Settings for RiVPN to access the Internet from a remote server - RiV-chain/RiVPN GitHub Wiki
RiVPN-manual
Settings for RiVPN to access the Internet from a remote server via the RiV-mesh/Yggdrasil network.
The first thing to do is to install RiVPN on your PC and on the remote server. We will skip that in this tutorial.
Configuration of a Windows PC
C:\ProgramData\RiV-mesh
.
:black_square_button: 1. Go to: Open file mesh.conf
with any text editor and copy the public key of our PC to the clipboard.
# Your public key. Your peers may ask you for this to put
# into their AllowedPublicKeys configuration.
PublicKey: your public key here
/etc/mesh.conf
.
:black_square_button: 2. On the remote server, go to Open the file and copy the PublicKey
of the server, it is located in the same block as the first step
:black_square_button: 3. Back to the Windows PC
In the config file mesh.conf
, scroll to the very bottom to the block FeaturesConfig
.
Here starts the fun part :)
Copy this block and paste it into your config, edit it under your PublicKey
`` values
FeaturesConfig:
{
TunnelRouting:
{
# Enable or disable tunnel routing.
Enable: true
# IPv6 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... }
IPv6RemoteSubnets: {}
# IPv4 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "a.b.c.d/e": "boxpubkey", ... }
IPv4RemoteSubnets:
{
# Example: "0.0.0.0/0": 0000205555011e30fc72d3d6220e316cf2fce7ddadd63935ab58511f383c1bb4
"0.0.0.0/0": the PublicKey of your remote server, which we already copied in step 2.
}
}
}
Save the config via a text editor and in the task manager stop the ``Mesh'' service with the description of the RiV-mesh Service
:black_square_button: 4. Edit the registry
Open the registry editor by pressing Win + R
and type regedit
there, then press enter and enter the registry editor
In the registry editor, go to Computer/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters in which we are interested in the option IPEnableRouter.
Set the value of this parameter to 0
and press OK to apply the changes
This completes configuring RiVPN client mode under Windows OS.
Remote server configuration
FeaturesConfig
block
:black_square_button: 1. Configure the Before configuring it, you need to know the IPv4 address given by RiVPN on a Windows PC. To do this, go to cmd
and enter there the command ipconfig
, search for the RiVPN interface and copy the IPv4 address, which starts with 10.x.x.x
in my example is 10.145.145.145
If you see an IPv4 address that has a 0 at the end, such as 10.145.145.0, 10.145.145.10 you will need to change your public and private key on the PC, this can be done through the yggdrasil IP address miner - https://notabug.org/acetone/SimpleYggGen-CPP This is a bug in RiVPN at the time of writing this tutorial, it will be fixed later.
In this block on the server side you need to insert this piece of configuration:
FeaturesConfig:
{
TunnelRouting:
{
# Enable or disable tunnel routing.
Enable: true
# IPv6 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... }
IPv6RemoteSubnets: {}
# IPv4 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "a.b.c.d/e": "boxpubkey", ... }
IPv4RemoteSubnets: {
"10.145.145.145/32": PublicKey of your Windows PC
}
}
}
Save the file and stop the service with the command service mesh stop
.
:black_square_button: 2. Setting up iptables
In order to connect to the internet through a remote server we need to configure NAT. For this purpose we run following commands:
$ ufw route allow in on tun0 out on eth0
$ iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
$ ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
:black_square_button: 3. Switching on the forwarding
Open the config at the path /etc/sysctl.conf
, scroll to the bottom and add a line with this content:
net.ipv4.ip_forward=1
.
After that, save the file and apply the changes with sudo sysctl -p
.
This completes the configuration, start the RiVPN service.