tips:vpn:galileo [Galileo Labs]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.
====== VPN Galileo ======

VPN PPTP/L2TP:
  * indirizzo server concentratore: vpn1.csgalileo.org
  * username e password

<code>
yay -S networkmanager-l2tp networkmanager-strongswan
</code>

aggiungere vpn L2TP

{{ :tips:vpn:vpn01.png?400 |}}

{{ :tips:vpn:vpn02.png?400 |}}

{{ :tips:vpn:vpn03.png?400 |}}

====== pptp manual ======

<file ini /etc/NetworkManager/system-connections/galileo.nmconnection>
[connection]
id=galileo
uuid=97852b85-b57b-4b38-9687-d919f2820e57
type=vpn
autoconnect=false
permissions=user:scipio:;
timestamp=1623922800

[vpn]
gateway=94.230.76.2
mru=1400
mtu=1400
password-flags=0
user=xxx
user-auth-type=password
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password=xxx

[ipv4]
dns-search=
ignore-auto-dns=true
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=disabled

[proxy]

</file>

<code>
chmod 600 /etc/NetworkManager/system-connections/galileo.nmconnection
</code>

change:
   * permissions=user:scipio:; (this is local linux user)
   * user=xxx
   * password=xxx



====== pptp GUI ======

Installare il package networkmanager-pptp

Aggiungere una VPN pptp

{{:tips:vpn:vpn_1.png?400|}}

{{ :tips:vpn:ptpp-galileo.png |}}

===== galileo openvpn =====

Server certificate
<file txt ca.crt>
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIIK+uSMAP/qZcwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UE
AwwRQ0EtVlBOQ09OQy1NRVVDQ0kwHhcNMjEwNzE1MTAxOTQwWhcNMjIwNzE1MTAx
OTQwWjAcMRowGAYDVQQDDBFDQS1WUE5DT05DLU1FVUNDSTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMpvDbQaXdZ670pKiI/b5WuQa3iXxr7A9Z37Yk82
5ezrDlDpG2fzX1L7VHFwP9ICxWl5f4D54k9tf4BjSdkSprCNGZy7m6jjub/6KAQu
Ogqys//Ngd8izPAWVT7DT34z5rH8uuSbM/ZpZa+W0AQEQQi3NkVL7il1dN6vBZYZ
KDynF9xoWgrFNOjnzBB+/dJE/sz6Xz+HGhfMf8sQPg2BpOhjJNaQ+V3giRlGMQEA
r6hUwrOIYe0/fcP148eFl8pReAMwcw+Ngv3IV53iZq/DrJAWKwWwdwR4gevskVvz
UeFulcgrXN0W+lGM1JWwSwMlCR5E8Q8u/Y2l35rxl4UE7NECAwEAAaOBmTCBljAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGP2aPxrh
8UwB4OCsmtunMwXwdjYwLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovLzk0LjIzMC43
Ni4yL2NybC8xNC5jcmwwJAYJYIZIAYb4QgENBBcWFUdlbmVyYXRlZCBieSBSb3V0
ZXJPUzANBgkqhkiG9w0BAQsFAAOCAQEAJ/9cl1glKLuvHHDXmnz17+bH5ZAWOR7g
KMjY1P2b9eK08mAAq4+Gp8/N/suiMBN6hA+WHtzbPYurXZgm1tAlI2kZE0XdLtig
o2rJ3Z24E/MuxxPGhNQe+l1Qx4v9Cp5Q98NIZh9Hl5KEV4ZvInvXbVxlzOSz+KN3
R9fWzZrV9KWOWfLXvPF4n/nLyVL702VDgpPaMmrShIOTOfbh9OGcJ/IYDo5FN0C0
vO0dg/IddWkJ0LDQLB78MXP6gXrXRhhSCosnASJyoFbX7C+2ouXDMzjDUH/bZbPI
ilkuUqzSXarAg4LqxShPRxfSnX2kUP6IXsDeonX/UwmzrztRd+QZ2w==
-----END CERTIFICATE-----
</file>

==== GUI ====
ubuntu 
<code bash>
sudo apt install network-manager-openvpn-gnome
sudo service network-manager restart
</code>

arch: pacman -S networkmanager-openvpn

add VPN connection with network manager GUI:
  * type: openvpn
  * gateway: **vpn1.csgalileo.org**
  * user: <user>
  * pass: <pass>
  * CA certificate: <ca.crt>
  * in advanced settings check **"Use TCP connection"**
  * in route add 10.0.0.0/8 and 185.91.188.0/25

