======= OpenVPN ======
Brief Note

**This tutorial also works with DNS320.

**If you are looking to setup a OpenVPN Access Server box with NAT routing/bridging capabilities, look away. Our default kernel does not have iptables inbuilt or any alternatives. Building one not easy unless you are able to find the right dependencies and compile the right stuffs over (cross-compile).


*OpenVPN config information is here,
**http://openvpn.net/index.php/open-source/documentation/howto.html
**read it!**
**also look at the forum post http://dns323.kood.org/forum/t1495-Compiled-Working%3A-OpenVPN.html

Here is a quick guide for funpkg (YMMV)

===== OpenVPN Client Tutorial =====

get funpkg openvpn package from http://ffp.wolf-u.li/additional/net-misc/
<code>wget http://ffp.wolf-u.li/additional/net-misc/openvpn-2.2.1-2.tgz</code>
install package on your NAS
<code>funpkg -i openvpn-2.2.1-2.tgz</code>
create certificates and keys on a fast computer with //openvpn// installed, I did this on my ubuntu 11.04 box
<code>cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ~/openvpn_certificates
cd ~/openvpn_certificates</code>
edit the //./vars// file to your liking and load the variables
<code>. ./vars</code>
clean data
<code>./clean-all</code>
build certificate authority
<code>./build-ca</code>
now build the key for the server (your NAS) (and sign certificate)
<code>./build-key-server server</code>
and for a client (and sign certificate)
<code>./build-key client</code>
and for another client
<code>./build-key phone</code>
build [[http://www.rsa.com/rsalabs/node.asp?id=2248|diffie-hellman]] parameters
<code>./build-dh</code>
now you have all the files you need in // ~/openvpn_certificates/keys //

copy the following files to the NAS and put for example in // /ffp/etc/openvpn //
<code>ca.crt ca.key dh1024.pem server.key server.crt</code>
now create a openvpn config file, for example // /ffp/etc/openvpn.conf //
<code>
port 1194
proto udp
dev tun

ca /ffp/etc/openvpn/ca.crt
cert /ffp/etc/openvpn/server.crt
key /ffp/etc/openvpn/server.key  # This file should be kept secret
dh /ffp/etc/openvpn/dh1024.pem

# openvpn server will be on 10.8.0.1
server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt
status openvpn-status.log

keepalive 10 120
comp-lzo
persist-key
persist-tun

verb 3
</code>
for more info on configuring openvpn look at
http://openvpn.net/index.php/open-source/documentation/howto.html#server

for the openvpn server to work, the //tun.ko// kernel module must be loaded, unfortunately there is a small error in the funpkg package so
<code>mv /ffp/lib/modules/kernel/2.6.12.6-arm1/tun.ko /ffp/lib/modules/kernel/2.6.12.6-arm1/drivers/net/tun.ko</code>

now try the openvpn server
<code>sh /ffp/start/openvpn.sh debug</code>
if it works
<code>ctrl+c
sh /ffp/start/openvpn.sh start</code>

if you want to start openvpn at funpkg startup
<code> chmod 755 /ffp/start/openvpn.sh</code>

===== CLIENT =====

configuring the client will not be described here in detail but you need the following files from //~/openvpn_certificates/keys// on your openvpn client
<code>ca.crt client.crt client.key</code>
//my// client configuration looks like this
<code>
client
dev tun
proto udp
remote [server ip or hostname] 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ~/openvpn/ca.crt
cert ~/openvpn/client.crt
key ~/openvpn/client.key
comp-lzo
</code>
again, for detailed information look at http://openvpn.net/index.php/open-source/documentation/howto.html#client

if you want you reach your NAS from outside your network, do not forget to forward port 1194 in your router (or whichever port you have chosen)

if everything goes allright when connected, your NAS will be reachable at 10.8.0.1 test it for example by
<code>ping 10.8.0.1</code>

note: if you are already connected to a //10.8.0.*// network, routing will be messed up, it could be convenient to chose a bit more obscure address for your vpn, for example //10.161.80.*//