-
Notifications
You must be signed in to change notification settings - Fork 0
/
dotcubefiles.html
188 lines (170 loc) · 8.65 KB
/
dotcubefiles.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Internet Cube - Dot Cube Files</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="css/main.css" />
</head>
<body class="nojs">
<header>
<h1><span>Dot Cube</span> Files</h1>
</header>
<main>
<section id="what">
<h2><span>What is</span> a dot cube file?</h2>
<p>A <em>dot cube</em> file (e.g. <em>config.cube</em>) is a single configuration file containing all of the necessary settings and keys for connecting an <a href="http://internetcu.be">Internet Cube</a> to a remote VPN server. This file can be used on the web interface of <a href="https://github.com/labriqueinternet/vpnclient_ynh/">VPN Client</a>, under the <em>Automatic</em> tab. It should be provided ready to use, by the VPN access provider.</p>
<div class="pictures">
<img src="img/vpnclient-automatic.png" alt="Automatic Tab" /><br />
</div>
<p>A <em>dot cube</em> file is just a Json file. The following sections are intended to explain to VPN providers how to create <em>dot cube</em> files for their members.</p>
</section>
<section id="example">
<h2><span>Json</span> example</h2>
<pre>
{
"server_name": "vpn.ldn-fai.net",
"server_port": "1194",
"server_proto": "udp",
"ip6_net": "2001:db8:c42::",
"ip4_addr": "203.0.113.42",
"crt_server_ca": "-----BEGIN CERTIFICATE-----|MIIFFXAJjzZhAZJ+JHA<span>…</span>eRte6K|-----END CERTIFICATE-----",
"crt_client": "-----BEGIN CERTIFICATE-----|MIIFbUHHQjauIUoiUAA5ax<span>…</span>4T3As=|-----END CERTIFICATE-----",
"crt_client_key": "-----BEGIN PRIVATE KEY-----|MIIEvM/JsSAmledzvE<span>…</span>i8kAMj|-----END PRIVATE KEY-----",
"crt_client_ta": "",
"login_user": "",
"login_passphrase": "",
"dns0": "89.234.141.66",
"dns1": "2001:913::8",
"openvpn_rm": [ ],
"openvpn_add": [ "topology subnet" ]
}
</pre>
</section>
<section id="settings">
<h2><span>Json</span> settings</h2>
<table id="cubefilestable">
<tr>
<th class="cubekey">Key</th>
<th class="cubevalue">Value Type</th>
<th class="cuberequired">Required?</th>
<th class="cubecomment">Comment</th>
</tr>
<tr id="settings-server_name">
<td class="cubekey">server_name</td>
<td class="cubevalue">Domain name</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">Remote VPN server address</td>
</tr>
<tr id="settings-server_port">
<td class="cubekey">server_port</td>
<td class="cubevalue">Port number</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">Remote VPN server port</td>
</tr>
<tr id="settings-server_proto">
<td class="cubekey">server_proto</td>
<td class="cubevalue">"udp" or "tcp"</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">L4 protocol to use</td>
</tr>
<tr id="settings-ip6_net">
<td class="cubekey">ip6_net</td>
<td class="cubevalue">IPv6 network address</td>
<td class="cuberequired cubeoptional">Optional</td>
<td class="cubecomment">IPv6 delegated prefix (please, provide IPv6 to your members)</td>
</tr>
<tr id="settings-ip4_addr">
<td class="cubekey">ip4_addr</td>
<td class="cubevalue">IPv4 address</td>
<td class="cuberequired cubeoptional">Recommended</td>
<td class="cubecomment">Static IPv4 address (highly recommended for enabling the <a href="https://install.internetcu.be">HyperCube service</a> to generate DNS configurations)</td>
</tr>
<tr id="settings-crt_server_ca">
<td class="cubekey">crt_server_ca</td>
<td class="cubevalue">ASCII certificate (new lines replaced by pipes)</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">Public server CA (.crt)</td>
</tr>
<tr id="settings-crt_client">
<td class="cubekey">crt_client</td>
<td class="cubevalue">ASCII certificate (new lines replaced by pipes)</td>
<td class="cuberequired cubeoptional">Optional (required if <em>crt_client_key</em> is defined)</td>
