Difference between revisions of "NAC Passby with Proxy"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) m Tag: visualeditor |
Rafahsolis (talk | contribs) Tag: visualeditor |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | === Platformed PC === | + | ===Platformed PC=== |
*Add an USB network adapter to the Platformed PC | *Add an USB network adapter to the Platformed PC | ||
| Line 7: | Line 7: | ||
*Create a scheduled task to start FreeProxy on startup (Administrator rights required) | *Create a scheduled task to start FreeProxy on startup (Administrator rights required) | ||
| − | === Raspberry Pi === | + | ===Raspberry Pi=== |
*Assign static IP to the Raspberry Pi via /etc/network/interfaces | *Assign static IP to the Raspberry Pi via /etc/network/interfaces | ||
| Line 15: | Line 15: | ||
**Must assign static IP to the platformed PC | **Must assign static IP to the platformed PC | ||
| − | === Physical Setup === | + | ===Physical Setup=== |
*Connect the DCHP server (Raspberry Pi), the Platformed PC (Added USB adapter) and the PCs that will use the SOCKS5 proxy to a switch | *Connect the DCHP server (Raspberry Pi), the Platformed PC (Added USB adapter) and the PCs that will use the SOCKS5 proxy to a switch | ||
| Line 22: | Line 22: | ||
<br /> | <br /> | ||
| − | == Configuration Files == | + | ==Configuration Files== |
| − | === Raspberry Pi === | + | ===Raspberry Pi=== |
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo apt update | sudo apt update | ||
| Line 32: | Line 32: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ==== /etc/network/interfaces ==== | + | ====/etc/network/interfaces==== |
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
source-directory /etc/network/interfaces.d | source-directory /etc/network/interfaces.d | ||
| Line 44: | Line 44: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ==== /etc/dhcp/dhcpd.conf ==== | + | ====/etc/dhcp/dhcpd.conf==== |
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
option domain-name "rra.lan"; | option domain-name "rra.lan"; | ||
| Line 82: | Line 82: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ==== /etc/default/isc-dhcp-server ==== | + | ====/etc/default/isc-dhcp-server==== |
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
INTERFACESv4="eth0" | INTERFACESv4="eth0" | ||
| Line 90: | Line 90: | ||
sudo systemctl enable isc-dhcp-server | sudo systemctl enable isc-dhcp-server | ||
sudo systemctl restart isc-dhcp-server | sudo systemctl restart isc-dhcp-server | ||
| + | |||
| + | </syntaxhighlight> | ||
| + | |||
| + | ===Platformed PC Free Proxy Configuration=== | ||
| + | [[File:FreeProxyConfiguration.png|thumb|alt=|center]] | ||
| + | |||
| + | === Client PC openvpn file === | ||
| + | <syntaxhighlight lang="text"> | ||
| + | dev tun | ||
| + | persist-tun | ||
| + | persist-key | ||
| + | cipher AES-256-CBC | ||
| + | ncp-ciphers AES-256-CBC | ||
| + | auth SHA512 | ||
| + | tls-client | ||
| + | client | ||
| + | resolv-retry infinite | ||
| + | lport 0 | ||
| + | socks-proxy 192.168.0.11 1080 | ||
| + | remote 20.1.43.10 1194 tcp | ||
| + | verify-x509-name "pfSenseOperaciones.rra.lan" name | ||
| + | auth-user-pass | ||
| + | remote-cert-tls server | ||
| + | ca "/PATHTO/CA/FreeIPACA.crt" | ||
| + | tls-crypt "/PATHTO/keys/pfSenseOperaciones-tls.key" 1 | ||
| + | cert "/PATHTO/certs/xeXXXXX.crt" | ||
| + | key "/PATHTO/keys/xeXXXXX.key" | ||
| + | auth-nocache | ||
| + | reneg-sec 0 | ||
| + | verb 2 | ||
| + | # auth-user-pass "/PATHTO/auth.txt" # Optional | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 10:48, 3 June 2019
Platformed PC[edit]
- Add an USB network adapter to the Platformed PC
- Install FreeProxy (Administrator rights required)
- Create a SOCKS5 Proxy (Administrator rights required)
- Create a scheduled task to start FreeProxy on startup (Administrator rights required)
Raspberry Pi[edit]
- Assign static IP to the Raspberry Pi via /etc/network/interfaces
- Install DHCP server
- Configure the DHCP server (Required because plataformed PC's wont let you set an IP)
- Must assign static IP to the platformed PC
Physical Setup[edit]
- Connect the DCHP server (Raspberry Pi), the Platformed PC (Added USB adapter) and the PCs that will use the SOCKS5 proxy to a switch
- Setup OpenVPN to use a SOCKS5 Proxy (socks-proxy 192.168.0.11 1080)
Configuration Files[edit]
Raspberry Pi[edit]
sudo apt update
sudo apt upgrade
sudo apt install proxychains dnsutils isc-dhcp-server
/etc/network/interfaces[edit]
source-directory /etc/network/interfaces.d
auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
gateaway 192.168.0.1
/etc/dhcp/dhcpd.conf[edit]
option domain-name "rra.lan";
option domain-name-servers 10.0.232.30, 8.8.8.8;
default-lease-time 60000000;
max-lease-time 720000000000;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
}
host dhcpi {
hardware ethernet d8:eb:97:b9:5e:77;
fixed-address 192.168.0.1;
}
host WF0006D3 {
hardware ethernet D8:EB:97:B6:B7:6A;
fixed-address 192.168.0.11;
}
host WF0006D3Rafa {
hardware ethernet ec:8e:b5:77:3e:e1;
fixed-address 192.168.0.2;
}
/etc/default/isc-dhcp-server[edit]
INTERFACESv4="eth0"
INTERFACESv6=""
Enable & estart isc-dhcp-server service
sudo systemctl enable isc-dhcp-server
sudo systemctl restart isc-dhcp-server
Platformed PC Free Proxy Configuration[edit]
Client PC openvpn file[edit]
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
lport 0
socks-proxy 192.168.0.11 1080
remote 20.1.43.10 1194 tcp
verify-x509-name "pfSenseOperaciones.rra.lan" name
auth-user-pass
remote-cert-tls server
ca "/PATHTO/CA/FreeIPACA.crt"
tls-crypt "/PATHTO/keys/pfSenseOperaciones-tls.key" 1
cert "/PATHTO/certs/xeXXXXX.crt"
key "/PATHTO/keys/xeXXXXX.key"
auth-nocache
reneg-sec 0
verb 2
# auth-user-pass "/PATHTO/auth.txt" # Optional