==== Console ====

<code bash>
sudo apt install openvpn
</code>

<file txt auth.cfg>
<user>
<pass>
</file>

<file txt openvpn.conf>
client
dev tun
proto tcp-client
remote vpn1.csgalileo.org
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cert_export_CA-VPNCONC-MEUCCI.crt
cert cert_export_client-VPNCONC-MEUCCI-adalcason.crt
key cert_export_client-VPNCONC-MEUCCI-adalcason.key
verb 1
mute 20
auth SHA1
auth-user-pass login.conf
cipher AES-256-CBC
;cipher AES-256-GCM
auth-retry interact
;route-gateway 172.22.22.1
route 10.0.0.0 255.0.0.0
route 172.16.0.0 255.240.0.0
route 94.230.77.0 255.255.255.0
route 94.230.78.0 255.255.255.0
route 94.230.79.0 255.255.255.0
route 109.104.240.0 255.255.252.0
route 185.91.188.0 255.255.252.0
#log-append log.txt
askpass chiave.config

providers legacy default
data-ciphers-fallback BF-CBC
compat-mode 2.3.18

</file>

<file txt go>
sudo openvpn --config openvpn.conf
</file>

Connect with 
<code bash>
./go
</code>

==== Winzozz ====

<file txt c:\Program Files\OpenVPN\config\auth_galileo.cfg>
username
password
</file>

<file txt c:\Program Files\OpenVPN\config\galileo.ovpn>
client
dev tun
proto tcp-client
remote-cert-tls server

remote vpn.csgalileo.org 1194
route 10.0.0.0 255.0.0.0 vpn_gateway 3
route 185.91.188.0 255.255.255.0 vpn_gateway 3

resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass auth_galileo.cfg
script-security 3
<ca>
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIJAKI/infDrLAoMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
VQQGEwJJVDELMAkGA1UECBMCVlIxDzANBgNVBAcTBlZlcm9uYTEQMA4GA1UEChMH
R2FsaWxlbzEQMA4GA1UECxMHR2FsaWxlbzETMBEGA1UEAxMKR2FsaWxlbyBDQTEQ
MA4GA1UEKRMHRWFzeVJTQTEtMCsGCSqGSIb3DQEJARYec3RlZmFuby5zY2lwaW9u
aUBjc2dhbGlsZW8ub3JnMB4XDTE3MDMyMjE1MDQ0NFoXDTI3MDMyMDE1MDQ0NFow
gaUxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJWUjEPMA0GA1UEBxMGVmVyb25hMRAw
DgYDVQQKEwdHYWxpbGVvMRAwDgYDVQQLEwdHYWxpbGVvMRMwEQYDVQQDEwpHYWxp
bGVvIENBMRAwDgYDVQQpEwdFYXN5UlNBMS0wKwYJKoZIhvcNAQkBFh5zdGVmYW5v
LnNjaXBpb25pQGNzZ2FsaWxlby5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDgxKb1DORrR5kZhTz1oj4ronvQaU8oyBc71y5oxp70XwIEQkW+87WT
lgfeT8fwqec6KIjQr6SJOhMmIDphYifN1gwseJ4rtLf33WZOsWgWNOeLjxcn354g
M26pWJt3ETP3THUu4dK4Y6T7t7dFJiaIZ0jRg15EIKHsfMZDYRtcl5Sc0EBw4G32
TndnWsy+vJRocM0zkniuDnNnI1GJh3MOLK+/nskOAJO22+vmYJcE3fMsjho2zJgB
qUteWn5pBZm91Q2KQa5W5OQYVNPA4wbopQHxhhEXGDDwm+iQsqjBQVK39TQDwBGS
foMxbPZwr17pJGbhhHGVNm8DP+XnTltFAgMBAAGjggEOMIIBCjAdBgNVHQ4EFgQU
6kM1PEOCDJ+cqiazQu70mrXni+AwgdoGA1UdIwSB0jCBz4AU6kM1PEOCDJ+cqiaz
Qu70mrXni+ChgaukgagwgaUxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJWUjEPMA0G
A1UEBxMGVmVyb25hMRAwDgYDVQQKEwdHYWxpbGVvMRAwDgYDVQQLEwdHYWxpbGVv
MRMwEQYDVQQDEwpHYWxpbGVvIENBMRAwDgYDVQQpEwdFYXN5UlNBMS0wKwYJKoZI
hvcNAQkBFh5zdGVmYW5vLnNjaXBpb25pQGNzZ2FsaWxlby5vcmeCCQCiP4p3w6yw
KDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAYkF8O1NFJD0G5bJNn
hy4R7qStYnbELKFosI1KJ4Oz+ibYZxAOCOyURpacJq9NPYAS/P8SA4lHDjhe3ZIq
kNGq1ZxCHIsGWhagHFDHru2ct4nKtyEFSAzzy7UAnQITeTBZkEjDENWncdb41+VA
fJRoM8O1kj3+Kn0Zpwn126pp8/at3oyC4RMXM2FEztege5J93ZfogW/MuNyL4Jlv
iCGKzo/9UtjUGiHbuxUv7SimWYB4OAhrYR1t0sMLLJU7Bu012PEmxeyK6G1zJuBC
3/YQ9xlWkXlbp1E03OvBMCRp1AnJRsznZATBB4xnJ55ZPG6tEqCVS72j2fKMnCa2
vlW7
-----END CERTIFICATE-----
</ca>
</file>

