admin/3engines_doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

before changing links

Browse Source
This commit is contained in:
govardhan
2025-06-19 09:01:18 +05:30
commit 6686208bf1
1277 changed files with 29692 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/networking/Cannot-access-VM-with-SSH-or-PING-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,4 @@
Cannot access VM with SSH or PING on CloudFerro Cloud[](#cannot-access-vm-with-ssh-or-ping-on-brand-name "Permalink to this headline")
=======================================================================================================================================
Before contacting the Support, please make sure that the port 22 (SSH) is allowed in the Security Groups associated with your instance. If this is configured correctly, please try to perform a soft or hard reboot of your VM. Lack of connection could have been caused by the expired DHCP. Rebooting will allow you to get a fresh DHCP session and everything should work fine.

47
docs/networking/Cannot-ping-VM-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,47 @@
Cannot ping VM on CloudFerro Cloud[](#cannot-ping-vm-on-brand-name "Permalink to this headline")
=================================================================================================
If you have problems with access to your VM - ping is not responding. Try the following:
install the packages **net-tools** (to have the **ifconfig** command) and **arping**:
in CentOS:
```
sudo yum install net-tools arping
```
in Ubuntu:
```
sudo apt install net-tools arping
```
check the name of the interface connected to private network:
```
ifconfig
```
based on the response, find the number of the interface of 192.168.x.x (eth<number> or ens<number>)
after that invoke the following commands:
in CentOS:
```
sudo arping -U -c 2 -I eth<number> $(ip -4 a show dev eth<number> | sed -n 's/.*inet \([0-9\.]\+\).*/\1/p')
```
in Ubuntu:
```
sudo arping -U -c 2 -I ens<number> $(ip -4 a show dev ens<number> | sed -n 's/.*inet \([0-9\.]\+\).*/\1/p')
```
Next ping your external ip address and check if it helped.

67
docs/networking/Generating-a-SSH-keypair-in-Linux-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,67 @@
Generating an SSH keypair in Linux on CloudFerro Cloud[](#generating-an-ssh-keypair-in-linux-on-brand-name "Permalink to this headline")
=========================================================================================================================================
In order to generate an SSH keypair in Linux, we recommend using the command **ssh-keygen**.
If system does not see this packet installed, install the latest updates:
Ubuntu and Debian family
: ```
sudo apt-get update && apt-get install openssh-client
```
CentOS and Red Hat
: ```
sudo yum install openssh-clients
```
After that, use the following command in terminal:
```
ssh-keygen
```
with additional flags:
`-t`
: rsa authentication key type
`-b`
: 4096 bit length, 2048 if not specified. Available values: 1024, 2048, 4096.
The greater the value, the more complicated the key will be.
`-C`
: *user@server* name for identification at the end of the file
`-f`
: ~/.ssh/keys/keylocation location of folder with ssh keys
`-N`
: passphrase, can be omitted if user prefers connecting without additional key security
![ssh1.png](../_images/ssh1.png)
Application will ask for the name of the key. Press **Enter** for defaults:
> * **id\_rsa** for private and
> * **id\_rsa.pub** for public key and passphrase (pressing **Enter** ignores it).
![ssh2.png](../_images/ssh2.png)
Next, **ssh-keygen** will show
> * location, where the keys are saved,
> * fingerprint of keypair and certain
> * semi-graphic image as expression of randomness in generating unique key.
![ssh3.png](../_images/ssh3.png)
To avoid problem with rejecting files due to too open permissions, navigate to the folder containing both keys and enter command:
```
chmod 600 id_rsa && chmod 600 id_rsa.pub
```

