Documentation
Project Niflheim
Clients configuration
Set up the connection in Linux

Set up the connection in Linux

1. Configure IPSEC

Install the required packages

There are commands for installing IPSEC packages for different versions of Linux. Below is a list of the commands for the other distributions.

Ubuntu

Use the following command to install the IPSEC package on Ubuntu:

sudo apt-get install strongswan libstrongswan-standard-plugins

RHEL-based

Use the following command to install the IPSEC package on Rhel based:

dnf install epel-release
dnf install strongswan

Configuring the IPSEC connection

1.1 First of all, the user needs to copy the following files from the VPN server to their Linux client:

  • /opt/niflheim/configs/<external_ip>/ipsec/.pki/certs/<user_name>.crt to /etc/ipsec.d/certs
  • /opt/niflheim/configs/<external_ip>/ipsec/.pki/private/<user_name>.key to /etc/ipsec.d/private
  • /opt/niflheim/configs/<external_ip>/ipsec/manual/cacert.pem to /etc/ipsec.d/cacerts

Add the <user_name>.key file to /etc/ipsec.secrets in the following format:

1.2 The next step is to update IPSEC . This is done by adding <user_name>.key to /etc/ipsec.secrets:

<external_ip> : ECDSA <user_name>.key

1.3. Add the configuration from the file /opt/niflheim/configs/<external_ip>/ipsec/manual/<user_name>.conf to /etc/ipsec.conffile.

1.4 IPSEC must be restarted with the following command:

sudo ipsec restart

The following command is used to connect to the network:

sudo ipsec up <tunnel_name>

The next command is used to disconnect from the network:

sudo ipsec down <tunnel_name>

2. Configuring WireGuard Clien

Install the required packages

2.1 First of all, the Wireguard Client must be installed according to the official documentation .

2.2 To get the configuration file, the user needs to perform the following steps:

  • Connect to the virtual machine via ssh;
  • Navigate to the /opt/niflheim/configs/<external_ip> directory;
  • Copy the configuration file wireguard/<user_name>.conf to their computer.

Setting up

After the user has copied the configuration file, they need to configure the client.

2.3. It is required to copy the configuration file taken from the server to the correct folder by executing the following command:

cp <user_name>.conf /etc/wireguard/wg0.conf

2.4 The WireGuard client must be started by running the following command:

sudo systemctl start wg-quick@wg0

2.5 If desired, you can add the client to the startup by executing the following command:

sudo systemctl enable wg-quick@wg0
Clients configurationSetting up a connection in MacOs