Added VPN documentation

README.md

@@ -8,6 +8,7 @@
 1. [Deploying the stack](kubernetes/README.md#configuration)
 1. [Configuring new users](doc/keycloak/UsersConfiguration.md)
 1. [Authorization for new user](doc/keycloak/UserAuthorizations.md)
+2. [VPN Setup](doc/vpn/README.md)
 1. [Backup and Recovery](doc/BackupAndRecovery.md)
 
 ## Acknowledgement

doc/vpn/README.md

@@ -0,0 +1,39 @@
+# VPN Documentation
+
+## SoftEther VPN with OpenVPN Communication Protocol
+
+This guide explains the advantages and key considerations for configuring SoftEther VPN with the OpenVPN communication protocol.
+
+### Advantages of SoftEther VPN with OpenVPN:
+
+1. **Enhanced Security:**
+   - A robust combination of OpenVPN's strong encryption and SoftEther's advanced features provides excellent security for your network traffic.
+
+2. **Cross-Platform Compatibility:**
+   - Works seamlessly on various operating systems, ensuring flexibility for users on different devices.
+
+3. **High Performance:**
+   - SoftEther and OpenVPN offer fast and reliable VPN connections, making it ideal for high data transfer requirements.
+
+4. **Easy Configuration:**
+   - User-friendly interfaces cater to both beginners and experts, allowing for quick setup and customization.
+
+5. **Scalability:**
+   - Adaptable for small businesses to large enterprises, accommodating network growth.
+
+6. **Flexibility and Versatility:**
+   - Supports multiple connection methods and network environments, making it adaptable to various use cases.
+
+7. **Extensive Protocol Support:**
+   - Provides compatibility with multiple VPN protocols, offering flexibility in protocol selection.
+
+8. **Community and Support:**
+   - Active user communities ensure ongoing support, updates, and access to a wealth of online resources.
+
+### Setup SoftEther VPN with OpenVPN communication protocol:
+1. **Setup VPN Server**
+   - Follow the [VPN Server Configuration](VPNServerConfiguration.md)
+
+2. **Configuring a New Node as Client in the Federation**
+   - Follow the [VPN Client Configuration](VPNClientConfiguration.md)
+

doc/vpn/VPNClientConfiguration.md

@@ -0,0 +1,90 @@
+# VPN Client Configuration Guide
+
+## Overview
+Our streamlined `openvpn_setup.sh` script is designed to simplify and automate the process of configuring a client machine to connect to a VPN using OpenVPN. This comprehensive script handles various tasks, including package installation, VPN configuration retrieval, credential setup, network configuration with Netplan, and OpenVPN service initiation.
+
+## Accessing the Script
+
+To obtain the `openvpn_setup.sh` script, use the following SCP (Secure Copy Protocol) command:
+
+```bash
+scp [email protected]:openvpn/openvpn_setup.sh .
+```
+
+## Prerequisites
+
+Before running the script, ensure the following:
+
+- **Root User**: The script should be executed as the root user for necessary permissions.
+- **Software Compatibility**: Ensure OpenVPN and Netplan are compatible with your system.
+
+## Script Details
+
+### Configuration Variables
+
+- `VPN_LINK`: The VPN server's domain or IP address.
+- `VPN_CONFIG_FILE`: Path to the OpenVPN configuration file.
+- `VPN_CREDS_FILE`: Location of the file storing VPN credentials.
+- `VPN_REMOTE_CONFIG_FILE`: Name of the remote OpenVPN configuration file.
+- `VPN_SSH_USER`: SSH username for accessing the VPN server.
+- `VPN_REMOTE_PATH`: Path on the VPN server for configuration retrieval.
+- `VPN_HUB`, `VPN_USER`, `VPN_PASS`: Specific settings for the VPN such as hub name, user, and password.
+- `VPN_DEV`, `VPN_CIDR_ADDRESS`, `VPN_CIDR_ROUTE`, `VPN_GATEWAY`: Network interface and routing details for Netplan setup.
+
+### Functional Overview
+
+- `log()`: Function to log messages with timestamp.
+- `handle_error()`: Error handling and script termination.
+- `install_package()`: Automated installation of required packages using `apt-get`.
+- `get_ssh_user()`: Fetches the SSH username for VPN server access.
+- `get_vpn_dev()`: Identifies the VPN network device based on the OpenVPN config.
+- `get_network_config()`: Interactive setup for VPN network configurations and client-specific settings.
+
+### Initial Operations
+
+- Checks for root privileges.
+- Installs `openvpn` and `netplan.io` if not present.
+
+### VPN Configuration Retrieval
+
+- Determines the SSH user.
+- Fetches and stores the VPN configuration from the server.
+
+### OpenVPN Credential Setup
+
+- Retrieves network settings.
+- Writes VPN credentials to the specified file.
+
+### Netplan Configuration
+
+- Generates a Netplan configuration file with static IP and routing parameters.
+
+### Configuration File Verification
+
+After setup, verify the accuracy of key configuration files:
+
+#### OpenVPN Configuration (`/etc/openvpn/client/vpn.hbp.link.conf`)
+
+- **Purpose**: Stores the VPN's specific settings.
+- **Verification**: Ensure alignment with VPN VM settings.
+
+#### OpenVPN Credentials (`/etc/openvpn/client/vpn.hbp.link.creds`)
+
+- **Format**: `node-identifier@hub-name/federation` followed by the password.
+- **Example**:
+  ```bash
+  example_worker@example_federation
+  1234
+  ```
+
+#### Netplan Configuration (`/etc/netplan/02-vpn.hbp.link.yaml`)
+
+- **Check**: Confirm correct network device, IP address, and routing setup.
+
+### Enabling and Starting OpenVPN Service
+
+- Activates the OpenVPN service with the new configuration.
+
+### Final Confirmation and Activation
+
+- Prompts the user for immediate VPN configuration application. On confirmation, it applies Netplan settings and starts the OpenVPN service.