15
docs/networking/How-can-I-access-my-VMs-using-names-instead-of-IP-addresses-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,15 @@
How can I access my VMs using names instead of IP addresses on CloudFerro Cloud[](#how-can-i-access-my-vms-using-names-instead-of-ip-addresses-on-brand-name "Permalink to this headline")
===========================================================================================================================================================================================
The VMs are seen simultaneously in several networks, at least in your “private” LAN and in the public Internet. By default the public addresses (Floating IPs, 185.48.x.x) have no associated names. You may assign such names from your DNS domain or you may request a name from us (as an additional service). The names provided by us have the following format:
```
computer_name.users.creodias.eu
```
where **computer\_name** is chosen by you.
If you need the name just to access the machine from your office workstation, the simplest way is to add its address and friendly name to **/etc/hosts**.
The VMs in a given project share a common “private” network by default it is **10.0.0.0/24**. You may create additional private networks with any addresses you like. However, they will not be equipped with DNS. If the machines are expected to recognize each other by their names, either **/etc/hosts** needs to be created and copied to all machines, or a private DNS may be run on one of them. Moreover, although the addresses are dynamically assigned, they are constant which means they do not change from the moment of creation to the moment of deletion of your machine.

19
docs/networking/How-can-I-open-new-ports-port-80-for-http-for-my-service-or-instance-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,19 @@
How can I open new ports for http for my service or instance on CloudFerro Cloud[](#how-can-i-open-new-ports-for-http-for-my-service-or-instance-on-brand-name "Permalink to this headline")
=============================================================================================================================================================================================
To open a new port for a service on an instance, click Project -> Network -> Security Groups and click “Create Security Group”.
By default, in the newly created group there will two Egress (outgoing) rules - for IPv4 and IPv6.
You need to create a new Ingress (incoming) rule that should look like this:
```
Ingress IPv4 TCP 80 (HTTP) 0.0.0.0/0
```
After creating a new Security Group you have to add it to your instance.
To do so, simply click Project -> Compute -> Instances, then select “Edit Security Groups” and add it by clicking the “+” button.
![edit.png](../_images/edit.png)

31
docs/networking/How-is-my-VM-visible-in-the-internet-with-no-Floating-IP-attached-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,31 @@
How is my VM visible in the internet with no Floating IP attached on CloudFerro Cloud[](#how-is-my-vm-visible-in-the-internet-with-no-floating-ip-attached-on-brand-name "Permalink to this headline")
=======================================================================================================================================================================================================
This article is written for clarification how an instance without a floating IP address would respond if we were to search for it it from an external machine.
How to find out what IP address is attached to VM?[](#how-to-find-out-what-ip-address-is-attached-to-vm "Permalink to this headline")
--------------------------------------------------------------------------------------------------------------------------------------
In Linux you can easily see your IP by executing command:
```
curl ifconfig.me
```
In Windows, the easiest way is visiting website that shows us our public and private IP address, for example: [whatismyipaddress.com/](https://whatismyipaddress.com//)
Is my VM visible from Internet without floating IP assigned?[](#is-my-vm-visible-from-internet-without-floating-ip-assigned "Permalink to this headline")
----------------------------------------------------------------------------------------------------------------------------------------------------------
No. If we dont associate a Floating IP to the VM, it wont be routable from the internet. By setting an IP address using the process mentioned above, we will only see the interface address of the router attached to the private network (by default 192.168.0.1)
Can I send data from my VM without a floating IP?[](#can-i-send-data-from-my-vm-without-a-floating-ip "Permalink to this headline")
------------------------------------------------------------------------------------------------------------------------------------
Yes. If you want to send data from your VM to an external server, you should also allow receiving packets from 192.168.0.1 in your firewall configuration.
Is my VM accessible from the outside without floating IP?[](#is-my-vm-accessible-from-the-outside-without-floating-ip "Permalink to this headline")
----------------------------------------------------------------------------------------------------------------------------------------------------
No. If a VM needs to be accessible from the Internet, a floating IP address must be attached to the instance. For more information on assigning Floating IPs to the instance, please see the following article: [How to Add or Remove Floating IPs to your VM on CloudFerro Cloud](How-to-Add-or-Remove-Floating-IPs-to-your-VM-on-CloudFerro-Cloud.html).

