User Tools

Site Tools


openvpn_stuff

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

openvpn_stuff [2007/04/02 14:23]
66.207.222.14
openvpn_stuff [2013/09/28 16:06]
Line 1: Line 1:
-====== setting up openvpn server ====== 
- 
-This is old; check if there'​s new versions of stuff that you should use. 
- 
-<​code>​ 
-cd /​usr/​local/​src 
-wget http://​openvpn.net/​release/​openvpn-2.0.tar.gz 
-tar xvfz openvpn-2.0.tar.gz 
-cd openvpn-2.0 
-apt-get install liblzo-dev 
-./configure 
-make 
-make install 
- 
-mkdir /​etc/​openvpn 
-mkdir /​etc/​openvpn/​easy-rsa 
-cp /​usr/​local/​src/​easy-rsa/​* /​etc/​openvpn/​easy-rsa 
-</​code>​ 
- 
-**/​etc/​openvpn/​server.conf:​** 
-<​code>​ 
-dev tap 
-port 5000 
-proto tcp-server 
-verb 1 
-mode server 
-tls-server 
-ping 60 
-ca /​etc/​openvpn/​ca.crt 
-cert /​etc/​openvpn/​server.crt 
-key /​etc/​openvpn/​server.key 
-dh /​etc/​openvpn/​dh1024.pem 
-ifconfig 192.168.222.1 255.255.255.0 
-ifconfig-pool 192.168.222.100 192.168.222.200 
-route 192.168.222.0 255.255.255.0 
-route-gateway 192.168.222.1 
-</​code>​ 
- 
-**client.conf:​** 
-<​code>​ 
-dev tap 
-proto tcp-client 
-port 5000 
-ping 15 
-ping-restart 120 
-resolv-retry infinite 
-remote openvpn.wirelesstoronto.ca 
-tls-client 
-ca /​etc/​openvpn/​ca.crt 
-cert /​etc/​openvpn/​client**NODEID**.crt 
-key /​etc/​openvpn/​client**NODEID**.key 
-ifconfig 192.168.222.**NODEID** 255.255.255.0 
-</​code>​ 
- 
-===== making client certificate files on server: ===== 
- 
-  - ssh to pwd.ca, login as "​wireless"<​code>​ 
-cd easy-rsa 
-. ./vars 
-</​code>​ 
-  - (ignore the output)<​code>​ 
-./build-key client[NODEID] 
-</​code>​ 
-  - use defaults except for Common Name: **client[NODEID]** 
-  - find the client<​NODEID>​.crt and client<​NODEID>​.key files in the ./keys folder -- KEEP THESE PRIVATE 
-  - to copy them to the router, issue these commands on the router:<​code>​ 
-scp wireless@pwd.ca:​easy-rsa/​keys/​client<​NODEID>​.crt /​etc/​openvpn 
-scp wireless@pwd.ca:​easy-rsa/​keys/​client<​NODEID>​.key /​etc/​openvpn 
-</​code>​ 
-(it'll prompt you for the wireless@pwd.ca password each time) 
- 
- 
- 
-====== working on setting up an openvpn server on a router ====== 
- 
-Instructions adapted from http://​forum.openwrt.org/​viewtopic.php?​id=1800 
- 
-  - add this to /​etc/​firewall.user,​ right after the chunk on WAN SSH:<​code>​ 
-### Allow OpenVPN connections 
-iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 1194 -j ACCEPT 
-iptables ​       -A input_rule ​     -i $WAN -p udp --dport 1194 -j ACCEPT 
-</​code>​ 
-  - create /​etc/​openvpnbridge:<​code>​ 
-#!/bin/sh 
- 
-#/​etc/​openvpnbridge 
-# OpenVPN Bridge Config File 
-# Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge 
-# Taken from http://​openvpn.net/​bridge.html 
- 
-# Make sure module is loaded 
-insmod tun 
- 
-# Define Bridge Interface 
-# Preexisting on OpenWRT 
-br="​br0"​ 
- 
-# Define list of TAP interfaces to be bridged, 
-# for example tap="​tap0 tap1 tap2". 
-tap="​tap0"​ 
- 
-# Build tap devices 
-for t in $tap; do 
-    openvpn --mktun --dev $t 
-done 
- 
-# Add TAP interfaces to OpenWRT bridge 
- 
-for t in $tap; do 
-    brctl addif $br $t 
-done 
- 
-#Configure bridged interfaces 
- 
-for t in $tap; do 
-    ifconfig $t 0.0.0.0 promisc up 
-done 
-</​code>​ 
-  - <​code>​chmod +x /​etc/​openvpnbridge</​code>​ 
-  - create /​etc/​openvpn/​server.conf:<​code>​ 
-port 1194 
-proto udp 
-dev tap 
-keepalive 10 120 
-status openvpn-status.log 
-verb 3 
-secret /​etc/​openvpn/​static.key 
-</​code>​ 
-  - static key: /​etc/​openvpn/​static.key:<​code>​openvpn --genkey --secret static.key</​code>​ 
-  - test: <​code>​openvpn /​etc/​openvpn/​server.conf</​code>  ​ 
-  - client config file:<​code>​ 
-dev tap 
-proto udp 
-remote Your.IP.Goes.Here 1194 
-resolv-retry infinite 
-nobind 
-mute-replay-warnings 
-secret /​etc/​openvpn/​static.key 
-verb 3 
-</​code>​ 
-  - autostartup script for server (/​etc/​init.d/​S95openvpnserver):<​code>​ 
-#!/bin/sh 
-#/​etc/​init.d/​S95openvpnserver 
-/​etc/​openvpnbridge 
-openvpn /​etc/​openvpn/​server.conf & 
-</​code>​ 
- 
  
openvpn_stuff.txt ยท Last modified: 2013/09/28 16:06 (external edit)