openvpn_stuff
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
openvpn_stuff [2007/04/01 14:37] 66.207.222.14 |
openvpn_stuff [2013/09/28 16:06] (current) |
||
|---|---|---|---|
| Line 69: | Line 69: | ||
| </code> | </code> | ||
| (it'll prompt you for the wireless@pwd.ca password each time) | (it'll prompt you for the wireless@pwd.ca password each time) | ||
| + | |||
| + | |||
| + | |||
| + | ====== working on setting up an openvpn server on a router ====== | ||
| + | |||
| + | Instructions adapted from http://forum.openwrt.org/viewtopic.php?id=1800 | ||
| + | |||
| + | - add this to /etc/firewall.user, right after the chunk on WAN SSH:<code> | ||
| + | ### Allow OpenVPN connections | ||
| + | iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 1194 -j ACCEPT | ||
| + | iptables -A input_rule -i $WAN -p udp --dport 1194 -j ACCEPT | ||
| + | </code> | ||
| + | - create /etc/openvpnbridge:<code> | ||
| + | #!/bin/sh | ||
| + | |||
| + | #/etc/openvpnbridge | ||
| + | # OpenVPN Bridge Config File | ||
| + | # Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge | ||
| + | # Taken from http://openvpn.net/bridge.html | ||
| + | |||
| + | # Make sure module is loaded | ||
| + | insmod tun | ||
| + | |||
| + | # Define Bridge Interface | ||
| + | # Preexisting on OpenWRT | ||
| + | br="br0" | ||
| + | |||
| + | # Define list of TAP interfaces to be bridged, | ||
| + | # for example tap="tap0 tap1 tap2". | ||
| + | tap="tap0" | ||
| + | |||
| + | # Build tap devices | ||
| + | for t in $tap; do | ||
| + | openvpn --mktun --dev $t | ||
| + | done | ||
| + | |||
| + | # Add TAP interfaces to OpenWRT bridge | ||
| + | |||
| + | for t in $tap; do | ||
| + | brctl addif $br $t | ||
| + | done | ||
| + | |||
| + | #Configure bridged interfaces | ||
| + | |||
| + | for t in $tap; do | ||
| + | ifconfig $t 0.0.0.0 promisc up | ||
| + | done | ||
| + | </code> | ||
| + | - <code>chmod +x /etc/openvpnbridge</code> | ||
| + | - create /etc/openvpn/server.conf:<code> | ||
| + | port 1194 | ||
| + | proto udp | ||
| + | dev tap | ||
| + | keepalive 10 120 | ||
| + | status openvpn-status.log | ||
| + | verb 3 | ||
| + | secret /etc/openvpn/static.key | ||
| + | </code> | ||
| + | - static key: /etc/openvpn/static.key:<code>openvpn --genkey --secret static.key</code> | ||
| + | - test: <code>openvpn /etc/openvpn/server.conf</code> | ||
| + | - autostartup script for server (/etc/init.d/S95openvpnserver):<code> | ||
| + | #!/bin/sh | ||
| + | #/etc/init.d/S95openvpnserver | ||
| + | /etc/openvpnbridge | ||
| + | openvpn /etc/openvpn/server.conf & | ||
| + | </code> | ||
| + | - make it executable:<code> | ||
| + | chmod +x /etc/init.d/S95openvpnserver | ||
| + | </code> | ||
| + | - client config file:<code> | ||
| + | dev tap | ||
| + | proto udp | ||
| + | remote Your.IP.Goes.Here 1194 | ||
| + | resolv-retry infinite | ||
| + | nobind | ||
| + | mute-replay-warnings | ||
| + | secret /etc/openvpn/static.key | ||
| + | verb 3 | ||
| + | </code> | ||
| + | |||
openvpn_stuff.1175456269.txt.gz ยท Last modified: 2013/09/28 16:06 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