70
docs/networking/How-to-Add-or-Remove-Floating-IPs-to-your-VM-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,70 @@
How to Add or Remove Floating IPs to your VM on CloudFerro Cloud[](#how-to-add-or-remove-floating-ips-to-your-vm-on-brand-name "Permalink to this headline")
==============================================================================================================================================================
In order to make your VM accessible from the Internet, you need to use Floating IPs. Floating IPs in OpenStack are public IP addresses assigned to your Virtual Machines. Assignment of a Floating IP allows you (if you have your Security Groups set properly) to host services like SSH or HTTP over the Internet.
How to assign a Floating IP to your VM?[](#how-to-assign-a-floating-ip-to-your-vm "Permalink to this headline")
----------------------------------------------------------------------------------------------------------------
In the Instances tab in Horizon, click the dropdown menu next to your VM and choose **Associate Floating IP**.
![fip1.png](../_images/fip1.png)
You will be shown a window like this:
![fip2.png](../_images/fip2.png)
You may choose an address from the dropdown menu, but if its empty, you need to allocate an address first. Click the **+** icon on the right.
![fip3.png](../_images/fip3.png)
Click **Allocate IP**.
Warning
Please always choose the *external* network!
![fip4.png](../_images/fip4.png)
Select your newly allocated IP address and click **Associate**.
![fip5.png](../_images/fip5.png)
Note
The IP address should be associated with a local address from the **192.168.x.x** subnet. If you have a **10.x.x.x** address change it to an **192.168.x.x** address.
Click **Associate**.
Note
The VMs communicate between themselves trough an internal network **192.168.x.x** so if you are connecting from one Virtual Machine to another
you should use private addresses. If you try to connect your VM to the wrong network you will be notified by the following message:
![fip6.png](../_images/fip6.png)
You now have a public IP assigned to your instance. It is visible in the Instances menu:
![fip7.png](../_images/fip7.png)
You can now connect to your Virtual Machine trough SSH or RDP from the Internet.
How to disassociate a Floating IP?[](#how-to-disassociate-a-floating-ip "Permalink to this headline")
------------------------------------------------------------------------------------------------------
If you no longer need a public IP address you may disassociate it from your VM. Click **Dissasociate Floating IP** from the dropdown menu:
![fip8.png](../_images/fip8.png)
How to release a Floating IP (return it to the pool)?[](#how-to-release-a-floating-ip-return-it-to-the-pool "Permalink to this headline")
------------------------------------------------------------------------------------------------------------------------------------------
Floating IPs (just like any other OpenStack resource) have their cost when kept reserved and not used.
If you dont want to keep your Floating IPs reserved for your project you may release them to the OpenStack pool for other users which will also reduce the costs of your project.
Go to Project → Network → Floating IPs
![fip9.png](../_images/fip9.png)
For the address that is not in use, the **Release Floating IP** option will be available. Click it to release the IP address.

31
docs/networking/How-to-Import-SSH-Public-Key-to-OpenStack-Horizon-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,31 @@
How to import SSH public key to OpenStack Horizon on CloudFerro Cloud[](#how-to-import-ssh-public-key-to-openstack-horizon-on-brand-name "Permalink to this headline")
=======================================================================================================================================================================
If you already have an SSH key pair on your computer, you can import your public key to the Horizon dashboard. Then, you will be able to use that imported key when launching a new instance.
By importing it directly to Horizon, you will eliminate the need to use tools like **ssh-copy-id** or manually edit the **authorized\_keys** file. Also, your key will be available in OpenStack CLI.
Warning
After uploading your public key, you will not be able to apply it to an already created virtual machine. If you need to add a key to an existing VM, please follow this article instead: [How to add SSH key from Horizon web console on CloudFerro Cloud](How-to-add-SSH-key-from-Horizon-web-console-on-CloudFerro-Cloud.html).
Note
You can have multiple SSH keys uploaded to your Horizon dashboard. You can then use them for different tasks.
What We Are Going To Cover[](#what-we-are-going-to-cover "Permalink to this headline")
---------------------------------------------------------------------------------------
> * Preparation
> * Importing a Key
Prerequisites[](#prerequisites "Permalink to this headline")
-------------------------------------------------------------
No. 1 **Account**
You need a CloudFerro Cloud hosting account with access to the Horizon interface: <https://horizon.cloudferro.com>.
No. 2 **Generated SSH key pair**
You need a generated SSH key pair on your computer. If you do not have one yet, you can create it by following one of these articles:

41
docs/networking/How-to-add-SSH-key-from-Horizon-web-console-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,41 @@
How to add SSH key from Horizon web console on CloudFerro Cloud[](#how-to-add-ssh-key-from-horizon-web-console-on-brand-name "Permalink to this headline")
===========================================================================================================================================================
While using web console on your VM, you may face situation when you will have to enter SSH public key.
Unfortunately, copy/paste functionality in not supported by our console. For adding a key to an existing instance, the easiest method would be getting the key via curl.
For instance you may go to <https://pastebin.com/> and put your public key there (you can set if and how long content is visible to others and so on)
![pastebin1.png](../_images/pastebin1.png)
copy URL of raw pastebin content (for obtaining a raw content, click on “Raw” icon),
![pastebin2.png](../_images/pastebin2.png)
![pastebin3.png](../_images/pastebin3.png)
and issue the command from inside of instance:
```
curl <pastebin url here> > mykey.txt
```
![pastebin4.png](../_images/pastebin4.png)
After downloading the file, you may check if your key is saved correctly using cat command:
```
cat mykey.txt
```
![pastebin5.png](../_images/pastebin5.png)
Please note that the key must be put into /home/eouser/.ssh/authorized\_keys, because you can ssh to your instance as eouser, but not as eoconsole. So once you are eoconsole user and get the key as described above, you should use:
```
cat mykey.txt | sudo tee -a /home/eouser/.ssh/authorized_keys
```

38
docs/networking/How-to-connect-to-your-virtual-machine-via-SSH-in-Linux-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,38 @@
How to connect to your virtual machine via SSH in Linux on CloudFerro Cloud[](#how-to-connect-to-your-virtual-machine-via-ssh-in-linux-on-brand-name "Permalink to this headline")
===================================================================================================================================================================================
**1. Prerequisites:**
1.1. Private and public keys have been created. The key files were saved on the local disk of the VM you wish to connect to. It is recommended to put the keys in the **~/.ssh** folder.
1.2. During the VM setup, the generated key we want to use was assigned.
For example, when you create an SSH key named “**testkey**” in the Horizon dashboard, its name will appear next to your VM.
![ssh_linux1.png](../_images/ssh_linux1.png)
**2. Connecting to a virtual machine via SSH:**
2.1. If your virtual machine has already been assigned a Floating IP (the instances menu next to your virtual machine lists the IP address) you can proceed to the next step. If not, please follow the guide: [How to Add or Remove Floating IPs to your VM on CloudFerro Cloud](How-to-Add-or-Remove-Floating-IPs-to-your-VM-on-CloudFerro-Cloud.html).
2.2. Go to the **~/.ssh** folder where your SSH keys were saved to. Start your terminal (right click and click “Open in Terminal”).
2.3. Change the permissions of the private key file. In the case of the file named **id\_rsa**, type:
```
sudo chmod 600 id_rsa
```
Enter your password and confirm.
2.4. Once you have completed all of the steps above, you can log in. Let us assume that your generated and assigned Floating IP address in this case is **64.225.132.99**. Execute the following command in the terminal:
```
ssh [email protected]
```
2.5. The username in the terminal will change to **eouser**. This means that the SSH connection was successful.
![ssh_linux2.png](../_images/ssh_linux2.png)

