This is an old revision of the document!
OpenVPN
openvpn config information is here http://openvpn.net/index.php/open-source/documentation/howto.html read it!
also look at the forum post http://forum.dsmg600.info/t1495-Compiled-Working%3A-OpenVPN.html
here is a quick guide for funpkg (YMMV)
SERVER
get funpkg openvpn package from http://ffp.wolf-u.li/additional/net-misc/
wget http://ffp.wolf-u.li/additional/net-misc/openvpn-2.2.1-2.tgz
install package on your NAS
funpkg -i openvpn-2.2.1-2.tgz
create certificates and keys on a fast computer with openvpn installed, I did this on my ubuntu 11.04 box
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ~/openvpn_certificates cd ~/openvpn_certificates
edit the ./vars file to your liking and load the variables
. ./vars
clean data
./clean-all
build certificate authority
./build-ca
now build the key for the server (your NAS) (and sign certificate)
./build-key-server server
and for a client (and sign certificate)
./build-key client
and for another client
./build-key phone
build diffie-hellman parameters
./build-dh
now you have all the files you need in ~/openvpn_certificates/keys
copy the following files to the NAS and put for example in /ffp/etc/openvpn
ca.crt ca.key dh1024.pem server.key
now create a openvpn config file, for example /ffp/etc/openvpn.conf
port 1194 proto udp dev tun ca /ffp/etc/openvpn/ca.crt cert /ffp/etc/openvpn/server.crt key /ffp/etc/openvpn/server.key # This file should be kept secret dh /ffp/etc/openvpn/dh1024.pem # openvpn server will be on 10.8.0.1 server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt status openvpn-status.log keepalive 10 120 comp-lzo persist-key persist-tun verb 3
for more info on configuring openvpn look at http://openvpn.net/index.php/open-source/documentation/howto.html#server
for the openvpn server to work, the tun.ko kernel module must be loaded, unfortunately there is a small error in the funpkg package so
mv /ffp/lib/modules/kernel/2.6.12.6-arm1/tun.ko /ffp/lib/modules/kernel/2.6.12.6-arm1/drivers/net/tun.ko
now try the openvpn server
sh /ffp/start/openvpn.sh debug
if it works
ctrl+c sh /ffp/start/openvpn.sh start
if you want to start openvpn at funpkg startup
chmod 755 /ffp/start/openvpn.sh
CLIENT
configuring the client will not be described here in detail but you need the following files from ~/openvpn_certificates/keys on your openvpn client
ca.crt client.crt client.key
my client configuration looks like this
client dev tun proto udp remote [server ip or hostname] 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca ~/openvpn/ca.crt cert ~/openvpn/client.crt key ~/openvpn/client.key comp-lzo
again, for detailed information look at http://openvpn.net/index.php/open-source/documentation/howto.html#client
if you want you reach your NAS from outside your network, do not forget to forward port 1194 in your router (or whichever port you have chosen)
if everything goes allright when connected, your NAS will be reachable at 10.8.0.1 test it for example by
ping 10.8.0.1
note: if you are already connected to a 10.8.0.* network, routing will be messed up, it could be convenient to chose a bit more obscure address for your vpn, for example 10.161.80.*