2024-06-10 23:11:46 +02:00
|
|
|
"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[8156],{8697:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>c,contentTitle:()=>i,default:()=>h,frontMatter:()=>t,metadata:()=>a,toc:()=>d});var r=s(5893),o=s(1151);const t={sidebar_label:"VPN"},i="zrok VPN Guide",a={id:"guides/vpn/vpn",title:"zrok VPN Guide",description:"zrok VPN backend allows for simple host-to-host VPN setup.",source:"@site/../docs/guides/vpn/vpn.md",sourceDirName:"guides/vpn",slug:"/guides/vpn/",permalink:"/docs/guides/vpn/",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/vpn/vpn.md",tags:[],version:"current",frontMatter:{sidebar_label:"VPN"},sidebar:"tutorialSidebar",previous:{title:"The Drives CLI",permalink:"/docs/guides/drives/cli"}},c={},d=[{value:"Starting VPN server",id:"starting-vpn-server",level:2},{value:"VPN share reservation",id:"vpn-share-reservation",level:2},{value:"Accessing VPN share",id:"accessing-vpn-share",level:2}];function l(e){const n={code:"code",h1:"h1",h2:"h2",img:"img",p:"p",pre:"pre",...(0,o.a)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(n.h1,{id:"zrok-vpn-guide",children:"zrok VPN Guide"}),"\n",(0,r.jsx)(n.p,{children:"zrok VPN backend allows for simple host-to-host VPN setup."}),"\n",(0,r.jsx)(n.h2,{id:"starting-vpn-server",children:"Starting VPN server"}),"\n",(0,r.jsxs)(n.p,{children:["VPN is shared through the ",(0,r.jsx)(n.code,{children:"vpn"})," backend of ",(0,r.jsx)(n.code,{children:"zrok"})," command."]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"eugene@hermes $ sudo -E zrok share private --headless --backend-mode vpn\n[ 0.542] INFO sdk-golang/ziti.(*listenerManager).createSessionWithBackoff: {session token=[589d443c-f59d-4fc8-8c48-76609b7fb402]} new service session\n[ 0.705] INFO main.(*sharePrivateCommand).run: allow other to access your share with the following command:\nzrok access private 3rq7torslq3n\n[ 0.705] INFO zrok/endpoints/vpn.(*Backend).Run: started\n"})}),"\n",(0,r.jsx)(n.p,{children:(0,r.jsx)(n.img,{alt:"VPN share",src:s(4283).Z+"",width:"1626",height:"1314"})}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.code,{children:"sudo"})," or equivalent invocation is required because VPN mode needs to create a virtual network device (",(0,r.jsx)(n.code,{children:"tun"}),")\n",(0,r.jsx)(n.code,{children:"-E"})," option allows ",(0,r.jsx)(n.code,{children:"zrok"})," to find your zrok configuration files (in your ",(0,r.jsx)(n.code,{children:"$HOME/.zrok"}),")"]}),"\n",(0,r.jsxs)(n.p,{children:["By default ",(0,r.jsx)(n.code,{children:"vpn"})," backend uses subnet ",(0,r.jsx)(n.code,{children:"10.122.0.0/16"})," and assigns ",(0,r.jsx)(n.code,{children:"10.122.0.1"})," to the host that stared VPN share."]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"$ ifconfig\ntun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 16384\n inet 10.122.0.1 netmask 255.255.0.0 destination 10.122.0.1\n inet6 fe80::705f:24e4:dcfc:a6b2 prefixlen 64 scopeid 0x20<link>\n inet6 fd00:7a72:6f6b::1 prefixlen 64 scopeid 0x0<global>\n unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)\n RX packets 0 bytes 0 (0.0 B)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 27 bytes 3236 (3.2 KB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n"})}),"\n",(0,r.jsxs)(n.p,{children:["Default IP/subnet setting can be overridden by adding ",(0,r.jsx)(n.code,{children:"<target>"})," parameter:"]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"$ sudo -E zrok share private --headless --backend-mode vpn 192.168.42.12/24\n"})}),"\n",(0,r.jsx)(n.h2,{id:"vpn-share-reservation",children:"VPN share reservation"}),"\n",(0,r.jsx)(n.p,{children:"Share reservation works the same as with other backend types:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"eugene@hermes $ zrok reserve private -b vpn\n[ 0.297] INFO main.(*reserveCommand).run: your reserved share token is 'k77y2cl7jmjl'\n\
|
