Changes between Version 12 and Version 13 of HLKTesting


Ignore:
Timestamp:
05/03/19 09:37:23 (5 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HLKTesting

    v12 v13  
    5353= OpenVPN setup for HLK =
    5454
     55== Overview ==
     56
    5557The "Run tests" in HLK fail consistently unless the tap-windows6 adapter has an IPv6 gateway address. This can be resolved by installing an OpenVPN server and joining all HLK clients connect to it. Launching OpenVPN client on the HLK client creates an instance of tap-windows6 adapter on the system with proper IPv6 gateway address.
    5658
    57 Use the latest available OpenVPN and generate certificates and keys with [https://github.com/OpenVPN/easy-rsa/ EasyRSA 3] for example.
     59Overview of the steps:
     60
     61* Install the latest OpenVPN 2.x on OpenVPN (Linux) server
     62* Install the latest OpenVPN 2.x on the HLK clients
     63* Install test-signed (to-be-HLK-tested) tap-windows6 driver on the HLK clients
     64* Generate certificates and keys for OpenVPN with [https://github.com/OpenVPN/easy-rsa/ EasyRSA 3] and "openvpn --genkey"
     65* Create and install configs for OpenVPN server and clients with embedded keys/certificates
     66* Ensure that OpenVPN is enabled and running on server and clients
     67* Verify OpenVPN connectivity
     68
     69== OpenVPN configuration files ==
    5870
    5971OpenVPN server configuration is fairly simple:
     
    135147}}}
    136148
     149== Enable OpenVPN on server and clients ==
     150
     151Once OpenVPN server and clients are configured properly make sure that OpenVPN is running and automatically starts on boot. On OpenVPN (Linux) server you'd do
     152
     153{{{
     154$ systemctl enable openvpn-server@hlk
     155$ systemctl start openvpn-server@hlk
     156}}}
     157
     158On OpenVPN clients you'd do this from an administrator Powershell session:
     159
     160{{{
     161PS> Set-Service OpenVPNService -StartupType Automatic -Status Running
     162}}}
     163
     164== Testing OpenVPN connectivity ==
     165
     166Assuming the above OpenVPN config you can very correct OpenVPN / tap-windows6 operation easily:
     167
     168* Verify that the TAP adapter has an IPv6 address (e.g. using ipconfig)
     169* Ensure that the HLK client can ping the following VPN server addresses:
     170 * 10.218.112.1
     171 * 2001:db8:6666::2
     172
    137173= Firewall rules for HLK server and clients =
    138174