RSA certification creation
Explain configuration
Static key configuration
Configuration example of multirouter setup
Installation
- Install the openvpn package:
opkg update opkg install openvpnOr if you prefer configure openvpn via GUI:
opkg update opkg install openvpn luci-app-openvpn
Modify your firewall
- open the firewall file
vi /etc/config/firewall
- towards the bottom append change the dest_port variable to your preference:
config 'rule'
option 'target' 'ACCEPT'
option 'dest_port' '1194'
option 'src' 'wan'
option 'proto' 'tcpudp'
option 'family' 'ipv4'
- restart the network filter
/etc/init.d/network restart
Create OpenVPN configuration
Edit /etc/config/openvpn to fit your need.
vi /etc/config/openvpn
The following is a example. There are multiple examples included in the configuration file.
option 'port' '1194' option 'proto' 'udp' option 'dev' 'tun' option 'ca' '/etc/openvpn/ca.crt' option 'cert' '/etc/openvpn/server.crt' option 'key' '/etc/openvpn/server.key' option 'dh' '/etc/openvpn/dh.pem' option 'tls_auth' '/etc/openvpn/shared.key 0' option 'server' '10.8.0.0 255.255.255.0' list 'push' 'route 192.168.1.0 255.255.255.0' list 'push' 'redirect-gateway"' option 'comp_lzo' option 'keepalive' '10 120' option 'status' '/tmp/openvpn.status'
There is a bug in the /etc/init.d/openvpn. the push directives to openvpn should be encapsulated with double quotes ("), but the init script uses single quotes ('). If you want the push directives to work with openvpn you should modify the init script lines 103 and 107 to look like.
There is a ticket about this ( https://dev.openwrt.org/ticket/10518 ). It has been fixed upstream but it has not hit any of the stable releases yet. — sup 2012/05/07 12:16
tun_mtu tun_mtu_extra txqueuelen user verb push
# append multi-value params
append_params_quoted "$s" \
down up
doc/howto/vpn.server.openvpn.tun.txt · Last modified: 2012/05/07 12:17 by sup