{"id":1177,"date":"2017-12-16T17:21:32","date_gmt":"2017-12-16T23:21:32","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=1177"},"modified":"2017-12-16T17:21:32","modified_gmt":"2017-12-16T23:21:32","slug":"oci-vpn-server-pritunl-for-clients","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/oci-vpn-server-pritunl-for-clients\/","title":{"rendered":"OCI VPN Server PriTunl for clients"},"content":{"rendered":"

Sometimes you need more than a bastion for reaching your cloud resources. Bastions are great for SSH and RDP tunneling but really more limited to admins and administration. Of course site to site can be solved with OCI CPE and tunnels between colo\/client networks. <\/p>\n

There are several options for VPN servers and I use LibreSwan for testing site to site OCI tenancy VPN tunnels. LibreSwan could also work in a case of many users needing access to cloud resources but it is not easy to administer users etc.<\/p>\n

So this time I tried a product called pritunl ( https:\/\/pritunl.com\/ )<\/p>\n

You should be able to use normal OpenVPN and I think even IPsec clients to connect. Pritunl also provide clients but ideally you should just be able to use anything generic.<\/p>\n

Admin can easily add users and send an import file which includes your cert etc.. For me this worked well under Linux just using the generic network manager openvpn plugin but I need to verify Windows and Macs also.<\/p>\n

https:\/\/docs.pritunl.com\/docs\/installation<\/p>\n

\r\n$ sudo -s\r\n# tee -a \/etc\/yum.repos.d\/mongodb-org-3.4.repo << EOF\r\n> [mongodb-org-3.4]\r\n> name=MongoDB Repository\r\n> baseurl=https:\/\/repo.mongodb.org\/yum\/redhat\/7\/mongodb-org\/3.4\/x86_64\/\r\n> gpgcheck=1\r\n> enabled=1\r\n> gpgkey=https:\/\/www.mongodb.org\/static\/pgp\/server-3.4.asc\r\n> EOF\r\n[mongodb-org-3.4]\r\nname=MongoDB Repository\r\nbaseurl=https:\/\/repo.mongodb.org\/yum\/redhat\/7\/mongodb-org\/3.4\/x86_64\/\r\ngpgcheck=1\r\nenabled=1\r\ngpgkey=https:\/\/www.mongodb.org\/static\/pgp\/server-3.4.asc\r\n\r\n# tee -a \/etc\/yum.repos.d\/pritunl.repo << EOF\r\n> [pritunl]\r\n> name=Pritunl Repository\r\n> baseurl=https:\/\/repo.pritunl.com\/stable\/yum\/centos\/7\/\r\n> gpgcheck=1\r\n> enabled=1\r\n> EOF\r\n[pritunl]\r\nname=Pritunl Repository\r\nbaseurl=https:\/\/repo.pritunl.com\/stable\/yum\/centos\/7\/\r\ngpgcheck=1\r\nenabled=1\r\n\r\n# yum -y install epel-release\r\n[snip]\r\nComplete!\r\n\r\n# grep disabled \/etc\/selinux\/config \r\n#     disabled - No SELinux policy is loaded.\r\nSELINUX=disabled\r\n\r\n# gpg --keyserver hkp:\/\/keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A\r\n# gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp\r\n# yum -y install pritunl mongodb-org\r\n\r\n# systemctl start mongod pritunl\r\n# systemctl enable mongod pritunl\r\nCreated symlink from \/etc\/systemd\/system\/multi-user.target.wants\/pritunl.service to \/etc\/systemd\/system\/pritunl.service.\r\n<\/pre>\n
Connect to web interface...<\/p>\n
\r\n# firewall-cmd --zone=public --permanent --add-port=12991\/udp\r\nsuccess\r\n# systemctl restart firewalld\r\n<\/pre>\n
On VPN Server Removed 0.0.0.0\/0 route and add 10.1.0.0\/16
\nInstall network-manager-openvpn on my Linux desktop and import file exported on vpn server
\nConnect to VPN server<\/p>\n
\r\n# ping 10.1.1.7\r\nPING 10.1.1.7 (10.1.1.7) 56(84) bytes of data.\r\n64 bytes from 10.1.1.7: icmp_seq=1 ttl=63 time=46.4 ms\r\n\r\n$ ssh -I \/media\/ssh-keys\/OBMCS opc@10.1.1.7\r\nLast login: Fri Dec 15 16:50:24 2017\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Sometimes you need more than a bastion for reaching your cloud resources. Bastions are great for SSH and RDP tunneling<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,36,89,20],"tags":[],"class_list":["post-1177","post","type-post","status-publish","format-standard","hentry","category-oci","category-oracle","category-oracle-bare-metal-cloud-services","category-vpn"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1177"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1177\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}