This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
openvpn_stuff [2007/04/01 14:36] 66.207.222.14 |
openvpn_stuff [2007/04/01 17:09] 66.207.222.14 |
||
---|---|---|---|
Line 37: | Line 37: | ||
</code> | </code> | ||
+ | **client.conf:** | ||
+ | <code> | ||
+ | dev tap | ||
+ | proto tcp-client | ||
+ | port 5000 | ||
+ | ping 15 | ||
+ | ping-restart 120 | ||
+ | resolv-retry infinite | ||
+ | remote openvpn.wirelesstoronto.ca | ||
+ | tls-client | ||
+ | ca /etc/openvpn/ca.crt | ||
+ | cert /etc/openvpn/client**NODEID**.crt | ||
+ | key /etc/openvpn/client**NODEID**.key | ||
+ | ifconfig 192.168.222.**NODEID** 255.255.255.0 | ||
+ | </code> | ||
===== making client certificate files on server: ===== | ===== making client certificate files on server: ===== | ||
Line 54: | Line 69: | ||
</code> | </code> | ||
(it'll prompt you for the wireless@pwd.ca password each time) | (it'll prompt you for the wireless@pwd.ca password each time) | ||
+ | |||
+ | |||
+ | ====== working on setting up an openvpn server on a router ====== | ||
+ | |||
+ | Instructions adapted from http://forum.openwrt.org/viewtopic.php?id=1800 | ||
+ | |||
+ | - add this to /etc/firewall.user, right after the chunk on WAN SSH:<code> | ||
+ | ### Allow OpenVPN connections | ||
+ | iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 1194 -j ACCEPT | ||
+ | iptables -A input_rule -i $WAN -p udp --dport 1194 -j ACCEPT | ||
+ | </code> | ||
+ | - create /etc/openvpnbridge:<code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | #/etc/openvpnbridge | ||
+ | # OpenVPN Bridge Config File | ||
+ | # Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge | ||
+ | # Taken from http://openvpn.net/bridge.html | ||
+ | |||
+ | # Make sure module is loaded | ||
+ | insmod tun | ||
+ | |||
+ | # Define Bridge Interface | ||
+ | # Preexisting on OpenWRT | ||
+ | br="br0" | ||
+ | |||
+ | # Define list of TAP interfaces to be bridged, | ||
+ | # for example tap="tap0 tap1 tap2". | ||
+ | tap="tap0" | ||
+ | |||
+ | # Build tap devices | ||
+ | for t in $tap; do | ||
+ | openvpn --mktun --dev $t | ||
+ | done | ||
+ | |||
+ | # Add TAP interfaces to OpenWRT bridge | ||
+ | |||
+ | for t in $tap; do | ||
+ | brctl addif $br $t | ||
+ | done | ||
+ | |||
+ | #Configure bridged interfaces | ||
+ | |||
+ | for t in $tap; do | ||
+ | ifconfig $t 0.0.0.0 promisc up | ||
+ | done | ||
+ | </code> | ||
+ | - <code>chmod +x /etc/openvpnbridge</code> | ||
+ | - create /etc/server.ovpn:<code> | ||
+ | port 1194 | ||
+ | proto udp | ||
+ | dev tap | ||
+ | keepalive 10 120 | ||
+ | status openvpn-status.log | ||
+ | verb 3 | ||
+ | secret /etc/openvpn/static.key | ||
+ | </code> | ||
+ | - static key: /etc/openvpn/static.key:<code>openvpn --genkey --secret static.key</code> | ||
+ | - test: <code>openvpn /etc/openvpn/server.conf</code> | ||
+ | - client config file:<code> | ||
+ | dev tap | ||
+ | proto udp | ||
+ | remote Your.IP.Goes.Here 1194 | ||
+ | resolv-retry infinite | ||
+ | nobind | ||
+ | mute-replay-warnings | ||
+ | secret /etc/openvpn/static.key | ||
+ | verb 3 | ||
+ | </code> | ||
+ | - autostartup script for server:<code> | ||
+ | #!/bin/sh | ||
+ | #/etc/init.d/S46openvpn | ||
+ | /etc/openvpnbridge | ||
+ | openvpn /etc/server.ovpn & | ||
+ | </code> | ||