VPN VM Setup

2020 (Buster)

KVM VM - Debian 10

  • Create VM: debian 10.3 netinst, 4 cpu, 10 gb hdd, 1024 mb ram
  • …in the VM…
  • 10 GB (ext4 - discard,noatime) root; remainder swap
  • no package usage survey; deselect all tasks
  • > /etc/motd
    apt-get --no-install-recommends install aptitude
    aptitude install ssh xauth-
    aptitude install net-tools man-db screen rsync psmisc patch strace tcpdump vim iputils-tracepath traceroute
    # installed by default: less, file, bzip2, xz-utils
    aptitude --without-recommends install dnsutils
    adduser tdobes adm
    adduser tdobes systemd-journal
    sed -i -e 's/"syntax on/syntax on/g' -e 's/"set background=dark/set background=dark/g' -e 's/"set showcmd/set showcmd/g' -e 's/"set showmatch/set showmatch/g' -e 's/"set ignorecase/set ignorecase/g' -e 's/"set smartcase/set smartcase/g' -e 's/"set incsearch/set incsearch/g' -e 's/"set autowrite/set autowrite/g' -e 's/"set hidden/set hidden/g' -e 's/"set mouse=a/set mouse=nic/g' -e 's/"au BufReadPost/au BufReadPost/g' /etc/vim/vimrc
    aptitude update && aptitude forget-new && aptitude full-upgrade
  • mkdir -p /etc/systemd/system/getty\@tty1.service.d
    echo '[Service]' > /etc/systemd/system/getty\@tty1.service.d/noclear.conf
    echo 'TTYVTDisallocate=no' >> /etc/systemd/system/getty\@tty1.service.d/noclear.conf
  • aptitude --without-recommends install unattended-upgrades
    echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
    dpkg-reconfigure -f noninteractive unattended-upgrades
  • aptitude install openvpn opensc-
    aptitude install dnsmasq
    aptitude install nload iperf iperf3
  • echo $'deb http://deb.debian.org/debian/ buster-backports main\ndeb-src http://deb.debian.org/debian/ buster-backports main' > /etc/apt/sources.list.d/backports.list
    aptitude update && aptitude forget-new
    aptitude install wireguard gnupg- sudo-

2014 (Jessie)

  • basic minimal Debian Jessie install (netinst alpha 1)
  • 10 GB logical volume - 10 GB root (discard,noatime), remaining swap
> /etc/motd
aptitude -> purge libboost-iostreams1.49.0
aptitude -> install systemd-sysv (tell it to remove sysvinit-core to resolve dependency)
reboot
aptitude -> install openssh-server (deselect xauth)
aptitude -> install psmisc screen less patch dnsutils lsof tcpdump time strace bzip2
aptitude -> install unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades

aptitude -> install dnsmasq
aptitude -> install openvpn (deselect opensc)
  • files in /etc/openvpn
  • files in /etc/dnsmasq.d
  • edit /etc/network/interfaces to enable ip masquerading for eth0
  • update /etc/resolv.conf and /etc/resolv.conf-dnsmasq and /etc/hosts-dnsmasq
echo net.ipv4.ip_forward=1 > /etc/sysctl.d/ip_forward.conf && sysctl --system
systemctl enable dnsmasq && systemctl start dnsmasq
/etc/init.d/openvpn start

TODO: Get OpenVPN running using systemd instead of init.d script. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700888

computer/vpn_vm_setup_notes.txt · Last modified: 2020/04/25 10:37 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS