{"id":61,"date":"2008-05-21T14:51:11","date_gmt":"2008-05-21T12:51:11","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=61"},"modified":"2008-05-21T15:10:43","modified_gmt":"2008-05-21T13:10:43","slug":"installation-dun-serveur-vpn","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=61","title":{"rendered":"Installation d&rsquo;un serveur VPN : la base"},"content":{"rendered":"<p>installation serveur VPN debian Etch (exemple avec vpn2.univ-fcomte.fr en 194.57.89.65)<\/p>\n<p><code><small>swap     2Go   primaire<br \/>\n\/boot    0.1Go primaire<br \/>\n\/        1Go   primaire<br \/>\n\/usr     5Go   logique<br \/>\n\/tmp     1Go   logique<br \/>\n\/var    24Go   logique<br \/>\n\/backup 37Go   logique<\/small><\/code><\/p>\n<p><code><small>vi \/etc\/apt\/sources.list<\/small><\/code><br \/>\nmettre un # devant le cdrom<\/p>\n<p><code><small>apt-get install vlan<br \/>\nmodprobe 8021q<br \/>\necho \"8021q\" >> \/etc\/modules<\/small><\/code><\/p>\n<p>modifier le fichier <code><small>\/etc\/network\/interfaces<br \/>\n#auto eth0<br \/>\n#iface eth0 inet static<\/p>\n<p>auto eth1<br \/>\niface eth1 inet static<br \/>\n        address 194.57.89.65<br \/>\n        netmask 255.255.255.240<br \/>\n        network 194.57.89.64<br \/>\n        broadcast 194.57.89.79<br \/>\n        gateway 194.57.89.78<br \/>\n        # dns-* options are implemented by the resolvconf package, if installed<br \/>\n        dns-nameservers 194.57.91.200<br \/>\n        dns-search univ-fcomte.fr<br \/>\n        #mtu 1400<\/small><\/code><\/p>\n<p>un <code><small>\/etc\/init.d\/network restart<\/small><\/code> ne suffit pas (eth0 reste configur\u00c3\u00a9) => reboot de la machine.<br \/>\n=> corrig\u00c3\u00a9 par la proc\u00c3\u00a9dure suivante :<br \/>\n&#8211; stopper l&rsquo;interface (ifdown eth&#8230;)<br \/>\n&#8211; modifier les interfaces (suppression\/ajout\/modif)<br \/>\n&#8211; relancer l&rsquo;interface (ifup eth&#8230;)<\/p>\n<p>configurer le commutateur pour mettre le port correspondant \u00e0 eth0 en trunk<\/p>\n<p>modification du fichier <code><small>\/etc\/sysctl.conf<\/small><\/code><br \/>\najout de :<br \/>\n<code><small>net.ipv4.icmp_ignore_bogus_error_responses=1<br \/>\nnet.ipv4.conf.all.log_martians=0<br \/>\nnet.ipv4.conf.default.rp_filter=0<br \/>\nnet.ipv4.conf.all.accept_redirects=0<br \/>\nnet.ipv4.conf.all.send_redirects=0<br \/>\nnet.ipv4.ip_forward=1<br \/>\nnet.ipv4.conf.all.arp_ignore=1<br \/>\nnet.ipv4.conf.all.arp_announce=2<\/small><\/code><\/p>\n<p><code><small>sysctl -p<\/small><\/code><\/p>\n<p><code><small>apt-get install ssh x-window-system vim emacs openswan traceroute wireshark tcpdump<\/small><\/code><\/p>\n<p><code><small>apt-get install sendmail logwatch tripwire rsync ntp<\/small><\/code><br \/>\nmodif du fichier sendmail :<br \/>\n<code><small>DS[smtp.univ-fcomte.fr]<br \/>\nDMvpn2.univ-fcomte.fr<\/small><\/code><\/p>\n<p><code><small>\/etc\/init.d\/sendmail restart<\/small><\/code><\/p>\n<p><code><small>vi \/etc\/aliases<br \/>\nroot : vpn-master@univ-fcomte.fr<br \/>\nnewaliases<\/small><\/code><\/p>\n<p>mettre \u00e0 jour le serveur DNS avec vpn2.univ-fcomte.fr 194.57.89.65<\/p>\n<p>config de <code><small>\/etc\/ntp.conf<br \/>\nserver ntp.univ-fcomte.fr prefer<br \/>\nserver cri-08.univ-fcomte.fr<\/small><\/code><\/p>\n<p><code><small>apt-get remove exim4<\/small><\/code><\/p>\n<p><code><small>rsync -av 194.57.91.250:\/etc\/ipsec* \/etc\/<\/small><\/code><br \/>\nconfig avec la valeur ip du serveur<\/p>\n<p><code><small>vi \/etc\/apt\/sources.list<br \/>\ndeb http:\/\/172.20.65.21\/debian\/ etch-lifc main<br \/>\napt-get update<br \/>\nwget http:\/\/172.20.65.21\/etch\/lifc-apt.key<br \/>\napt-key add lifc-apt.key<br \/>\napt-get install xl2tpd radiusclient1<br \/>\napt-get remove l2tpd<br \/>\nrsync -av 194.57.91.250:\/etc\/radiusclient \/etc\/<\/small><\/code><br \/>\najout du serveur VPN dans les clients RADIUS sur le serveur RADIUS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>installation serveur VPN debian Etch (exemple avec vpn2.univ-fcomte.fr en 194.57.89.65) swap 2Go primaire \/boot 0.1Go primaire \/ 1Go primaire \/usr 5Go logique \/tmp 1Go logique \/var 24Go logique \/backup 37Go logique vi \/etc\/apt\/sources.list mettre un # devant le cdrom apt-get install vlan modprobe 8021q echo \u00ab\u00a08021q\u00a0\u00bb >> \/etc\/modules modifier le fichier \/etc\/network\/interfaces #auto eth0 #iface [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[85,14,31],"class_list":["post-61","post","type-post","status-publish","format-standard","hentry","category-informations-techniques","tag-installation","tag-serveur","tag-vpn"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/61","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=61"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/61\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=61"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=61"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=61"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}