{% extends 'pages/_install_base.html' %}
{% load i18n %}
{% load dltags %}

{% block pagetitle %}
    {% trans "Install on Linux" %}
{% endblock %}

{% block wireguard_import %}
    {% blocktrans trimmed %}
        Place the configuration file in <code>/etc/wireguard</code>.
    {% endblocktrans %}
    <br />
    {% trans "Then, start it with the following command:" %}
    <code class="codeblock">
        sudo wg-quick ccvpn-fr up
    </code>
{% endblock %}
{% block wireguard_activate %}
    {% trans "You can check your IP address by refreshing this page (or opening it on the device) and looking at the bottom."%}
{% endblock %}


{% block openvpn_outer %}
<div class="install-section content-box">
    <h3>{% trans "With OpenVPN and NetworkManager" %}</h3>
    <p>
        <a href="https://www.openvpn.net/">OpenVPN<i class="fa fa-external-link external-link"></i></a>
        {% blocktrans trimmed %}
            is an older VPN protocol and software, still considered secure and one of the best VPN protocols available.
        {% endblocktrans %}
        {% blocktrans trimmed %}
            This guide focuses on its integration with NetworkManager.
            If you are not using NetworkManager, skip to the next guide.
        {% endblocktrans %}
    </p>
    <hr />
    <div class="install-instructions">
        <ol>
            <li>
                {% trans "Install the required packages:" %}
                <ul>
                    <li>
                        <em>Debian:</em>
                        <code>sudo apt-get install openvpn resolvconf network-manager-openvpn network-manager-openvpn-gnome</code>
                    </li>
                    <li>
                        <em>Fedora:</em>
                        <code>sudo yum install openvpn networkmanager-openvpn</code>
                    </li>
                    <li>
                        <em>Arch:</em>
                        <code>sudo pacman -S openvpn networkmanager-openvpn</code>
                    </li>
                </ul>
            </li>
            <li>
                {% trans "You will also need our CA certificate, available here:" %} <a href="https://vpn.ccrypto.org/ca.crt">https://vpn.ccrypto.org/ca.crt</a>
                <br />
                {% blocktrans trimmed %}
                    You can right click on that link and save the file, it will be required to connect.
                {% endblocktrans %}
            </li>
            <li>
                {% trans "Create a new connection and choose the type <em>OpenVPN</em>." %}
            </li>
            <li>
                {% trans "You will need to fill in the following VPN configuration:" %}
                <ul>
                <li>
                    <strong>{% trans "Tab VPN" %}</strong>
                    <ul>
                    <li><strong>{% trans "Gateway" %}</strong>:
                        {% blocktrans trimmed with url="/status" gw="gw.random.204vpn.net" %}
                            Pick one in the <a href="{{url}}">server list</a>,
                            or <code>{{gw}}</code> for a random server.
                        {% endblocktrans %}
                    </li>
                    <li><strong>{% trans "Type" %}</strong>: <em>{% trans "Password" %}</em></li>
                    <li><strong>{% trans "User name and Password" %}</strong>: {% trans "The same as on this site." %}</li>
                    <li><strong>{% trans "CA certificate" %}</strong>: {% trans "The ca.crt file downloaded in the previous step." %}</li>
                    </ul>
                </li>
                <li>
                    <strong>{% trans "Tab VPN, click on Advanced, then the first General tab" %}</strong>
                    <ul>
                    <li><strong>{% trans "Use custom gateway port" %}</strong>: {% trans "It should be <em>checked</em> and set to <em>1196</em>." %}</li>
                    <li><strong>{% trans "Use a TCP connection" %}</strong>: {% trans "It should be <em>unchecked</em> to use the fastest UDP mode." %}
                        {% trans "If you have issues connecting, you can try setting the port to <em>443</em> and checking this option." %}</li>
                    <li><strong>{% trans "Randomize remote hosts" %}</strong>: {% trans "It should be <em>checked</em>." %}</li>
                    <li><strong>{% trans "IPv6 tun link" %}</strong>: {% trans "It should be checked unless you get IPv6-related issues." %}</li>
                    </ul>
                </li>
                </ul>
            </li>
            <li>
                {% trans "Save the new connection and connect to it." %}
            </li>
        </ol>
    </div>
</div>

<div class="install-section content-box">
    <h3>{% trans "With OpenVPN and systemd" %}</h3>
    <div class="install-instructions">
        <ol>
            <li>
                {% trans "Install the required packages:" %}
                <ul>
                    <li>
                        <em>Debian:</em>
                        <code>sudo apt-get install openvpn resolvconf</code>
                    </li>
                    <li>
                        <em>Fedora:</em>
                        <code>sudo yum install openvpn</code>
                    </li>
                    <li>
                        <em>Arch:</em>
                        <code>sudo pacman -S openvpn openresolv</code>
                    </li>
                </ul>
            </li>
            <li>
                {% trans "You will also need our CA certificate, available here:" %} <a href="https://vpn.ccrypto.org/ca.crt">https://vpn.ccrypto.org/ca.crt</a>
                <br />
                {% blocktrans trimmed %}
                    You can right click on that link and save the file or wget it later, it will be required to connect.
                {% endblocktrans %}
            </li>
            <li>
                {% blocktrans trimmed %}
                    In <a href="/account/config">your account</a>, download a .ovpn configuration file,
                    and copy it into <code>/etc/openvpn</code> with a .conf extension.<br />
                    Keep the name simple, as it will be used in a systemd service name.
                {% endblocktrans %}
                <br />
                {% blocktrans trimmed %}
                    If you downloaded multiple config files as an archive, extract it so that
                    the individual .ovpn files are directly in the <code>/etc/openvpn</code> folder,
                    and rename them to .conf.
                {% endblocktrans %}
            </li>
            <li>
                {% trans "Start the OpenVPN services:" %}
                <code class="codeblock">
                    sudo systemctl start openvpn@ccrypto-fr.service
                </code>
            </li>
            <li>
                <em>{% trans "(Optional) Save your username and password:" %}</em><br />
                <ul>
                    <li>
                        {% blocktrans trimmed %}
                            Create a text file in <code>/etc/openvpn</code> containing your username and password on two lines as follows:
                        {% endblocktrans %}
                        <code class="codeblock">Alice<br />p4ssw0rd</code>
                    </li>
                    <li>
                        {% blocktrans trimmed %}
                        For additional security, only allow root to access this file:
                        {% endblocktrans %}
                        <code class="codeblock">
                            sudo chown root:root /path/to/the/file.txt
                            sudo chmod 600 /path/to/the/file.txt
                        </code>
                    </li>
                    <li>
                        {% blocktrans trimmed %}
                            Then, open the .conf file with a text editor (nano, vim, gedit, ...)
                            and add this line at the end of the file:
                        {% endblocktrans %}
                        <code class="codeblock">auth-user-pass /path/to/the/file.txt</code>
                    </li>
                    <li>
                        {% trans "Reconnect and it should not ask for your password." %}
                    </li>
                    <li>
                        {% trans "To start it on boot, use this:" %}
                        <code class="codeblock">
                            sudo systemctl enable openvpn@ccrypto-fr.service
                        </code>
                    </li>
                </ul>
            </li>
        </ol>
    </div>
</div>
{% endblock %}