<td class="cubecomment">Public client certificate (.crt)</td>
</tr>
<tr id="settings-crt_client_key">
<td class="cubekey">crt_client_key</td>
<td class="cubevalue">ASCII certificate (new lines replaced by pipes)</td>
<td class="cuberequired cubeoptional">Optional (required if <em>crt_client</em> is defined)</td>
<td class="cubecomment">Private client certificate (.key)</td>
</tr>
<tr id="settings-crt_client_ta">
<td class="cubekey">crt_client_ta</td>
<td class="cubevalue">ASCII certificate (new lines replaced by pipes)</td>
<td class="cuberequired cubeoptional">Optional</td>
<td class="cubecomment">Shared-secret (ta.key)</td>
</tr>
<tr id="settings-login_user">
<td class="cubekey">login_user</td>
<td class="cubevalue">Username</td>
<td class="cuberequired cubeoptional">Optional (required if <em>login_passphrase</em> is defined)</td>
<td class="cubecomment">Username</td>
</tr>
<tr id="settings-login_passphrase">
<td class="cubekey">login_passphrase</td>
<td class="cubevalue">Passphrase</td>
<td class="cuberequired cubeoptional">Optional (required if <em>login_user</em> is defined)</td>
<td class="cubecomment">Password</td>
</tr>
<tr id="settings-dns0">
<td class="cubekey">dns0</td>
<td class="cubevalue">IPv6 or IPv4 address</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">First public DNS resolver (will be set on the host)</td>
</tr>
<tr id="settings-dns1">
<td class="cubekey">dns1</td>
<td class="cubevalue">IPv6 or IPv4 address</td>
<td class="cuberequired cuberequired">Required</td>
<td class="cubecomment">Second public DNS resolver (will be set on the host)</td>
</tr>
<tr id="settings-openvpn_rm">
<td class="cubekey">openvpn_rm</td>
<td class="cubevalue">Array of strings or PCRE regexes</td>
<td class="cuberequired cubeoptional">Optional</td>
<td class="cubecomment">OpenVPN options to remove from the <a href="https://github.com/labriqueinternet/vpnclient_ynh/blob/master/conf/openvpn_client.conf.tpl">default configuration</a> (remove all lines containing one of the strings/regexes — non case-sensitive)</td>
</tr>
<tr id="settings-openvpn_add">
<td class="cubekey">openvpn_add</td>
<td class="cubevalue">Array of "key value" pairs</td>
<td class="cuberequired cubeoptional">Optional</td>
<td class="cubecomment">OpenVPN options to add to the <a href="https://github.com/labriqueinternet/vpnclient_ynh/blob/master/conf/openvpn_client.conf.tpl">default configuration</a></td>
</tr>
</table>
<p>
<strong>Note<sup>1</sup>:</strong> You have to define either a public/private certificates couple, either a user/passphrase couple, either both.<br />
<strong>Note<sup>2</sup>:</strong> You also have to set the same <em>IPv6 Delegated Prefix</em> in the web interface of <a href="https://github.com/labriqueinternet/hotspot_ynh/">Wifi Hotspot</a>, for delivering IPv6 to wifi clients.
</p>
</section>
<section id="cli">
<h2><span>Command</span>-line</h2>
<p>VPN Client can be configured with a <em>dot cube</em> file, directly in command-line:</p>
<pre>
% ynh-vpnclient-loadcubefile.sh -h
-u YunoHost username (user with permissions on VPN Client)
-p User password
-c Dot cube file path
-h This help
% ynh-vpnclient-loadcubefile.sh -u jdoe -p AAaxRjLAyU4CU -c /tmp/config.cube
[VPN] Configuration updated and service successfully reloaded
</pre>
<p>The script <em>ynh-vpnclient-loadcubefile.sh</em> is provided with VPN Client.</p>
<p>The user <em>jdoe:AAaxRjLAyU4CU</em> must be a valid YunoHost user (SSO), allowed to access to the VPN Client web interface. When Wifi Hotspot is detected and if there is only one SSID defined, the <em>IPv6 Delegated Prefix</em> is also configured for this SSID and Wifi Hotspot is restarted.</p>
</section>
</main>
<footer>
<a href="http://internetcu.be">Internet Cube</a>
</footer>
<script type="text/javascript" src="js/main.js"></script>
</body>
</html>