You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

190 lines
8.5 KiB
HTML

{% extends 'pages/_install_base.html' %}
{% load i18n %}
{% load dltags %}
{% block pagetitle %}
{% trans "Install on Linux" %}
{% endblock %}
{% block wireguard_import %}
{% blocktrans trimmed %}
Place the configuration file in <code>/etc/wireguard</code>.
{% endblocktrans %}
<br />
{% trans "Then, start it with the following command:" %}
<code class="codeblock">
sudo wg-quick ccvpn-fr up
</code>
{% endblock %}
{% block wireguard_activate %}
{% trans "You can check your IP address by refreshing this page (or opening it on the device) and looking at the bottom."%}
{% endblock %}
{% block openvpn_outer %}
<div class="install-section content-box">
<h3>{% trans "With OpenVPN and NetworkManager" %}</h3>
<p>
<a href="https://www.openvpn.net/">OpenVPN<i class="fa fa-external-link external-link"></i></a>
{% blocktrans trimmed %}
is an older VPN protocol and software, still considered secure and one of the best VPN protocols available.
{% endblocktrans %}
{% blocktrans trimmed %}
This guide focuses on its integration with NetworkManager.
If you are not using NetworkManager, skip to the next guide.
{% endblocktrans %}
</p>
<hr />
<div class="install-instructions">
<ol>
<li>
{% trans "Install the required packages:" %}
<ul>
<li>
<em>Debian:</em>
<code>sudo apt-get install openvpn resolvconf network-manager-openvpn network-manager-openvpn-gnome</code>
</li>
<li>
<em>Fedora:</em>
<code>sudo yum install openvpn networkmanager-openvpn</code>
</li>
<li>
<em>Arch:</em>
<code>sudo pacman -S openvpn networkmanager-openvpn</code>
</li>
</ul>
</li>
<li>
{% trans "You will also need our CA certificate, available here:" %} <a href="https://vpn.ccrypto.org/ca.crt">https://vpn.ccrypto.org/ca.crt</a>
<br />
{% blocktrans trimmed %}
You can right click on that link and save the file, it will be required to connect.
{% endblocktrans %}
</li>
<li>
{% trans "Create a new connection and choose the type <em>OpenVPN</em>." %}
</li>
<li>
{% trans "You will need to fill in the following VPN configuration:" %}
<ul>
<li>
<strong>{% trans "Tab VPN" %}</strong>
<ul>
<li><strong>{% trans "Gateway" %}</strong>:
{% blocktrans trimmed with url="/status" gw="gw.random.204vpn.net" %}
Pick one in the <a href="{{url}}">server list</a>,
or <code>{{gw}}</code> for a random server.
{% endblocktrans %}
</li>
<li><strong>{% trans "Type" %}</strong>: <em>{% trans "Password" %}</em></li>
<li><strong>{% trans "User name and Password" %}</strong>: {% trans "The same as on this site." %}</li>
<li><strong>{% trans "CA certificate" %}</strong>: {% trans "The ca.crt file downloaded in the previous step." %}</li>
</ul>
</li>
<li>
<strong>{% trans "Tab VPN, click on Advanced, then the first General tab" %}</strong>
<ul>
<li><strong>{% trans "Use custom gateway port" %}</strong>: {% trans "It should be <em>checked</em> and set to <em>1196</em>." %}</li>
<li><strong>{% trans "Use a TCP connection" %}</strong>: {% trans "It should be <em>unchecked</em> to use the fastest UDP mode." %}
{% trans "If you have issues connecting, you can try setting the port to <em>443</em> and checking this option." %}</li>
<li><strong>{% trans "Randomize remote hosts" %}</strong>: {% trans "It should be <em>checked</em>." %}</li>
<li><strong>{% trans "IPv6 tun link" %}</strong>: {% trans "It should be checked unless you get IPv6-related issues." %}</li>
</ul>
</li>
</ul>
</li>
<li>
{% trans "Save the new connection and connect to it." %}
</li>
</ol>
</div>
</div>
<div class="install-section content-box">
<h3>{% trans "With OpenVPN and systemd" %}</h3>
<div class="install-instructions">
<ol>
<li>
{% trans "Install the required packages:" %}
<ul>
<li>
<em>Debian:</em>
<code>sudo apt-get install openvpn resolvconf</code>
</li>
<li>
<em>Fedora:</em>
<code>sudo yum install openvpn</code>
</li>
<li>
<em>Arch:</em>
<code>sudo pacman -S openvpn openresolv</code>
</li>
</ul>
</li>
<li>
{% trans "You will also need our CA certificate, available here:" %} <a href="https://vpn.ccrypto.org/ca.crt">https://vpn.ccrypto.org/ca.crt</a>
<br />
{% blocktrans trimmed %}
You can right click on that link and save the file or wget it later, it will be required to connect.
{% endblocktrans %}
</li>
<li>
{% blocktrans trimmed %}
In <a href="/account/config">your account</a>, download a .ovpn configuration file,
and copy it into <code>/etc/openvpn</code> with a .conf extension.<br />
Keep the name simple, as it will be used in a systemd service name.
{% endblocktrans %}
<br />
{% blocktrans trimmed %}
If you downloaded multiple config files as an archive, extract it so that
the individual .ovpn files are directly in the <code>/etc/openvpn</code> folder,
and rename them to .conf.
{% endblocktrans %}
</li>
<li>
{% trans "Start the OpenVPN services:" %}
<code class="codeblock">
sudo systemctl start openvpn@ccrypto-fr.service
</code>
</li>
<li>
<em>{% trans "(Optional) Save your username and password:" %}</em><br />
<ul>
<li>
{% blocktrans trimmed %}
Create a text file in <code>/etc/openvpn</code> containing your username and password on two lines as follows:
{% endblocktrans %}
<code class="codeblock">Alice<br />p4ssw0rd</code>
</li>
<li>
{% blocktrans trimmed %}
For additional security, only allow root to access this file:
{% endblocktrans %}
<code class="codeblock">
sudo chown root:root /path/to/the/file.txt
sudo chmod 600 /path/to/the/file.txt
</code>
</li>
<li>
{% blocktrans trimmed %}
Then, open the .conf file with a text editor (nano, vim, gedit, ...)
and add this line at the end of the file:
{% endblocktrans %}
<code class="codeblock">auth-user-pass /path/to/the/file.txt</code>
</li>
<li>
{% trans "Reconnect and it should not ask for your password." %}
</li>
<li>
{% trans "To start it on boot, use this:" %}
<code class="codeblock">
sudo systemctl enable openvpn@ccrypto-fr.service
</code>
</li>
</ul>
</li>
</ol>
</div>
</div>
{% endblock %}