Yuuta Home Infra Setup Docs

PKI

Install all certificates on your Arch Linux system: 'pacman -U https://home.yuuta.moe/pki/ca-certificates-yuutahome-2-2-any.pkg.tar.zst'.

On May. 31 / 2024, We fixed a bug in the Arch Linux package that causes an old intermediate CA to be installed. All systems shall update from 2-1 to 2-2.

On June. 23 / 2023, We changed to a new root CA and renewed the issuing CA. Please update your certificate store accordingly.

NEW Root CA Certificate: DER, Base64 encoded PEM

NEW Issuing CA Certificate: DER, Base64 encoded PEM

OLD Root CA Certificate: DER, Base64 encoded PEM

OLD Issuing CA Certificate: DER

802.1x

PEAP + MS-CHAPv2 + Password or Client Certificate Only.

PEAP Server Subject Name: wireless.home.yuuta.moe, certificate issued using internal CA.

Remote Access

Address Space (cloud site): 10.0.1.0/24

Site-to-Site WireGuard:

• Endpoint: access.home.yuuta.moe:60011
• Public Key: DLhfohNTrZh45K/IRaJscUfUh3igTv2XAFkDmKrN2kQ=
• Authentication: Contact the help desk with a desired /24 IPv4 space and a public key.

Point-to-Site OpenVPN:

• Server: access.home.yuuta.moe:1194 (UDP)
• CA Certificate: See above; full certificate chain is required.
• Authentication: Use a valid certificate issued by the internal-CA. Full certificate chain is mandatory.
• Address Space: 10.0.3.0/24
• Sample Configuration:
  

  client
dev tun
nobind
remote-cert-tls server
remote access.home.yuuta.moe 1194
ca /usr/share/ca-certificates/trust-source/anchors/yuuta_root.crt
pkcs11-id piv_II/PKCS\\x2315\\x20emulated/d97f76f764eb9b58/Yuuta\\x20Liang/01
pkcs11-providers /usr/lib/opensc-pkcs11.so
extra-certs /usr/share/ca-certificates/trust-source/anchors/yuuta_sub.crt
persist-key
persist-tun
tun-mtu 1400
mssfix 1360
connect-timeout 5


Help Desk