60
docs/networking/How-to-create-a-network-with-router-in-Horizon-Dashboard-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,60 @@
How to create a network with router in Horizon Dashboard on CloudFerro Cloud[](#how-to-create-a-network-with-router-in-horizon-dashboard-on-brand-name "Permalink to this headline")
=====================================================================================================================================================================================
When you create a new project in Horizon, its content is empty. You have to manually configure your private network. In order to complete this task, please follow those steps.
1. Log in to your OpenStack dashboard and choose **Network** tab, then choose **Networks** sub-label.
![net1.png](../_images/net1.png)
2. Click on the **“Create Network”** button.
![net2.png](../_images/net2.png)
3. Define your Network Name and tick two checkboxes: **Enable Admin State** and **Create Subnet**. Go to Next.
![net3.png](../_images/net3.png)
4. Define your Subnet name. Assign a valid network address with mask presented as a prefix. (This number determines how many bytes are being destined for network address)
Define Gateway IP for your Router. Normally its the first available address in the subnet.
Go to Next.
![net4.png](../_images/net4.png)
5. In Subnet Details you are able to turn on DHCP server, assign DNS servers to your network and set up basic routing. In the end, confirm the process with **“Create”** button.
![net5.png](../_images/net5.png)
6. Click on the **Routers** tab.
![net6.png](../_images/net6.png)
7. Click on the **“Create Router”** button.
![net7.png](../_images/net7.png)
8. Name your device and assign the only available network → external. Finish by choosing **“Create Router”** blue button.
![net8.png](../_images/net8.png)
9. Click on your newly created Router (e.g called “Router\_1”).
![net9.png](../_images/net9.png)
10. Choose **Interfaces**.
![net10.png](../_images/net10.png)
11. Choose **+ Add Interface** button.
![net11.png](../_images/net11.png)
12. Assign a proper subnet and fill in IP Address. (Its the gateway for our network). Submit the process.
![net12.png](../_images/net12.png)
13. The internal interface has been attached to the router.
![net13.png](../_images/net13.png)

266
docs/networking/How-to-run-and-configure-Firewall-as-a-service-and-VPN-as-a-service-on-CloudFerro-Cloud.html.md Normal file
View File

