User Tools

Site Tools


doc:howto:vpn.client.openvpn.tun

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:vpn.client.openvpn.tun [2013/10/28 08:27]
lorema
doc:howto:vpn.client.openvpn.tun [2014/10/21 09:06] (current)
wifly
Line 1: Line 1:
 ====== Openwrt configuration example with 2 OpenVpn Tunnel ====== ====== Openwrt configuration example with 2 OpenVpn Tunnel ======
 +| :!: There are many redundant wiki pages relating to configuring OpenVPN on OpenWrt. ​ Some are better than others, and others are an out-of-date muddled mess.  For a reasonably complete / up-to-date guide to installing, configuring and troubleshooting OpenVPN clients & servers on OpenWrt (including creating a simple PKI), could I suggest you consider starting with [[doc/​howto/​vpn.openvpn]] instead of this wiki. :!: |
 +
 +It is not that the other wikis aren't worth reading; it is just that (IMHO) [[doc/​howto/​vpn.openvpn]] is a better place to start (it has been rewritten from scratch just a few weeks ago).  Maybe you could improve it further rather than edit this wiki?
 +
 +In this instance, this wiki covers issues not raised in [[doc/​howto/​vpn.openvpn]]. ​ However, if your new to OpenVPN, then it might still be a useful place to visit.
 +
 | For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/​howto/​vpn.overview]] | | For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/​howto/​vpn.overview]] |
  
Line 91: Line 97:
  option ipaddr '​192.168.1.1'​  option ipaddr '​192.168.1.1'​
  option netmask '​255.255.255.0'​  option netmask '​255.255.255.0'​
- option _orig_ifname 'eth0 wlan0 wlan0-1 tun0 tun1' 
- option _orig_bridge '​true'​ 
  option ifname '​eth0'​  option ifname '​eth0'​
  option stp '​1'​  option stp '​1'​
Line 124: Line 128:
  option key '/​lib/​uci/​upload/​cbid.openvpn.client_tun_0.key'​  option key '/​lib/​uci/​upload/​cbid.openvpn.client_tun_0.key'​
  option cert '/​lib/​uci/​upload/​cbid.openvpn.client_tun_0.cert'​  option cert '/​lib/​uci/​upload/​cbid.openvpn.client_tun_0.cert'​
- option comp_lzo '1'+ option comp_lzo 'yes'
  option verb '​3'​  option verb '​3'​
  option float '​1'​  option float '​1'​
Line 245: Line 249:
  option icmp_type '​echo-request'​  option icmp_type '​echo-request'​
  option family '​ipv4'​  option family '​ipv4'​
- option target '​ACCEPT'​ 
- 
-config rule 
- option name '​Allow-DHCPv6'​ 
- option src '​wan'​ 
- option proto '​udp'​ 
- option src_ip '​fe80::/​10'​ 
- option src_port '​547'​ 
- option dest_ip '​fe80::/​10'​ 
- option dest_port '​546'​ 
- option family '​ipv6'​ 
- option target '​ACCEPT'​ 
- 
-config rule 
- option name '​Allow-ICMPv6-Input'​ 
- option src '​wan'​ 
- option proto '​icmp'​ 
- list icmp_type '​echo-request'​ 
- list icmp_type '​echo-reply'​ 
- list icmp_type '​destination-unreachable'​ 
- list icmp_type '​packet-too-big'​ 
- list icmp_type '​time-exceeded'​ 
- list icmp_type '​bad-header'​ 
- list icmp_type '​unknown-header-type'​ 
- list icmp_type '​router-solicitation'​ 
- list icmp_type '​neighbour-solicitation'​ 
- option limit '​1000/​sec'​ 
- option family '​ipv6'​ 
- option target '​ACCEPT'​ 
- 
-config rule 
- option name '​Allow-ICMPv6-Forward'​ 
- option src '​wan'​ 
- option dest '​*'​ 
- option proto '​icmp'​ 
- list icmp_type '​echo-request'​ 
- list icmp_type '​echo-reply'​ 
- list icmp_type '​destination-unreachable'​ 
- list icmp_type '​packet-too-big'​ 
- list icmp_type '​time-exceeded'​ 
- list icmp_type '​bad-header'​ 
- list icmp_type '​unknown-header-type'​ 
- option limit '​1000/​sec'​ 
- option family '​ipv6'​ 
  option target '​ACCEPT'​  option target '​ACCEPT'​
  
doc/howto/vpn.client.openvpn.tun.1382945275.txt.bz2 · Last modified: 2013/10/28 08:27 by lorema