User Tools

Site Tools


vpnc.vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

vpnc.vpn [2013/10/28 08:27]
— (current)
Line 1: Line 1:
-====== VPNC ====== 
-| For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/​howto/​vpn.overview]] | 
  
-VPNC http://​linux.die.net/​man/​8/​vpnc 
- 
-  opkg update;opkg install vpnc 
- 
-**vi /​etc/​vpnc/​default.conf** 
- 
-  IPSec gateway 188.40.166.25 
-  IPSec ID munky 
-  IPSec secret correcthorsebatterystaple 
-  Xauth username munky 
-  Xauth passwordcorrecthorsebatterystaple 
- 
-This provides the router with access to the vpn but nothing on your LAN will access the vpn resources. So we need post-connect rules. 
- 
-**vi /​etc/​vpnc/​post-connect.d/​masquerade** 
- 
-  iptables -A forwarding_rule -o tun0 -j ACCEPT 
-  iptables -A forwarding_rule -i tun0 -j ACCEPT 
-  iptables -t nat -A postrouting_rule -o tun0 -j MASQUERADE 
- 
-Now when you run the command '​vpnc'​ it should connect the vpn and your LAN will be able to connect as well now. Next we want to autoconnect when you boot the router. 
- 
-  mkdir /​etc/​config/​vpnc 
-  cd /​etc/​config/​vpnc 
- 
-**vi /​etc/​config/​vpnc/​startup-script** 
- 
-  #!/bin/sh /​etc/​rc.common 
-  START = 75 
-  STOP = 01  
-  ​ 
-  start () { 
-    vpnc 
-  } 
-  ​ 
-  stop () { 
-     ​vpnc-disconnect 
-  } 
- 
-This script should be symlinked to /etc/init.d but for some reason the symlink cannot be enabled. 
- 
-  cp /​etc/​config/​vpnc/​startup-script /​etc/​init.d/​vpnc 
-  /​etc/​init.d/​vpnc enable 
- 
-The remaining problem is detecting when the vpn disconnects. **Note 10.10.10.1 in this script. You should change this to an ip address on the vpn.** 
- 
-**vi /​etc/​config/​vpnc/​keep-alive** 
- 
-  #/Bin/sh 
- 
-  if ping -q -c 1 10.10.10.1 2>&1 > /​dev/​null;​ then 
-  echo itworks > /dev/null 
-  ​ 
-  else 
-  ​ 
-  /​etc/​init.d/​vpnc stop 
-  sleep 50 
-  /​etc/​init.d/​vpnc start 
-  ​ 
-  fi 
- 
-The final action needed is to created the scheduled task. The following runs this every 15 minutes. 
- 
-**crontab -e** 
- 
-%%*/15 * * * * /​etc/​config/​vpnc/​keep-alive%% 
vpnc.vpn.1382945257.txt.bz2 · Last modified: 2013/10/28 08:27 (external edit)