@ -0,0 +1,266 @@
How to run and configure Firewall as a service and VPN as a service on CloudFerro Cloud[](#how-to-run-and-configure-firewall-as-a-service-and-vpn-as-a-service-on-brand-name "Permalink to this headline")
===========================================================================================================================================================================================================
Note
This guide provides a sample process for configuring VPN as a service. It should not be considered the only way to configure this solution.
To start the VPN as a service, it is necessary to configure and start the Firewall as a service.
The sequence of steps will be described below.
**Creating FWAAS infrastruture**
**Creating and configuring local networks**
1. Log in to your OpenStack dashboard and choose **Network** tab, then choose **Networks** sub-label.
![screen1.png](../_images/screen1.png)
2. Click on the **“Create Network”** button.
![screen2.png](../_images/screen2.png)
3. Define your Network Name as “Gateway” and go to Subnet Tab.
4. Define your Subnet name as “Gateway\_subnet”. Network address: **10.100.100.0/24** and gateway IP **10.100.100.1**.
![screen3.png](../_images/screen3.png)
5. In Subnet Details keep **Enable DHCP** marked. Rest of fields leave blank and click **Create** button.
![screen4.png](../_images/screen4.png)
6. Repeat this procedure from points 2-5 using different data:
* Network Name: **“Internal”**
* Subnet Name: **“Internal\_subnet”**
* Network Address: **10.200.200.0/24**
* Gateway IP: **10.200.200.1**
7. Click on the **Create Router** button.
![screen5.png](../_images/screen5.png)
8. Name your device as for example **“Router\_Fwaas”**. Choose **external** network in **External Network** tab. Click **Create Router**.
![screen6.png](../_images/screen6.png)
9. Click on your newly created Router (e.g called “Router\_Fwaas”).
![screen7.png](../_images/screen7.png)
10. Choose **Interfaces** and **Add Interface** button.
![screen8.png](../_images/screen8.png)
11. Choose from **Subnet** menu the **Gateway** subnet and click **Submit** button.
![screen9.png](../_images/screen9.png)
12. Choosing **Network -> Network Topology** the network topology should looks like this.
![scrn10.png](../_images/scrn10.png)
**Creating and configuring the VM with installed Firewall client**
13. Open **Compute -> Instances** tab and choose **Launch instance**.
![screen11.png](../_images/screen11.png)
14. Name the VM instance (for example **Firewall\_VM**) and go to **Source** tab.
![screen12.png](../_images/screen12.png)
15. Find **opnsense** image and add it to your VM. Go to **Flavor** tab.
![screen13.png](../_images/screen13.png)
16. Choose the specification of your VM. Prequisities to launch Firewall:
* Minimal: CPU 1 Core, 2 GB RAM memory, 8GB SSD drive (eo1.xmedium flavor)
* Optimal: CPU 2 Core, 4 GB RAM memory, 16GB SSD drive (eo1.medium flavor)
Go to **Networks** tab.
![screen14.png](../_images/screen14.png)
17. Add created local networks in correct order:
1. Internal network
2. Gateway network
![screen15.png](../_images/screen15.png)
18. Delete all security groups and open Configuration tab.
![screen16.png](../_images/screen16.png)
19. Paste configuration script presented below:
```
#cloud-config
runcmd:
- |
address=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
first=$(echo "$address" | /usr/bin/cut -d'.' -f1)
second=$(echo "$address" | /usr/bin/cut -d'.' -f2)
third=$(echo "$address" | /usr/bin/cut -d'.' -f3)
sed -i '' "s/<ipaddr>192.168.*.*<\/ipaddr>/<ipaddr>$first.$second.$third.1<\/ipaddr>/" /conf/config.xml
sed -i '' '/<disablefilter>enabled<\/disablefilter>/g' /conf/config.xml
reboot
```
![screen17b.png](../_images/screen17b.png)
Choose **launch instance**.
20. After creating VM click its name in instances tab.
![screen18.png](../_images/screen18.png)
21. Choose **interfaces** tab and click **edit port** next to each port.
![screen19.png](../_images/screen19.png)
22. Disable **port security** and click **update**.
![screen20.png](../_images/screen20.png)
23. Go to **Network -> Floating IPs** menu and choose **Allocate IP to project**.
![screen21.png](../_images/screen21.png)
24. Choose **Allocate IP**.
![screen22.png](../_images/screen22.png)
25. Click **Associate** next to newly generated **Floating IP** and assign it to your **Firewall\_VM** port.
![screen23.png](../_images/screen23.png)
26. After creation the Firewall VM LAN address **vtnet0** should be 10.200.200.1 (you can check it using console on Horizon).
![screen23a.png](../_images/screen23a.png)
**Configuring VPN service**
Prerequisities: For configuring your VPN server using Graphical Interface you need a VM with preinstalled GUI (for example MINT, XFCE etc.) and connected to **Internal** network. Click here for instructions how to install GUI on Ubuntu 20.04 VM: [How to Use GUI in Linux VM on CloudFerro Cloud and access it From Local Linux Computer](../cloud/How-to-use-GUI-in-Linux-VM-on-CloudFerro-Cloud-and-access-it-from-local-Linux-computer.html).
