From 5c086bc52fa3a226bcf706b1f420a5d98ea377dd Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Wed, 15 Dec 2021 10:45:58 +0100
Subject: Redo most of the blog in Hugo

Missing posts will have to be added later
---
 src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md | 211 ------------------------
 1 file changed, 211 deletions(-)
 delete mode 100644 src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md

(limited to 'src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md')

diff --git a/src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md b/src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md
deleted file mode 100644
index 74446b0..0000000
--- a/src/_posts/2016-10-25-setup-a-vpn-with-cjdns.md
+++ /dev/null
@@ -1,211 +0,0 @@
----
-title: Setup a VPN with cjdns
-date: 2016-10-25 08:00:34
-tags: Tutorial VPN cjdns GNU+Linux FreeBSD
-layout: post
-authors:
-  - ["Patrick Spek", "http://tyil.work"]
----
-
-In this tutorial I will outline a simple setup for a [VPN][vpn] using
-[`cjdns`][cjdns]. Cjdns will allow you to setup a secure mesh vpn which uses
-IPv6 internally.
-
-## Requirements
-For this tutorial, I have used two client machines, both running Funtoo. A
-FreeBSD 11 server is used as a global connection point.
-
-You are ofcourse able to use any other OS or distro supported by cjdns, but you
-may have to update some steps to work on your environment in that case.
-
-## Installation of the server
-### Dependencies
-Before you can begin, we need some dependencies. There's only two of those, and
-they are available via `pkg` to make it even easier. Install them as follows:
-
-{% highlight sh %}
-pkg install gmake node
-{% endhighlight %}
-
-### Compiling
-Next up is getting the cjdns sources and compile these, as cjdns is not
-available as a prebuilt package:
-
-{% highlight sh %}
-mkdir -p ~/.local/src
-cd $_
-git clone https://github.com/cjdelisle/cjdns.git cjdns
-cd $_
-./do
-{% endhighlight %}
-
-To make the compiled binary available system-wide so we can use it with a
-system service, copy it to `/usr/local/bin` and rehash to make it available as
-a direct command:
-
-{% highlight sh %}
-cp cjdroute /usr/local/bin/.
-hash -r
-{% endhighlight %}
-
-### Configuring
-Cjdns provides a flag to generate the initial configuration. This will provide
-you with some sane defaults where only a couple of small changes are needed to
-make it work properly. Generate these defaults with `--genconf`:
-
-{% highlight sh %}
-(umask 177 && cjdroute --genconf > /usr/local/etc/cjdroute.conf)
-{% endhighlight %}
-
-The umask will make all following commands write files using `600` permissions.
-This makes sure the config file is not readable by people who shouldn't be able
-to read it. Be sure to check wether the owner of the file is `root`!
-
-Now you can start actually configuring the node to allow incoming connections.
-You have to find the `authorizedPasswords` array in the `cjdroute.conf` file
-and remove the contents of it. Then you can add your own machines in it. This
-guide follows the assumption of two clients, so the config for two clients will
-be shown here. You can add more clients if you wish, ofcourse.
-
-{% highlight json %}
-"authorizedPasswords":
-[
-    {"password": "aeQu6pa4Vuecai3iebah7ogeiShaeDaepha6Mae1yooThoF0oa0Eetha9oox", "user": "client_1"},
-    {"password": "aiweequuthohkahx4tahLohPiezee9OhweiShoNeephe0iekai2jo9Toorah", "user": "client_2"},
-]
-{% endhighlight %}
-
-If you need to generate a password, you can make use of the tool `pwgen`,
-available at your local package manager. You can then generate new passwords by
-running `pwgen 60 -1`. Change the `60` around if you want passwords of a
-different size.
-
-### Adding a startup service
-rcinit has deceptively easy scripts to make applications available as services.
