Differences

This shows you the differences between the selected revision and the current version of the page.

--- openvpn 2011/09/21 17:14
+++ openvpn 2011/11/09 19:44 current
@@ Line 1: / Line 1: @@
-can somebody move this page to [[howto:openvpn]] ?
-======= OpenVPN ======
-openvpn config information is here
-http://openvpn.net/index.php/open-source/documentation/howto.html
-**read it!**
-also look at the forum post http://forum.dsmg600.info/t1495-Compiled-Working%3A-OpenVPN.html
-here is a quick guide for funpkg (YMMV)
-===== SERVER =====
-get funpkg openvpn package from http://ffp.wolf-u.li/additional/net-misc/
-<code>wget http://ffp.wolf-u.li/additional/net-misc/openvpn-2.2.1-2.tgz</code>
-install package on your NAS
-<code>funpkg -i openvpn-2.2.1-2.tgz</code>
-create certificates and keys on a fast computer with //openvpn// installed, I did this on my ubuntu 11.04 box
-<code>cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ~/openvpn_certificates
-cd ~/openvpn_certificates</code>
-edit the //./vars// file to your liking and load the variables
-<code>. ./vars</code>
-clean data
-<code>./clean-all</code>
-build certificate authority
-<code>./build-ca</code>
-now build the key for the server (your NAS) (and sign certificate)
-<code>./build-key-server server</code>
-and for a client (and sign certificate)
-<code>./build-key client</code>
-and for another client
-<code>./build-key phone</code>
-build [[http://www.rsa.com/rsalabs/node.asp?id=2248|diffie-hellman]] parameters
-<code>./build-dh</code>
-now you have all the files you need in // ~/openvpn_certificates/keys //
-copy the following files to the NAS and put for example in // /ffp/etc/openvpn //
-<code>ca.crt ca.key dh1024.pem server.key</code>
-now create a openvpn config file, for example // /ffp/etc/openvpn.conf //
-<code>
-port 1194
-proto udp
-dev tun
-ca /ffp/etc/openvpn/ca.crt
-cert /ffp/etc/openvpn/server.crt
-key /ffp/etc/openvpn/server.key  # This file should be kept secret
-dh /ffp/etc/openvpn/dh1024.pem
-# openvpn server will be on 10.8.0.1
-server 10.8.0.0 255.255.255.0
-ifconfig-pool-persist ipp.txt
-status openvpn-status.log
-keepalive 10 120
-comp-lzo
-persist-key
-persist-tun
-verb 3
-</code>
-for more info on configuring openvpn look at
-http://openvpn.net/index.php/open-source/documentation/howto.html#server
-for the openvpn server to work, the //tun.ko// kernel module must be loaded, unfortunately there is a small error in the funpkg package so
-<code>mv /ffp/lib/modules/kernel/2.6.12.6-arm1/tun.ko /ffp/lib/modules/kernel/2.6.12.6-arm1/drivers/net/tun.ko</code>
-now try the openvpn server
-<code>sh /ffp/start/openvpn.sh debug</code>
-if it works
-<code>ctrl+c
-sh /ffp/start/openvpn.sh start</code>
-if you want to start openvpn at funpkg startup
-<code> chmod 755 /ffp/start/openvpn.sh</code>
-===== CLIENT =====
-configuring the client will not be described here in detail but you need the following files from //~/openvpn_certificates/keys// on your openvpn client
-<code>ca.crt client.crt client.key</code>
-//my// client configuration looks like this
-<code>
-client
-dev tun
-proto udp
-remote [server ip or hostname] 1194
-resolv-retry infinite
-nobind
-user nobody
-group nogroup
-persist-key
-persist-tun
-ca ~/openvpn/ca.crt
-cert ~/openvpn/client.crt
-key ~/openvpn/client.key
-comp-lzo
-</code>
-again, for detailed information look at http://openvpn.net/index.php/open-source/documentation/howto.html#client
-if you want you reach your NAS from outside your network, do not forget to forward port 1194 in your router (or whichever port you have chosen)
-if everything goes allright when connected, your NAS will be reachable at 10.8.0.1 test it for example by
-<code>ping 10.8.0.1</code>
-note: if you are already connected to a //10.8.0.*// network, routing will be messed up, it could be convenient to chose a bit more obscure address for your vpn, for example //10.161.80.*//

Differences

Views

Navigation

Personal Tools

Search

Toolbox