doc/vpn/VPNServerConfiguration.md

@@ -0,0 +1,115 @@
+# VPN Server Configuration
+
+## Introduction
+
+This documentation outlines the steps required to configure a VPN using the `vpncmd` command-line tool. The goal is to create and configure VPN hubs, users, and their corresponding passwords.
+
+## Step 1: Disable and Stop Services
+
+Before starting the VPN configuration, ensure that the following services are disabled and stopped:
+
+```bash
+systemctl disable vpnbridge
+systemctl stop vpnbridge
+systemctl disable vpnclient
+systemctl stop vpnclient
+```
+
+## Step 2: Install SoftEther VPN server
+Follow the official [SoftEther VPN Server Installation](https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server).
+
+
+## Step 3: Access `vpncmd` Command
+
+Run the `vpncmd` command to access the VPN configuration interface.
+
+```bash
+vpncmd
+```
+
+## Step 3: Set Server Password
+
+Set the server password using the following command. Replace `(K........k pass)` with the actual password.
+
+```bash
+serverpasswordset (K........k pass)
+```
+
+## Step 4: Enable VPN Over ICMP/DNS
+
+Enable VPN over ICMP and DNS with the following command.
+
+```bash
+vpnovericmpdnsenable
+```
+
+## Step 5: OpenVPN Configuration
+
+Enable OpenVPN with UDP ports 1194, 1195, 1196, 1197, 11194, 11195, 11196, and 11197.
+
+```bash
+openvpnenable
+yes
+udp ports:
+   1194, 1195, 1196, 1197, 11194, 11195, 11196, 11197
+```
+
+## Step 6: Create Listeners
+
+Create TCP listeners on the specified ports.
+
+```bash
+listenercreate tcp 1195
+listenercreate tcp 1196
+listenercreate tcp 1197
+listenercreate tcp 11194
+listenercreate tcp 11195
+listenercreate tcp 11196
+listenercreate tcp 11197
+```
+
+## Step 7: Generate OpenVPN Configuration
+
+Generate the OpenVPN configuration file using the following command.
+
+```bash
+openvpnmakeconfig
+```
+
+## Step 8: Create VPN Hub
+
+Create a VPN hub using the following format. Replace `(m......1 pass)` with an actual hub passwords.
+
+**Hub: example-hub**
+
+```bash
+hubcreate
+hub example-hub (m......1 pass)
+securenathostset
+   <GATEWAY_VPN_IP> (e.g 10.86.<federation specific>.1)
+   255.255.255.0
+dhcpdisable
+securenatenable
+usercreate
+   mipgw
+   mipintns1
+   proxy
+   ms
+   wk-1
+   wk-2
+   .
+   .
+   .
+userpasswordset
+   mipgw, <password>
+   mipintns1, <password>
+   proxy, <password>
+   ms, <password>
+   wk-1, <password>
+   wk-2, <password>
+   .
+   .
+   .
+```
+
+Please follow these steps carefully to configure your VPN using the `vpncmd` tool.