API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 6th, 2022
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.87 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2. Firewall -> Aliases -> view [ add a new alias ]
  3. [ Type ] Network
  4. [ Name ] N_LOCALNETS
  5. [ Description ] All local Networks
  6. [ Aliases ]
  7. 192.168.x.x/XX (your local networks)
  8. [SAVE]
  9. [ add a new alias ]
  10. [ Type ] Network
  11. [ Name ] N_VPNUSER
  12. [ Description ] All Hosts/Networks that should use VPN
  13. [ Aliases ]
  14. 192.168.x.x/32 (your hosts or networks that should use VPN)
  15. [SAVE]
  16. [ add a new alias ]
  17. [ Type ] Hosts
  18. [ Name ] H_ALLOWED_DNS
  19. [ Description ] allowed DNS Server
  20. [ Aliases ]
  21. 10.4.0.1
  22. 10.5.0.1
  23. 10.30.0.1
  24. 10.50.0.1
  25. [SAVE]
  26. [ add a new alias ]
  27. [ Type ] Ports
  28. [ Name ] P_MS_CIFS_SMB
  29. [ Description ] block some MS ports
  30. [ Aliases ]
  31. 137
  32. 138
  33. 139
  34. 445
  35. [SAVE]
  36.  
  37. ####################################################################
  38. Firewall -> NAT -> Outbound
  39. [X] Manual outbound NAT rule generation
  40. ## change the rest later
  41. ####################################################################
  42. System -> Trust -> Authorities [ Add or import CA ]
  43. [ Descriptive name ] AIRVPN CA
  44. [ Method ] import an existing
  45. [ Certificate data ]
  46. -----BEGIN CERTIFICATE-----
  47. <ca> section from .ovpn config
  48. -----END CERTIFICATE-----
  49. [SAVE]
  50. ####################################################################
  51. System -> Trust -> Certificates [ add or import certificate ]
  52. [ Method ] import an existing
  53. [ Descriptive name ] AIRVPN Client Auth
  54. [ Certificate data ]
  55. -----BEGIN CERTIFICATE-----
  56. <cert> section from .ovpn config
  57. -----END CERTIFICATE-----
  58.  
  59. [ Private key data ]
  60. -----BEGIN RSA PRIVATE KEY-----
  61. <key> section from .ovpn config
  62. -----END RSA PRIVATE KEY-----
  63. [SAVE]
  64. ####################################################################
  65. VPN -> OpenVPN -> Clients:
  66. [ Server Mode ] Peer to Peer (SSL/TLS)
  67. [ Protocol ] UDP (or TCP)
  68. [ Device mode ] tun
  69. [ Interface ] WAN
  70. [ Server host ] nl.vpn.airdns.org (or whatever region you like)
  71. [ Server port ] 443 ( alternative 53/80/1194 )
  72. [ Server host name resoltion ] [X]
  73. [ Description ] AIRVPN1
  74.  
  75. [ TLS Authentication ] [X] enable authentication
  76. [ ] automatically generate
  77. #
  78. # 2048 bit OpenVPN static key
  79. #
  80. -----BEGIN OpenVPN Static key V1-----
  81. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  82. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  83. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  84. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  85. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  86. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  87. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  88. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  89. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  90. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  91. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  92. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  93. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  94. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  95. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  96. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  97. -----END OpenVPN Static key V1-----
  98.  
  99. [ Peer Certificate Authority ] AIRVPN CA
  100. [ Client Certificate ] AIRVPN Client Auth
  101. [ Encryption algorithm ] AES-256-CBC (256 bit key, 128 bit block)
  102. [ Auth Digest algorithm ] SHA1 (160bit)
  103. [ Hardware Crypto ] No Hardware (AESNI is automatic)
  104. [ Compression ] Disabled
  105. [ Disable IPv6 ] [X]
  106.  
  107. [ Advanced ]
  108. mssfix 1379; ## try to hide OpenVPN
  109. fast-io; ## only for UDP
  110. explicit-exit-notify 4; ## only UDP
  111. server-poll-timeout 10;
  112. key-direction 1;
  113. key-method 2;
  114. keysize 256;
  115. prng SHA512 64;
  116. remote-cert-tls server;
  117. tls-version-min 1.2;
  118. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384;
  119. reneg-sec 3600;
  120. route 0.0.0.0 192.0.0.0 net_gateway
  121. route 64.0.0.0 192.0.0.0 net_gateway
  122. route 128.0.0.0 192.0.0.0 net_gateway
  123. route 192.0.0.0 192.0.0.0 net_gateway
  124.  
  125. [SAVE]
  126. ####################################################################
  127. VPN -> OpenVPN -> Clients: [ AIRVPN1 -> clone ]
  128. [ Server host ] use a different server
  129. [ Server port ] use a different Port ( IMPORTANT for different IP Pool https://airvpn.org/specs/ )
  130. [ Description ] AIRVPN2
  131. [SAVE]
  132.  
  133. ####################################################################
  134. Interfaces -> Assignments
  135. New interface: ovpnc1 [ + ] (could be different if you have an openvpn server / use the last two)
  136. New interface: ovpnc2 [ + ]
  137. [ OPTx ]
  138. [ Enable ] [x]
  139. [ Descriptition ] AIRVPN1
  140. [ Block bogon networks ] [x]
  141. [SAVE]
  142. [ OPTx ]
  143. [ Enable ] [x]
  144. [ Descriptition ] AIRVPN2
  145. [ Block bogon networks ] [x]
  146. [SAVE]
  147. ####################################################################
  148. System -> Gateways -> All
  149. [ AIRVPN1_VPNV6 ]
  150. [ Disabled ] [x]
  151.  
