OpenWrt/OpenVPN

From Wiki
< OpenWrt
Revision as of 15:33, 11 April 2023 by Marcluer (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Dynamic DNS

  • Install "luci-app-ddns" package (Webinterface: Administration -> System -> Software -> Update package list)
  • Now you can access the newly installed menu (Webinterface: Administration -> Services -> Dynamic DNS)

File:OpenWrt DDNS.jpg


OpenVPN bridge

  • Install "luci-app-openvpn" + "openvpn" package (Webinterface: Administration -> System -> Software -> Update package list)
  • Create certificates (preferably on a seperate Ubuntu Linux machine):
su
apt-get install openvpn openssl
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-key client2   #Etc, for other clients
./build-dh
  • copy these certificate files to /etc/openvpn of the router (e.g. with WinSCP)
ca.crt
dh1024.pem
server.crt
server.key
  • access the router through SSH
mc
cd /etc/config
edit "openvpn" (F4):
config  'openvpn' 'custom_config'
        option 'config' '/etc/openvpn/openvpn.conf'
        option 'enable' '1'
edit "network" (F4) and change:
...
config  'interface' 'lan'
        option 'ifname' 'eth0 tap0'
        option...
...
edit "firewall" (F4) and add:
...
config  'rule'
        option 'target' 'ACCEPT'
        option '_name' 'vpn'
        option 'src' 'wan'
        option 'dest_port' '1194'
        option 'proto' 'udp'
...


cd /etc/openvpn
touch openvpn.conf
edit "openvpn.conf" (F4):
mode server
proto udp
port 1194
dev tap0
server-bridge   192.168.1.1 255.255.255.0 192.168.1.201 192.168.1.250
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
keepalive  10 60
comp-lzo
daemon
verb 3
client-to-client
  • Enable OpenVPN
    • Webinterface: Administration -> Services -> Initscripts -> openvpn -> enable
  • Reboot router