【OpenWRT】—— OpenVPN Server and Client (准备篇)
[i=s] 本帖最後由 角色 於 2013-11-25 01:35 編輯 [/i]还没有建立OpenVPN,先来做点资料搜集。
References:
[url]http://wiki.openwrt.org/doc/howto/vpn.overview[/url]
[url]http://wiki.openwrt.org/inbox/vpn.howto[/url]
[url]http://www.imped.net/oss/misc/openvpn-2.0-howto-edit.html[/url]
[url]http://wiki.wirelesstoronto.ca/openvpn_stuff[/url]
[url]http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html[/url]
Very good example to illustrate the client device traffic was redirected to the Server's gateway to Internet.
[url]http://farlee.info/archives/burstnet-vps-openvz-install-openvpn-config-vpn-centos.html[/url]
[url]http://wuklass.pixnet.net/blog/post/35347947[/url]
References for OpenVPN Server
Using Certs and Keys
[url]http://www.frogiswrong.com/blog/articles/8/openvpn-on-openwrt-a-little-more-detail[/url]
[url]http://www.joeho.org/wordpress/?p=3849[/url]
[url]http://unix.stackexchange.com/questions/16412/openvpn-on-openwrt[/url]
[url]http://ostanin.org/blog/2012/09/13/using-openvpn-for-select-sites-with-openwrt/[/url]
[url]http://lgallardo.com/en/2011/09/08/configurar-openvpn-en-openwrt/[/url]
[url]http://fooprotected.wordpress.com/2011/11/25/tp-link-wr1043nd-openwrt-openvpn/[/url]
Using Static Key
[url]http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun[/url]
[url]http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tap[/url]
[url]https://blog.ipredator.se/howto/openwrt/configuring-openvpn-on-openwrt.html[/url]
[url]http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html[/url]
[url]http://martybugs.net/wireless/openwrt/openvpn.cgi[/url]
[url]http://coderazzi.net/howto/openwrt/tl841n/openvpn-bridge.htm[/url]
References for OpenVPN Client
[url]http://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun[/url] [i=s] 本帖最後由 角色 於 2013-11-24 00:41 編輯 [/i]
Based on [1], we installed[code]
opkg update
opkg install openvpn openvpn-easy-rsa
[/code]【1】[url]http://wiki.openwrt.org/inbox/vpn.howto[/url] 备用帖子。 [i=s] 本帖最後由 角色 於 2013-12-7 18:44 編輯 [/i]
终于可以把OpenVPN安装在OpenWRT里了!
1. 安装openvpn package,不用安装它的GUI package
2. 做好OpenVPN选用的port number and type,我用standard,就1194 UDP port
3. 跟根据官网做certs,最重要的common name,这个是非常重要!详细看官网怎样generate certificates, keys, pems
4. On OpenWRT, using vi editor to create a file with a name "vpn.conf" which contains[code]
port 1194
proto udp
dev-type tun
dev vpn-user
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
# enable compression
comp-lzo
# allow several users to connect with the same certificate
duplicate-cn
server 10.30.0.0 255.255.255.0
client-to-client
keepalive 10 120
push "dhcp-option DOMAIN jl.selfip.org"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
persist-key
persist-tun
user nobody
group nogroup
#log vpn.log
verb 3
[/code]4b. Using the following script to run openvpn with the server configuration file vpn.conf[code]
openvpn --config vpn.conf
[/code]5. 安装Windows on PC 的Openvpn,最好选用 2.2版本。[code]
remote jl.selfip.org
port 1194
proto udp
dev tun
comp-lzo
client
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
ca ca.crt
cert client1.crt
key client1.key
ping 10
ping-restart 60
[/code] 上面是把OpenVPN最重要的step说出,等有时间,再把整个程序写出来,那么大家member可以跟着做。
系统连接好后,Client的PC的packets会通过HK Server的gateway走。 windows版本的2.3也是可以的,我一直在用,但如果要在windows下制作证书,那就还是2.2的比较好,反正我折腾2.3,搞了很久都没有成功,但换成2.2,一下就ok了,另外,最好是在XP或是win7下搞。 所以我也不用2.3,转回用2.2
頁:
[1]