-This in turn allows you to enable a service at startup. This way you can make
-sure cjdns starts whenever the server boots. You can copy the following
-contents directly into `/usr/local/etc/rc.d/cjdroute`:
-
-{% highlight sh %}
-#! /bin/sh
-
-# PROVIDE: cjdroute
-# KEYWORD: shutdown
-
-#
-# Add the following lines to /etc/rc.conf to enable cjdroute:
-#
-#cjdroute_enable="YES"
-
-. /etc/rc.subr
-
-name="cjdroute"
-rcvar="cjdroute_enable"
-
-load_rc_config $name
-
-: ${cjdroute_config:=/usr/local/etc/cjdroute.conf}
-
-command="/usr/local/bin/cjdroute"
-command_args=" < ${cjdroute_config}"
-
-run_rc_command "$1"
-{% endhighlight %}
-
-Afterwards, you must enable the service in `/etc/rc.conf.local` like follows:
-
-{% highlight sh %}
-echo 'cjdroute_enable="YES"' >> /etc/rc.conf.local
-{% endhighlight %}
-
-## Installation of the clients
-### Dependencies
-The dependencies are still on `gmake` and `node`, so simply install those on
-your clients. This guide assumes using Funtoo for the clients, so installation
-would go as follows:
-
-{% highlight sh %}
-emerge gmake nodejs
-{% endhighlight %}
-
-### Compiling
-Compilation is the same as for the server, so check back there for more
-information if you have already forgotten.
-
-### Configuring
-Generating the base configuration is again done using `cjdroute --genconf`,
-just like on the server. On Funtoo, config files generally reside in `/etc`
-instead of `/usr/local/etc`, so you should set the filepath you write the
-configuration to accordingly:
-
-{% highlight sh %}
-cjdroute --genconf > /etc/cjdroute.conf
-{% endhighlight %}
-
-Setting up the connections differs as well, as the clients are going to make an
-outbound connection to the server, which is configured to accept inbound
-connections.
-
-You should still clean the `authorizedPasswords` array, as it comes with a
-default entry that is uncommented.
-
-Now you can setup outbound connections on the clients. You set these up in the
-`connectTo` block of `cjdroute.conf`. For this example, the IP 192.168.1.1 is
-used to denote the server IP. Unsurprisingly, you should change this to your
-server's actual IP. You can find the `publicKey` value at the top of your
-server's `cjdroute.conf` file.
-
-On client 1, put the following in your `cjdroute.conf`:
-
-{% highlight json %}
-"connectTo":
-{
-	"192.168.1.1:9416":
-	{
-		"login": "client_1",
-		"password": "aeQu6pa4Vuecai3iebah7ogeiShaeDaepha6Mae1yooThoF0oa0Eetha9oox",
-		"publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
-	}
-}
-{% endhighlight %}
-
-On client 2:
-
-{% highlight json %}
-"connectTo":
-{
-	"192.168.1.1:9416":
-	{
-		"login": "client_2",
-		"password": "aiweequuthohkahx4tahLohPiezee9OhweiShoNeephe0iekai2jo9Toorah",
-		"publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
-	}
-}
-{% endhighlight %}
-
-That is all for configuring the nodes.
-
-### Adding a startup service
-You probably want cjdroute to run at system startup so you can immediatly use
-your VPN. For openrc based systems, such as Funtoo, cjdns comes with a ready to
-use service script. To make this available to your system, copy it over to the
-right directory:
-
-{% highlight sh %}
-cp ~/.local/src/cjdns/contrib/openrc/cjdns /etc/init.d/cjdroute
-{% endhighlight %}
-
-Now add the service to system startup and start the service:
-
-{% highlight sh %}
-rc-update add cjdroute default
-rc-service cjdroute start
-{% endhighlight %}
-
-That should be sufficient to get cjdns up and running for an encrypted VPN. You
-can find the IPs of each of your systems at the top of your `cjdroute.conf`
-files, in the `ipv6` attribute.
-
-[cjdns]: https://github.com/cjdelisle/cjdns
-[vpn]: https://en.wikipedia.org/wiki/Virtual_private_network
-
-- 
cgit v1.1