ChaosVPN简要配置过程

空心工具分享 2017-07-11

1681 0 0

ChaosVPN配置方法

//*ChaosVPN是一个连接黑客和黑客空间的工具，以及。。进入某些网络的前置条件

简单介绍一下配置方法,以及可能遇到的错误和解决方法:

以下操作均在Linux下完成

测试采用的是Parrot OS

安装依赖

apt-get install tinc iproute2
apt-get install build-essential git bison flex libssl-dev zlib1g-dev debhelper devscripts

1 2	apt-get install tinc iproute2 apt-get install build-essential git bison flex libssl-dev zlib1g-dev debhelper devscripts

//如果tinc已经自带可以直接跳过安装，可能会遇到错误:

E: 软件包 bison 没有可安装候选

1	E: 软件包 bison 没有可安装候选

不影响，继续

添加chaosvpn的软件源：

vi /etc/apt/sources.list:

1	vi /etc/apt/sources.list:

添加:

deb http://debian.sdinet.de/ stable chaosvpn
deb-src http://debian.sdinet.de/ stable chaosvpn

1 2	deb http://debian.sdinet.de/ stable chaosvpn deb-src http://debian.sdinet.de/ stable chaosvpn

然后

apt-get update

1	apt-get update

可能会提示GPG 错误

    apt-get install chaosvpn

1	apt-get install chaosvpn

如果提示错误无法安装

    vi /etc/apt/sources.list

1	vi /etc/apt/sources.list

添加:

    deb http://security.debian.org/debian-security wheezy/updates main

1	deb http://security.debian.org/debian-security wheezy/updates main

安装之前缺失的依赖

    apt-get update
    apt-get install libssl1.0.0

1 2	apt-get update apt-get install libssl1.0.0

然后

apt-get install chaosvpn

1	apt-get install chaosvpn

安装完成后

进行tinc和chaosvpn的对接操作

mkdir -p /etc/tinc/chaos
tincd --ne=chaosvpn --generate-keys=2048

1 2	mkdir -p /etc/tinc/chaos tincd --ne=chaosvpn --generate-keys=2048

可能会提示

    Error opening file `/etc/tinc/=chaosvpn/rsa_key.priv': No such file or directory

1	Error opening file `/etc/tinc/=chaosvpn/rsa_key.priv': No such file or directory

输入

mkdir  /etc/tinc/chaos/ecdsa_key.priv

1	mkdir /etc/tinc/chaos/ecdsa_key.priv

再执行

tincd --ne=chaosvpn --generate-keys=2048

1	tincd --ne=chaosvpn --generate-keys=2048

两次选择路径保存公钥和私钥(写信时候需要)

![A7]8VENV}T8$127UB9%GMJ.png

1	![A7]8VENV}T8$127UB9%GMJ.png

之后：

vi /etc/tinc/chaosvpn.conf

1	vi /etc/tinc/chaosvpn.conf

修改参数

$ my_vpn_ip = 172.31。<your Subnet>。[1-255]

1	$ my_vpn_ip = 172.31。<your Subnet>。[1-255]

只能使用a-z,0-9和下划线

ip地址要改为172.31.x.x

保存退出，到此配置文件结束。ps:你要加入chaosVPN还必须写一封介绍信来表明你的动机，发送邮件到

chaosvpn-join@hamburg.ccc.de

1	chaosvpn-join@hamburg.ccc.de

如果成功加入，在终端输入chaosvpn,可以看一些信息（由于我懒得写介绍信了这里就不截图了有兴趣同学可以自己搞）

介绍信的内容为:

[<nodename>]

sponsor=
# Name a person/nickname/nodename or organisation/hackerspace already on ChaosVPN that will
# vouch for you getting access.

gatewayhost=<clienthost>
# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with  IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

owner=
# (mandatory, must include)
# Admin of the VPN gateway, with email address - a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# "I cannot accept inbound tunnel connections, I can only connect out."
# (e.g. behind a NAT)
silent=0
# (optional)
# "I cannot connect out, but you can connect to me."
# Only ONE of hidden=1 or silent=1 is possible. 

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

-----BEGIN RSA PUBLIC KEY-----
....
-----END RSA PUBLIC KEY-----
# (mandatory)
# rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub

[<nodename>]

sponsor=

# Name a person/nickname/nodename or organisation/hackerspace already on ChaosVPN that will

# vouch for you getting access.

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.

# If the client is not reachable over the internet leave it out and set hidden=1 below.

# If possible supply a hostname (even dyndns) and not an ip address for easier changing

# from your side without touching the central config.

network=<ipv4 subnet in the vpn>

network6=<ipv6 subnet in the vpn>

# (mandatory, must include)

# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional

# These subnets must be unique in our vpn,

# simply renumber your home network (or use something like NETMAP) with a network block that is still free.

# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

owner=

# (mandatory, must include)

# Admin of the VPN gateway, with email address - a way to contact the responsible

# person in case of problems with your network link.

port=4712

# (optional)

# if not specified tinc works on tcp+udp port 655

# it is better if everyone chooses a random port for this.

# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0

# (optional)

# "I cannot accept inbound tunnel connections, I can only connect out."

# (e.g. behind a NAT)

silent=0

# (optional)

# "I cannot connect out, but you can connect to me."

# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>

# (optional)

# tinc 1.1pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

-----BEGIN RSA PUBLIC KEY-----

....

-----END RSA PUBLIC KEY-----

# (mandatory)

# rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub

ps:你要删除那些#号开头的行，那些只是介绍。

最后

启动chaosvpn

/etc/init.d/chaosvpn start

1	/etc/init.d/chaosvpn start

提示ok即代表启动成功

查看chaosvpn网络端口

route -n

route -n

这篇日志的 t.cn 短域名为：http://t.cn/RKfRl1E

原文链接：https://www.77169.com/html/156950.html

本文由安全周作者：空心发表，转载请注明来源！

工具分享