- 21 Things To Remember
- For Those Who Are Married As Well As For Those Who Will Get Married
- Missing Husband
- What is Tension?
- Installing ZK Spreadsheet in Debian Lenny
- System Harware Information in Linux
- Configuring OpenVPN Client in DD-WRT
- Procedure For New Passport Or Reissue of Exisiting Passport
- Internet Radio Player
- trash-cli
Recent blog posts
 |
Configuring OpenVPN Client in DD-WRT
After spending almost a day in trying to configuring my dd-wrt router as an OpenVPN client and reading many complicated guides, I found a really simple way to configure OpenVPN. It is necessary that you have optware set up on your router. For setting up Optware, kindly read Optware, The Right Way.
This configuration has been tested with DD-WRT K26 svn 14569 mega build (of Brainslayer) on a WRT610Nv1 router. Configuration of OpenVPN server is beyond the scope of this article. But here is an excellent article on how to setup OpenVPN server in Debian.
- Install openvpn using ipkg.
# ipkg-opt update # ipkg-opt install openvpn
- Dump your vpn configuration file in /opt/etc/openvpn/. Let us assume the name of the configuratoin file is example.vpn.conf. You might have to make certain changes in the configuration file such as:
- Setting the name of the user and group in the config file to that which are existing on the router. 'nobody' user and 'nobody' group exist on the system so you can use these. If you intend to use the route-down.sh script (see below), you will have to set these to 'root' user and 'root' group. For route-up.sh script though, it is fine if you use 'nobody' user and 'nobody' group because the downgrade of privileges by openvpn client happens after the route-up.sh script is called.
- Setting the correct paths for key and certificate files in example.vpn.conf.
- Test if openvpn connection is being established by running the below command.
# /opt/sbin/openvpn --cd /opt/etc/openvpn --config example.vpn.conf
If the connection is being established properly you may proceed to the next step.
- Set up the scripts for allowing machines behind the dd-wrt router to access machines in the VPN network and for machines in the VPN network to access the dd-wrt router.
/opt/etc/openvpn/route-up.sh:
# Enable clients behind the router to access the machines in VPN network /usr/sbin/iptables -I POSTROUTING -t nat -o tun0 -j MASQUERADE # Enable the machines in the VPN network to access the router /usr/sbin/iptables -I INPUT -t filter -i tun0 -j ACCEPT
/opt/etc/openvpn/route-down.sh:
# Disable clients behind the router to access the machines in VPN network /usr/sbin/iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE # Disable the machines in the VPN network to access the router /usr/sbin/iptables -D INPUT -t filter -i tun0 -j ACCEPT
Test the connection again.
# chmod 755 route-up.sh route-down.sh # /opt/sbin/openvpn --cd /opt/etc/openvpn --config example.vpn.conf --script-security 2 system \ --route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh
- In this last step, we enable openvpn client to connect automatically during startup. Edit /opt/etc/init.d/S20openvpn and make the following changes:
- Comment the statement "return 0" so that we can keep run openvpn as a daemon.
- Set the proper path for killall command (/usr/bin/killall).
- Add the line "/opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config example.vpn.conf --script-security 2 system --route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh" at the bottom.
/opt/etc/init.d/S20openvpn:
#!/bin/sh # # Startup script for openvpn as standalone server # # Make sure IP forwarding is enabled echo 1 > /proc/sys/net/ipv4/ip_forward # Make device if not present (not devfs) if ( [ ! -c /dev/net/tun ] ) then # Make /dev/net directory if needed if ( [ ! -d /dev/net ] ) then mkdir -m 755 /dev/net fi mknod /dev/net/tun c 10 200 fi # Make sure the tunnel driver is loaded if ( !(lsmod | grep -q "^tun") ); then insmod /opt/lib/modules/tun.o fi # I you want a standalone server (not xinetd), comment out the return statement below #return 0 ## This is for standalone servers only!!!! # Kill old server if still there if [ -n "`pidof openvpn`" ]; then /usr/bin/killall openvpn 2>/dev/null fi # Start afresh - add as many daemons as you want #/opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config openvpn.conf /opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config example.vpn.conf --script-security 2 \ --route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh # [EOF]Test the script.
# chmod u+x /opt/etc/init.d/S20openvpn # /opt/etc/init.d/S20openvpn
- Rebooting the router should now get you connected automatically to your VPN network.
Bookmark/Search this post with:
Delicious
Digg
StumbleUpon
Reddit
Facebook
Google
Yahoo
TechnoratiRecent comments
- Updated the link
2 weeks 4 days ago - square watermelon
2 weeks 5 days ago - It is a fantastic joke on
3 weeks 6 days ago - respond this topic
3 weeks 6 days ago - Hi friend!!! It's
4 weeks 6 days ago - comments on women
8 weeks 4 days ago - Race
13 weeks 10 hours ago - Be more concerned about ur
15 weeks 30 min ago - Fanfabulous,
I've been
15 weeks 5 days ago - renu blog
16 weeks 4 days ago
Search
Syndicate/RSS
Entire Site Feed
Journal (98) Feed
Linux (96) Feed
Windows (103) Feed
Technical (95) Feed
Politics And Administration (102) Feed
Random Thoughts (97) Feed
Uncategorized (1) Feed
Jokes (2) Feed
Nice Reads (3) Feed
Speeches (4) Feed
Journal (98) Feed
Linux (96) Feed
Windows (103) Feed
Technical (95) Feed
Politics And Administration (102) Feed
Random Thoughts (97) Feed
Uncategorized (1) Feed
Jokes (2) Feed
Nice Reads (3) Feed
Speeches (4) Feed
*the number in the bracket indicates the taxonomy term number of the particular category (and not number of posts). This can be used for subscribing to selected feeds. For example, to subscribe to Journal, Linux and Jokes feed, the feed url would be http://rahul.amaram.name/
taxonomy/term/98+96+2/all/feed.
taxonomy/term/98+96+2/all/feed.
|
|
Comments
Post new comment