===== Lavagno =====

<file txt lavagno.pem>
-----BEGIN CERTIFICATE-----
MIIGATCCA+mgAwIBAgIJALHdThMpwfEhMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
VQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDzANBgNVBAcMBlZlcm9uYTEXMBUGA1UE
CgwOQ29tdW5lIExhdmFnbm8xHjAcBgNVBAMMFWxhdmFnbm8uY3NnYWxpbGVvLm9y
ZzEtMCsGCSqGSIb3DQEJARYec3RlZmFuby5zY2lwaW9uaUBjc2dhbGlsZW8ub3Jn
MB4XDTE3MDIwODEzMDEzN1oXDTI3MDIwNjEzMDEzN1owgZYxCzAJBgNVBAYTAklU
MQ4wDAYDVQQIDAVJdGFseTEPMA0GA1UEBwwGVmVyb25hMRcwFQYDVQQKDA5Db211
bmUgTGF2YWdubzEeMBwGA1UEAwwVbGF2YWduby5jc2dhbGlsZW8ub3JnMS0wKwYJ
KoZIhvcNAQkBFh5zdGVmYW5vLnNjaXBpb25pQGNzZ2FsaWxlby5vcmcwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCysUSjvroVYifgpS2Yc5q97GzlFUZw
9Fu04IZqrVXE8Mz8hsCsaGql0MmeMo7Y4TFL9gb6IvAv655mCRY3l3KzRzcyg94f
g4VB2SqjU3DhDtzZBUrBWo1v9P5oidftxVQbyUrrRJ6QUhlj4Ue1BZWUNd8ViTO9
xtnxUb8bz9XPxsf+GUajpA4w2cRGMX3N537dSYujcwSEsRTYndJubPDKcVJ6/3db
olH6Y3pB4o/K9/MttOGwRmeJIMsgxFxV/qhlEXQxNrwZOd9dpZvs83JOz+mHdd9j
36IBScGNQRHz+UcSOuek7YlgsP/bxiEOra1D22ZdE0620fMfXoupNEV1B/4CgmhS
IOTpJcRjKfPHmfpOpbDcIgw3QEmXcrW9K/sXihk5c7vN2mbiUyWtO6/Ihc8xmlUt
8Ilgvh1KSQ02IN9iObv4KAxL5dVZXmtku6H9LG6UfX/QxCg4/LH2RzwZcO0Al35R
3zn7FyOUKnvWrUuG/0hIiCoS4AgpTTIc9DCI5bA/YksOn8vz1SIklZ/vkjJ4LuxF
JkBgBCVl4b8ohOXR5Ecq1Q3Ai1AR/8n4b9ho50wqhioekRSQ6WjHLLn9XYQrEdCN
PXxulxnK7eiQtYD6Zn5A8MSvmfqUQ80QQsbMgO5YUt0lMxSX6qbZnItF76KYWSbD
72PFSDV24Lrg3wIDAQABo1AwTjAdBgNVHQ4EFgQUDke3u6KNfH6n+1S0wmUmWsB8
h18wHwYDVR0jBBgwFoAUDke3u6KNfH6n+1S0wmUmWsB8h18wDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAgEArtRfwcY2gER3s8uABZBWte0o5QMDVnbFxWdk
TE1knyOmhUj4tLvOs+sEjP4DHQRnKPpL86tccn3Z4ydS5mKNbbq1mNaslzvl66Zr
fdhExA3uahUexo8wJ8BXL3b7YdQ/AP6kIh2eZOslptj+BKzqQKgFKy9mqdv9jXM/
cseT6+zdt258u8dSSGDrBj/87f1HTUYt1wcjcN0g8l5v0x0YrcsjyBw/i6hkVZWy
bkByUTzuQSEJNZZwv7SHIDlZlXml0Sw1EoucrmxZAB2EsRLQfivbl536a711mgr8
DNof7+ttWpFBFb+U+G1ipDNhiBiAkhLJMSL7vB5JHcu/YLUgZiVXzOmD1YI812PJ
wECaqp7VfbdNb9kzkpTMTAZqtWg60h1wq+zS094VkNTvSO/Dy8dtukA3BMkI/bwY
fLAfq78Miu6KglFmJF2VSifxW7zynNIVe0DtXGmUOR16FKJfdwNxTZpmMZnPviRz
YNmyA6A0gwPolKfwEFsRth0oKdQyZqyOZeriKoHBOWXkDH26MqMBlNMAzPodORbK
YrXpcmIEOYSwJnMtW+rqfniH5mCYvq/SU+csDZr7uWgSMcY3im40f30JJ+ndYyig
aBZVSFSow2dELbQdqo1aA/JR1hUk05NExE6KAIc4JNrMzD4b4HxMPcc/yuYLKDb3
Hd9TG/E=
-----END CERTIFICATE-----
</file>

add VPN connection with network manager GUI:
  * type: openvpn
  * gateway: **lavagno.csgalileo.org**
  * user: galileo
  * pass: <pass>
  * CA certificate: <lavagno.pem>
  * in advanced settings check **"Use TCP connection"**