27. In your default WEB browser open IP **10.200.200.1**.
* User: **root**
* Password: **opnsense**
![screen24a.png](../_images/screen24a.png)
28. **Click VPN -> OpenVPN -> Servers** on the left. At the bottom of new page click the wand icon of **Use a wizard to setup a new server**.
![screen25a.png](../_images/screen25a.png)
29. On the Authentication Type Selection page, ensure Type of Server is set to **Local User Access** and click Next.
![screen26a.png](../_images/screen26a.png)
30. Set the fields in the following order:
* Decriptive name: **Name of your VPN Server Certificate** (eg. OPNsense-CA)
* Key lenght: **2048 bit**
* Lifetime: **Lifetime in days of your VPN Server certificate** (eg. 825)
* Country Code: **Two-letter ISO country code**
* State or Province: **Full State of Province name, not abbreviated**
* City: **City or other locality name**
* Organization: **Organization name, often the Company or Group name**
* Email: **E-mail address for the Certificate contact**
![screen27a.png](../_images/screen27a.png)
31. Click **Add new CA** to continue and **Add new Certificate** on the next page.
![screen28a.png](../_images/screen28a.png)
32. On the **Add a Server Certificate page**, set the **Descriptive name** to server, leave the Key length at **2048 bit** and set the Lifetime to **3650**.
![screen29b.png](../_images/screen29b.png)
33. Click **Create new Certificate** to continue.
34. The next page should be Server Setup, set the following:
* Set Interface to **WAN**
* Ensure Protocol is UDP and Port is **1194**
* Set a description, for example **“VPN Server”**
* Change DH Parameters Length to **4096**
* Change Encryption Algorithm to **AES-256-CBC (256 bit key, 128 bit block)**
* Change Auth Digest Algorithm to **SHA512 (512-bit)**
* In the IPv4 Tunnel Network field, enter **10.0.8.0/24**
* To allow access to machines on the local network, enter your local IP range in the Local Network setting. It should be **10.200.200.0/24**
* Set the Compression to **No Preference**
* Set DNS Server 1 to **10.0.8.1**
All other options can be left. Click Next.
![screen30b.png](../_images/screen30b.png)
35. On the Firewall Rule Configuration, tick both the **Firewall Rule** and **OpenVPN** rule checkboxes and click Next.
![screen31a.png](../_images/screen31a.png)
36. Now your VPN server is succesfully created.
![screen32a.png](../_images/screen32a.png)
**User Setup**
**Creating new User**
37. Click **System -> Access -> Users** on the left and choose **Add** icon on the left of Users page.
![screen33a.png](../_images/screen33a.png)
38. Enter a **Username**, **Password**, and tick the box Click to create a user certificate further down. Fill any other fields you would like, but they are not required. Choose **click to create a user certificate**.
![screen34a.png](../_images/screen34a.png)
39. You will be taken to a Certificates page. Select **Create an internal Certificate** in the Method drop down box. The page will re-arrange itself.
40. Ensure **Certificate Authority** is the name we created during the wizard which should be **OPNsense-CA**, and Type is **Client Certificate**.
![screen35a.png](../_images/screen35a.png)
41. Change Lifetime (days) of the certificate and click **Save**.
![screen36.png](../_images/screen36.png)
42. You will be taken back to the **Create User** page, **User Certificates** should now have an entry, click Save down the bottom again.
**Setting UP Open VPN Client**
For connect to your VPN server you need a VPN client. You can use one of the reccomended software like OpenVPN or Viscocity. Below you can find the insctructions how to use Open VPN client for connecting to VPN Server.
**Export Connection from OPNsense**
43. Click **VPN -> OpenVPN -> Client Export** on the left. Change hostname to Floating IP assigned to your VPN Server.
![scrn30.png](../_images/scrn30.png)
44. Click the cloud icon next to your username or server name to download certificate and configuration files.
![scrn28.png](../_images/scrn28.png)
45. Unpack downloaded configuration files and find Open VPN config file.
**For Windows PCs:**
46. Download and install the newest version of Open VPN. You can find it here: <https://openvpn.net/community-downloads/>
47. Save all the connfiguration files in **C:/Program Files/OpenVPN/config** and try to connect using pre-configured credentials.
**For Linux (Ubuntu) PCs**
48. Open the Terminal in folder which contains configuration files.
49. Use commands presented below:
```
sudo apt update
sudo nmcli connection import type openvpn file nameofyourovpnconffile.ovpn
```
50. Try to connect to VPN using Ubuntu configuration bar (right up corner) and apropriate credentials.

2
docs/networking/networking.html.md Normal file
View File

@ -0,0 +1,2 @@
NETWORKING[](#networking "Permalink to this headline")
=======================================================