Black keyboard

This page assumes you are familiar with the basic configuration of freelan and that you know how to generate client certificates.

This page doesn't list all the possible types of configurations at the moment. If you want to achieve a particular goal, you can ask your questions on the users mailing-list.

Sorry for the inconvenience. this page will be completed in the future.

List of the examples


Two hosts

This section explains how to configure freelan to allow two hosts, alice and bob to communicate with one-another.

Context

Alice and Bob both run a computer at their respective homes. They both have a NAT router that connects them to the Internet.

They would like to establish a VPN tunnel between their computers to exchange securely pictures of lolcats.

Alice is running a Windows Seven computer. Her public Internet hostname is alice.someisp.com. To higher the chances of avoiding NAT issues, she has set-up a NAT port-forwarding on her router that redirects 12000/UDP to 12000/UDP on her computer.

Bob is running Debian Linux. His public Internet hostname is bob.someotherisp.com. To higher the chances of avoiding NAT issues, he has set-up a NAT port-forwarding on his router that redirects 30000/UDP to 12000/UDP on his computer.

Alice and Bob agreed that that alice should have the address 9.0.0.1 inside the VPN tunnel and that Bob should have 9.0.0.2.

Alice is in charge of the certificate authority. She signed Bob's certificate and gave him the CA certificate file. They generated the following files:

Alice's configuration

For clarity's sake, all the default comments and unused options were removed from the configuration.

[fscp]
listen_on=0.0.0.0:12000
contact=bob.someotherisp.com:30000
cipher_capability=aes256-gcm

[tap_adapter]
ipv4_address_prefix_length=9.0.0.1/24
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24

[security]
signature_certificate_file="C:\Program Files\Freelan\config\alice.crt"
signature_private_key_file="C:\Program Files\Freelan\config\alice.key"
authority_certificate_file="C:\Program Files\Freelan\config\ca.crt"

Bob's configuration

For clarity's sake, all the default comments and unused options were removed from the configuration.

[fscp]
listen_on=0.0.0.0:12000
contact=alice.someisp.com:12000
cipher_capability=aes256-gcm

[tap_adapter]
ipv4_address_prefix_length=9.0.0.2/24
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24

[security]
signature_certificate_file=/home/bob/.freelan/bob.crt
signature_private_key_file=/home/bob/.freelan/bob.key
authority_certificate_file=/home/bob/.freelan/ca.crt

Back to top

December 2017, Julien Kauffmann - Generated with Flask.

Fork me on GitHub