curveprotect software (experimental)

SECURE VPN WITH CURVECP AS TRANSPORT LAYER

VPN client configuration

use administration interface:

  • http://127.10.10.10/vpn.dynhtml
  • VPN server configuration

    Replace domain, IP, extension, CurveCP key directory with Your domain, IP, extension, CurveCP key directory.

  • domain vpn.mojzis.com
  • IP 31.31.73.154
  • port 1009
  • extension 00000000000000000000000000000000
  • CurveCP key in directory /etc/vpn/key

  • prerequisites:

  • install daemontools
  • install curveprotect
  • as a root create user vpn:

    /opt/curveprotect/sbin/_creategroup vpn
    /opt/curveprotect/sbin/_createuser vpn vpn
      

    as a root create VPN directory and configure:

    /opt/curveprotect/bin/vpn-conf vpn /etc/vpn /etc/vpn/key
    /opt/curveprotect/bin/curvecpmakekey /etc/vpn/key
    echo "31.31.73.154" > /etc/vpn/env/IP
    echo "1009" > /etc/vpn/env/PORT
    echo "00000000000000000000000000000000" > /etc/vpn/env/EXTENSION
    echo "vpn.mojzis.com" > /etc/vpn/env/NAME
      

    as a root tell svscan about the new services and use svstat to check that the service is up:

    ln -s /etc/vpn /service/vpn
    sleep 5
    svstat /service/vpn
      

    insert the key and the extension into the DNS record:

  • how-to do is found here
  • as a root configure VPN database and create data.cdb:

  • VPN data file format is found here
  • cd /etc/vpn/root
    vi data
    make