  152. [ AIRVPN2_VPNV6 ]
  153. [ Disabled ] [x]
  154.  
  155. [ AIRVPN1_VPNV4 ]
  156. [ Disabled Gatetway Monitoring ] [ ] uncheck
  157.  
  158. [ AIRVPN2_VPNV4 ]
  159. [ Disabled Gatetway Monitoring ] [ ] uncheck
  160.  
  161. ####################################################################
  162. System -> Gateways -> Group [ Add group ]
  163. [ Group Name ] GRP_AIRVPN
  164. [ Gateway Priority ]
  165. [ AIRVPN1_VPNV4 ] [ Tier 1 ]
  166. [ AIRVPN2_VPNV4 ] [ Tier 1 ]
  167. [ Trigger Level ] Packet Loss or High Latency
  168. [ Description ] GRP_AIRVPN Loadbalance
  169. [SAVE]
  170. [ Add group ]
  171. [ Group Name ] GRP_AIRVPN_1_2
  172. [ Gateway Priority ]
  173. [ AIRVPN1_VPNV4 ] [ Tier 1 ]
  174. [ AIRVPN2_VPNV4 ] [ Tier 2 ]
  175. [ Trigger Level ] Packet Loss or High Latency
  176. [ Description ] GRP_AIRVPN Failover 1 -> 2
  177. [SAVE]
  178.  
  179. [ Add group ]
  180. [ Group Name ] GRP_AIRVPN_2_1
  181. [ Gateway Priority ]
  182. [ AIRVPN1_VPNV4 ] [ Tier 2 ]
  183. [ AIRVPN2_VPNV4 ] [ Tier 1 ]
  184. [ Trigger Level ] Packet Loss or High Latency
  185. [ Description ] GRP_AIRVPN Failover 2 -> 1
  186. [SAVE]
  187.  
  188. ####################################################################
  189. Firewall -> Settings -> Advanced
  190. [ Skip rules ] [x] Skip rules when gateway is down (IMPORTANT)
  191. [ Sticky connections] [x] Use sticky connections (for loadbalance group)
  192. ####################################################################
  193. Firewall -> NAT -> Outbound
  194. [+]
  195. [ Interface ] AIRVPN1
  196. [ TCP/IP Version ] IPv4
  197. [ Protocol ] any
  198. [ Source address ] N_LOCALNETS
  199. [ Destination invert ] [X]
  200. [ Destination address ] N_LOCALNETS
  201. [ Translation/target ] Interface address
  202. [SAVE]
  203. [ AIRVPN1 ] [CLONE]
  204. [ Interface ] AIRVPN2
  205. [SAVE]
  206. ####################################################################
  207. Firewall -> Rules -> LAN (or whatever interface you want to force traffic to VPN /
  208. repeat for other internal interfaces or group them and use the rules on the group interface )
  209. [+]
  210. [ Action ] block
  211. [ Interface ] LAN (or LANGROUP)
  212. [ TCP/IP Version ] IPv4
  213. [ Protocol ] TCP/UDP
  214. [ Source ] N_VPNUSER
  215. [ Destination invert ] [X]
  216. [ Destination ] N_LOCALNETS
  217. [ Destination portrange] P_MS_CIFS_SMB
  218. [ Description ] Block MS CIFS/SMB
  219. [ Gateway ] GRP_AIRVPN (load balance)
  220. [SAVE]
  221. [+]
  222. [ Action ] pass
  223. [ Interface ] LAN (or LANGROUP)
  224. [ TCP/IP Version ] IPv4
  225. [ Protocol ] TCP/UDP
  226. [ Source ] N_VPNUSER
  227. [ Destination ] H_ALLOWED_DNS
  228. [ Destination portrange] DNS DNS
  229. [ Description ] Allow traffic to allowed DNS Server
  230. [ Gateway ] GRP_AIRVPN (load balance)
  231. [SAVE]
  232. [+]
  233. [ Action ] pass
  234. [ Interface ] LAN (or LANGROUP)
  235. [ TCP/IP Version ] IPv4
  236. [ Protocol ] any
  237. [ Source ] N_VPNUSER
  238. [ Destination invert ] [X]
  239. [ Destination ] N_LOCALNETS
  240. [ Description ] force traffic over VPN
  241. [ Gateway ] GRP_AIRVPN (load balance)
  242. [SAVE]
  243. ####################################################################
  244. Firewall -> NAT -> Port Forward
  245. [ Interface ] LAN (or LANGROUP)
  246. [ TCP/IP Version ] IPv4
  247. [ Protocol ] TCP/UDP
  248. [ Source ] N_VPNUSER
  249. [ Destination invert ] [X]
  250. [ Destination ] H_ALLOWED_DNS
  251. [ Destination portrange] DNS DNS
  252. [ Redirect Target ] single Host or Network
  253. 10.5.0.1 (or any other from the allowed DNS)
  254. [ Redirect Target Port ] DNS
  255. [ Descriptiton ] redirect all DNS to allowed DNS
  256. [SAVE]
  257.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!