[TUTO] Installation Mullvad en Openvpn

laster13 · Post by **laster13** » 21 Apr 2014 14:59

Voila comment j ai procédé.

Testé dans les conditions suivantes: ASRock E350M1/USB3, AMD E-350 Processor, 4GO DDR3, 2 Disques dur western digital de 1T formatés en ZFS montés en mirror, 9.2.0.1 - Shigawire (revision 972) installée sur disque dur, Freebox V6

Si vous avez besoin d'aide, merci de poster sur le [Topic unique] Installation Openvpn !!

Se connecter en ssh (en root) via putty (à télécharger n importe ou sur le net)

Ensuite suivre les procédures suivantes

Pour un montage unionFS il faut créer une partition UFS formatée... 2go suffiront

Code: Select all

zfs create -V 2G pool1/openvpn
newfs /dev/zvol/pool1/openvpn
mkdir /mnt/openvpn
mount /dev/zvol/pool1/openvpn /mnt/openvpn

Code: Select all

cd /mnt/openvpn
mkdir usr
mkdir var
mkdir tmp

Code: Select all

mount_unionfs -o w /mnt/openvpn/usr/ /usr/
mount_unionfs -o w /mnt/openvpn/var/ /var/

Code: Select all

setenv PKG_TMPDIR /mnt/openvpn/tmp/
setenv PACKAGESITE "ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-9.2-release/Latest/"
pkg_add -rv openvpn

Il est temps maintenant de souscrire un abonnement mullvad openvpn

Télécharger sur leur site les fichiers de configuration:

ca.crt
master.mullvad.net.crt
mullvad.crt
mullvad.key
mullvad_windows.conf.ovpn
openvpn.conf

Celui concernant windows on le laisse de coté, quand à openvpn.conf, je sais plus au départ s il est renommé par défaut en .conf mais en tout cas le faire c est pas fait

Ensuite éditer openvpn.conf et dedans mettre le script ci dessous!! ne rien changer!! penses a ouvrir le port 1300 en UDP dans la box

Code: Select all

# Notice to Mullvad customers:
# 
# Apart from openvpn, you also need to install the
# package "resolvconf", available via apt, e.g.
#
# For those of you behind very restrictive firewalls,
# you can use our tunnels on tcp port 443, as well as
# on udp port 53.
client

dev tun

proto udp
#proto udp
#proto tcp

remote openvpn.mullvad.net 1300
cipher AES-256-CBC

#remote openvpn.mullvad.net 443
#cipher BF-CBC

#remote openvpn.mullvad.net 53
#cipher BF-CBC

#remote se.mullvad.net 1300 # Servers in Sweden
#cipher AES-256-CBC

#remote nl.mullvad.net 1300 # Servers in the Netherlands
#cipher AES-256-CBC

#remote de.mullvad.net 1300 # Servers in Germany
#cipher AES-256-CBC

#remote us.mullvad.net 1300 # Servers in the USA
#cipher AES-256-CBC

#remote openvpn.mullvad.net 1194
#remote openvpn.mullvad.net 443
#remote openvpn.mullvad.net 53
#remote se.mullvad.net # Servers in Sweden
#remote nl.mullvad.net # Servers in the Netherlands
#remote de.mullvad.net # Servers in Germany
#remote us.mullvad.net # Servers in the USA

# Tunnel IPv6 traffic as well as IPv4
#tun-ipv6

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

#remote-cert-tls server

ping-restart 60

# Allow calling of built-in executables and user-defined scripts.
script-security 2

# Parses DHCP options from openvpn to update resolv.conf
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf

ping 10

ca ca.crt
cert mullvad.crt
key mullvad.key

#crl-verify crl.pem

# Limit range of possible TLS cipher-suites
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA

Sauvegarder et fermer

On retourne sur la console ssh

Code: Select all

mkdir /mnt/pool1/extensions/usr/local/etc/openvpn

Avec un logiciel ftp ..fizella par exemple placer les 5 fichiers de suivant ds le dossier openvpn créé précédemment (si des problèmes de permissions en ssh taper:

Code: Select all

chmod -R 777 /mnt/pool1/extensions/usr/local/etc/openvpn

ca.crt
master.mullvad.net.crt
mullvad.crt
mullvad.key
openvpn.conf

Dernière étape:

Aller sur l interface de nas4free dans Système|Avancé|rc.conf et rajouter les 2 commandes suivantes:

