Skip to content

Two hosts configuration sample

Jump to bottom
Julien Kauffmann edited this page Sep 30, 2013 · 6 revisions

In this tutorial, you will learn how to setup a virtual private network between two hosts with freelan.

For simplicity's sake, we will name the first host AlicePC and the second host BobPC.

Are you ready ?

Before continuing this tutorial, ensure that the following conditions are satisfied:

  • You know how to generate X509 certificates.
  • You have read about the configuration files.
  • You have administrative privileges on both AlicePC and BobPC (or have access to someone who does).
  • Freelan is installed on both hosts.
  • If either host is behind a NATed router, you have administrative privileges on the router and are allowed to change its configuration.
  • You have a legal right to establish a virtual private network tunnel between the two hosts.

Ready then ? Move on !

Our goal

AlicePC's public hostname is alice.freelan.org. BobPC's public hostname is bob.freelan.org.

Both AlicePC and BobPC are behind a NATed router and the following port forwarding settings have been set:

  • alice.freelan.org:12000 UDP is forwarded to AlicePC:12000 UDP.
  • bob.freelan.org:12001 UDP is forwarded to BobPC:12000 UDP.

At the end of this tutorial the hosts will have the following settings:

  • Virtual IPv4 network: 9.0.0.0/24
  • AlicePC's Virtual IPv4 address: 9.0.0.1
  • AlicePC's Virtual IPv6 address: 2aa1::1
  • BobPC's Virtual IPv4 address: 9.0.0.2
  • BobPC's Virtual IPv6 address: 2aa1::2

Configuration

For all scenarios, we will assume that your initial configuration is the one written by default by the freelan installer.

Windows

First we will add a contact address so that the hosts knows who to contact.

Find the line beginning with #contact=. Below this line, add a contact line.

For AlicePC:

[fscp]
contact=bob.freelan.org:12001

For BobPC:

[fscp]
contact=alice.freelan.org:12000

Note: If you don't specify a port number for a contact entry, freelan will assume 12000 as a default.

We will then configure the virtual IPv4 address settings. Ensure that the following parameters have the specified values:

For AlicePC:

[tap_adapter]
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8

For BobPC:

[tap_adapter]
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8

Finally, we need to configure the certificates on both hosts.

For AlicePC:

Copy the alice.crt, alice.key and ca.crt files into the config folder.

In the configuration file, set the following parameters:

[security]
signature_certificate_file=config/alice.crt
signature_private_key_file=config/alice.key
authority_certificate_file=config/ca.crt

For BobPC:

Copy the bob.crt, bob.key and ca.crt files into the config folder.

In the configuration file, set the following parameters:

[security]
signature_certificate_file=config/bob.crt
signature_private_key_file=config/bob.key
authority_certificate_file=config/ca.crt

Then type the following commands (as an administrator) to restart the Windows service:

>net stop "freelan service"
>net start "freelan service"

If the service starts, congratulations ! It works !

Linux

The changes to the configuration files are exaclty the same than the ones described in the Windows. Just remember that linux require absolute paths for external files like the certificates.

Once you are done with the configuration changes, start (or restart) the freelan daemon (as root):

# /etc/init.d/freelan restart

If the command runs without any error: congratulations ! It works.

Details

The configuration files for both hosts, after the comments have been stripped are:

For AlicePC:

[fscp]
hostname_resolution_protocol=ipv4
listen_on=0.0.0.0:12000
hello_timeout=3000
contact=bob.freelan.org:12001
[tap_adapter]
enabled=yes
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
arp_proxy_enabled=no
arp_proxy_fake_ethernet_address=00:aa:bb:cc:dd:ee
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
[switch]
routing_method=switch
relay_mode_enabled=no
[security]
signature_certificate_file=config/alice.crt
signature_private_key_file=config/alice.key
certificate_validation_method=default
authority_certificate_file=config/ca.crt
certificate_revocation_validation_method=none

For BobPC:

[fscp]
hostname_resolution_protocol=ipv4
listen_on=0.0.0.0:12000
hello_timeout=3000
contact=alice.freelan.org:12000
[tap_adapter]
enabled=yes
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
arp_proxy_enabled=no
arp_proxy_fake_ethernet_address=00:aa:bb:cc:dd:ee
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
[switch]
routing_method=switch
relay_mode_enabled=no
[security]
signature_certificate_file=config/bob.crt
signature_private_key_file=config/bob.key
certificate_validation_method=default
authority_certificate_file=config/ca.crt
certificate_revocation_validation_method=none

These files contain Windows paths so be sure to change them if you intend to use them on Linux.

Clone this wiki locally