet Adresse: | + | |
- | + | ||
- | # ping 10.8.0.1 | + | |
- | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | + | |
- | </ | + | |
- | + | ||
- | ===== Connecting an Ubuntu 16 as client ===== | + | |
- | + | ||
- | Install the client | + | |
- | < | + | |
- | apt-get update | + | |
- | apt-get install openvpn | + | |
- | </ | + | |
- | + | ||
- | Copy the .ovpn file from your server to your client into / | + | |
- | Rename it to .conf, for example client.conf | + | |
- | < | + | |
- | mv client.ovpn client.conf | + | |
- | </ | + | |
- | + | ||
- | If you run OpenVPN with systemd you need to configure your configfiles in "/ | + | |
- | Add your filename (client) if you only want the single file to be recognized, add " | + | |
- | < | + | |
- | AUTOSTART=" | + | |
- | #or | + | |
- | AUTOSTART=" | + | |
- | + | ||
- | Reload the "/ | + | |
- | systemctl daemon-reload | + | |
- | + | ||
- | Restart the OpenVPN | + | |
- | < | + | |
- | + | ||
- | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | + | |
- | < | + | |
- | # ifconfig | + | |
- | tun0 Link encap: | + | |
- | inet Adresse: | + | |
- | + | ||
- | # ping 10.8.0.1 | + | |
- | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | + | |
- | </ | + | |
- | + | ||
- | ===== Raspbian 9 as client ===== | + | |
- | + | ||
- | Install the client | + | |
- | < | + | |
- | apt-get update | + | |
- | apt-get install openvpn | + | |
- | </ | + | |
- | + | ||
- | Copy the .ovpn file from your server to your client into / | + | |
- | Rename it to .conf, for example client.conf | + | |
- | < | + | |
- | mv client.ovpn client.conf | + | |
- | </ | + | |
- | + | ||
- | If you run OpenVPN with systemd you need to configure your configfiles in "/ | + | |
- | Add your filename (client) if you only want the single file to be recognized, add " | + | |
- | < | + | |
- | AUTOSTART=" | + | |
- | #or | + | |
- | AUTOSTART=" | + | |
- | + | ||
- | Reload the "/ | + | |
- | systemctl daemon-reload | + | |
- | + | ||
- | Restart the OpenVPN | + | |
- | < | + | |
- | + | ||
- | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | + | |
- | < | + | |
- | # ifconfig | + | |
- | tun0 Link encap: | + | |
- | inet Adresse: | + | |
- | + | ||
- | # ping 10.8.0.1 | + | |
- | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | + | |
- | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | + | |
- | </ | + | |
- | + | ||
- | and with systemctl | + | |
- | < | + | |
- | # systemctl status [email protected] | + | |
- | ● [email protected] - OpenVPN connection to client | + | |
- | | + | |
- | | + | |
- | Docs: man: | + | |
- | | + | |
- | | + | |
- | | + | |
- | Main PID: 1686 (openvpn) | + | |
- | | + | |
- | └─1686 | + | |
- | + | ||
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
- | Jan 21 12:56:40 raspbian ovpn-client[1686]: | + | |
</ | </ |