Code: Select all

openvpn_enable=YES
openvpn_if=tun

On démarre maintenant openvpn

Code: Select all

/usr/local/etc/rc.d/openvpn start /usr/local/etc/openvpn/openvpn.conf

Voila ce que vous devez voir dans le journal de Nas4free

Code: Select all

May 17 15:51:57	nas4free	openvpn[8597]: OpenVPN 2.3.2 amd64-portbld-freebsd9.1 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 9 2013
May 17 15:51:57	nas4free	openvpn[8597]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 17 15:51:57	nas4free	openvpn[8597]: WARNING: file 'mullvad.key' is group or others accessible
May 17 15:51:57	nas4free	openvpn[8597]: Socket Buffers: R=[65536->65536] S=[57344->65536]
May 17 15:51:57	nas4free	openvpn[8598]: UDPv4 link local: [undef]
May 17 15:51:57	nas4free	openvpn[8598]: UDPv4 link remote: [AF_INET]193.138.219.227:1300
May 17 15:51:57	nas4free	openvpn[8598]: TLS: Initial packet from [AF_INET]193.138.219.227:1300, sid=8c73b7b4 78527aee
May 17 15:51:58	nas4free	openvpn[8598]: VERIFY OK: depth=2, C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA, emailAddress=info@mullvad.net
May 17 15:51:58	nas4free	openvpn[8598]: VERIFY OK: depth=1, C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net, emailAddress=info@mullvad.net
May 17 15:51:58	nas4free	openvpn[8598]: VERIFY OK: depth=0, C=NA, ST=None, L=None, O=Mullvad, CN=se4.mullvad.net, emailAddress=info@mullvad.net
May 17 15:51:59	nas4free	openvpn[8598]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
May 17 15:51:59	nas4free	openvpn[8598]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 17 15:51:59	nas4free	openvpn[8598]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
May 17 15:51:59	nas4free	openvpn[8598]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 17 15:51:59	nas4free	openvpn[8598]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
May 17 15:51:59	nas4free	openvpn[8598]: [se4.mullvad.net] Peer Connection Initiated with [AF_INET]193.138.219.227:1300
May 17 15:52:01	nas4free	openvpn[8598]: SENT CONTROL [se4.mullvad.net]: 'PUSH_REQUEST' (status=1)
May 17 15:52:02	nas4free	openvpn[8598]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fdfe:d671:bd23:72::1093/112 fdfe:d671:bd23:72::,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.114.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.114.0.1,topology subnet,ifconfig 10.114.0.149 255.255.0.0'
May 17 15:52:02	nas4free	openvpn[8598]: OPTIONS IMPORT: --ifconfig/up options modified
May 17 15:52:02	nas4free	openvpn[8598]: OPTIONS IMPORT: route options modified
May 17 15:52:02	nas4free	openvpn[8598]: OPTIONS IMPORT: route-related options modified
May 17 15:52:02	nas4free	openvpn[8598]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 17 15:52:02	nas4free	openvpn[8598]: ROUTE_GATEWAY 192.168.0.254
May 17 15:52:02	nas4free	openvpn[8598]: ROUTE6: default_gateway=UNDEF
May 17 15:52:02	nas4free	openvpn[8598]: TUN/TAP device /dev/tun0 opened
May 17 15:52:02	nas4free	kernel: tun0: link state changed to UP
May 17 15:52:02	nas4free	openvpn[8598]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
May 17 15:52:02	nas4free	openvpn[8598]: /sbin/ifconfig tun0 10.114.0.149 10.114.0.149 mtu 1500 netmask 255.255.0.0 up
May 17 15:52:02	nas4free	openvpn[8598]: /sbin/route add -net 10.114.0.0 10.114.0.149 255.255.0.0
May 17 15:52:02	nas4free	openvpn[8598]: /sbin/route add -net 193.138.219.227 192.168.0.254 255.255.255.255
May 17 15:52:02	nas4free	openvpn[8598]: /sbin/route add -net 0.0.0.0 10.114.0.1 128.0.0.0
May 17 15:52:02	nas4free	openvpn[8598]: /sbin/route add -net 128.0.0.0 10.114.0.1 128.0.0.0
May 17 15:52:02	nas4free	openvpn[8598]: add_route_ipv6(): not adding ::/2, no IPv6 on if tun0
May 17 15:52:02	nas4free	openvpn[8598]: add_route_ipv6(): not adding 4000::/2, no IPv6 on if tun0
May 17 15:52:02	nas4free	openvpn[8598]: add_route_ipv6(): not adding 8000::/2, no IPv6 on if tun0
May 17 15:52:02	nas4free	openvpn[8598]: add_route_ipv6(): not adding c000::/2, no IPv6 on if tun0
May 17 15:52:02	nas4free	openvpn[8598]: Initialization Sequence Completed

Et enfin pour terminer:

On va ds Système|Avancé|Scripts de commande et on rajoute les deux lignes suivantes en postinit:

Code: Select all

mkdir /mnt/openvpn
mount /dev/zvol/pool1/openvpn /mnt/openvpn
mount_unionfs -o w /mnt/openvpn/usr/ /usr/
mount_unionfs -o w /mnt/openvpn/var/ /var/
/usr/local/etc/rc.d/openvpn start /usr/local/etc/openvpn/openvpn.conf

Relancer le Nas

Pour tester votre ip

Code: Select all

pkg_add -rv curl

Et ensuite en ligne de commande

Code: Select all

curl ifconfig.me

Egalement:
télécharger le fichier de test ".torrent" situé sur le site "http://checkmytorrentip.net/" récupérable en cliquant sur "get it now".
Lancer le téléchargement avec transmission et l'ip sous laquelle vous êtes connecté apparait ... differente de l'ip de votre fournisseur internet bien sûr.

Enjoy it