commit de6b82dfb449cd78ef881f468eb23bc0710c131d parent d8a5834bb59faf1af1be3e454ccf6eb31c1d527e Author: Martin Schanzenbach <schanzen@gnunet.org> Date: Thu, 28 Nov 2024 12:53:48 +0100 clarify VPN usage config file Diffstat:
| M | users/vpn.rst | | | 24 | ++++++++++++++++++++++++ |
1 file changed, 24 insertions(+), 0 deletions(-)
diff --git a/users/vpn.rst b/users/vpn.rst @@ -94,6 +94,30 @@ identifier you assign the service can serve as a passphrase or shared secret, clients connecting to the service must somehow learn the service's name. VPN records in the GNU Name System can make this easier. +The config file configuration to offer a service `http` on port 80 which +is forwarded to port 8080 on IP `169.254.86.1` is as follows: + +:: + + [http.gnunet.] + TCP_REDIRECTS = 80:169.254.86.1:8080 + +You can then add a GNS record to this service: + +:: + + $ gnunet-namestore -z myzone -a -e "1 d" -p -t VPN -n www -V "6 <ZKEY> http" + +Where `myzone` is the name of your GNS zone. +We are adding a record of type `VPN`, and the value is a string containing three values: +The first is a boolean indicating the use of TCP (`6`) or UDP (`17`), +your peer identity and the identifier of the service we used in the configuration section above +before the `.gnunet.`. + +When using the `dns2gns` DNS server it will automatically synthesize `A`/`AAAA` records from +encountered `VPN` records using the `VPN` service. +Otherwise, this must be done by the client that resolved the `VPN` record. + .. _Fedora-and-the-Firewall: Fedora and the Firewall