ora installiamo openvpn
opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl
instalato openvpn ci ritroveremo con una directory nuova
/etc/openvpn
e un file di configurazione nuovo
/etc/config/openvpn
backuppiamo
mv /etc/config/openvpn /etc/config/openvpn.originale
io l' ho solo rinominato perche' ho scelto di non affidarmi a UCI per la gestione della vpn, ma di dirgli di caricare la configurazione da un file standard di openvpn
carichiamo nella directory /etc/openvpn/ la chiave del client, il certificato del client e il certificato dell' autorita' che ha firmato il client
/etc/openvpn/ca.crt /etc/openvpn/client_103.crt /etc/openvpn/client_103.key
lo potete fare o con un semplice copia incolla, avendo aperto in due terminali distinti il file originale da copiare e il file nuovo , o giocando con scp
quindi modifichiamo il file
/etc/config/openvpn
per gestire una configurazione custom, e gli indichiamo dove sara' messa la configurazione reale
config openvpn 'custom_config' option config '/etc/config/client_pp.conf' option enabled '1'
e creiamo il file della configurazione
root@OpenWrt:~# cat /etc/config/client_pp.conf
dev tun port 1192 proto udp remote fisso.davidea.it 1192 verb 3 comp-lzo client ca /etc/openvpn/ca_103.crt cert /etc/openvpn/portatile_103.crt key /etc/openvpn/portatile_103.key log /tmp/openvpn_pp.log
per copiare i certificati e le chiavi abbiamo almeno due vie
- con scp
- dal pc da dove lavoriamo copia e incolla su vi o nano nella sessione ssh del router
ripristinare wifi e network originali
mv /etc/config/wireless /etc/config/wireless.casa cp /etc/config/wireless.originale /etc/config/wireless mv /etc/config/network /etc/config/network.wan cp /etc/config/network.originale /etc/config/network
https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun
nano /etc/config/network
aggiungere
config interface 'vpn' option ifname 'tun0' option defaultroute '0' option peerdns '0' option proto 'none'
Now the Firewall go to Network → Firewall → General Settings
Zones Add
Name: VPN
Input: accept
Output: accept
Forward: accept
Covered networks: vpn = x
Inter-Zone Forwarding
Allow forward to destination zones: lan=x
Allow forward from source zones: lan=x
The result of firewall config
editiamo il file
/etc/config/firewall , nella sezione delle zone, dopo lan e wan aggiungiamo
config zone option name vpn list network 'vpn' option input ACCEPT option output ACCEPT option forward ACCEPT
nella sezione conf forwarding inserire
config forwarding option dest 'lan' option src 'vpn' config forwarding option dest 'vpn' option src ' lan'
verificare nei log del server
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/portatile
ed eventuali errori
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 Options error: option 'route' cannot be used in this context
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/ccd/portatile:3: pippo (2.2.1)
passiamo a openvpn
opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl
root@OpenWrt:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/config/client_pp.conf'
option enabled '1'
root@OpenWrt:~# cat /etc/config/client_pp.conf
dev tun
port 1192
proto udp
remote fisso.davidea.it 1192
verb 3
comp-lzo
client
ca /etc/openvpn/ca_103.crt
cert /etc/openvpn/portatile_103.crt
key /etc/openvpn/portatile_103.key
log /tmp/openvpn_pp.log
configurare openvpn simple clien routed
configurare base ,
fisso.davidea.it 1193
salvare e aggiungere i certificati
C:\Users\37501134\AppData\Roaming\Securepoint SSL VPN\config\portatile3
vi /etc/config/openvpn
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/portatile.crt'
option key '/etc/openvpn/portatile.key'
vi /etc/openvpn/ca.crt
vi /etc/openvpn/portatile.crt
vi /etc/openvpn/portatile.key
add ca, cert e key , quindi inserire i certificati
aggiungere
nano /etc/config/network
config interface 'ibox'
option proto '3g'
option device '/dev/ttyUSB0'
option service 'umts'
option apn 'ibox.tim.it'
option ipv6 'auto'
https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun
services -> openvpn
aggiungi : casa_pirelli client configuration for a router multi client vpn
nano /etc/config/network
aggiungere
config interface 'vpn'
option ifname 'tun0'
option defaultroute '0'
option peerdns '0'
option proto 'none'
Now the Firewall go to Network → Firewall → General Settings
Zones Add
Name: VPN
Input: accept
Output: accept
Forward: accept
Covered networks: vpn = x
Inter-Zone Forwarding
Allow forward to destination zones: lan=x
Allow forward from source zones: lan=x
The result of firewall config
/etc/config/firewall
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'vpn'
option forward 'ACCEPT'
option network 'vpn'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
wget http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/md5sums
md5sum -c md5sums 2> /dev/null | grep OK
sysupgrade -v /tmp/filename-of-downloaded-sysupgrade.bin
opkg install mc
root@OpenWrt:~# opkg install mc
.
.
.
Configuring libmount.
Collected errors:
* gz_open: fork: Out of memory.
* opkg_install_pkg: Failed to unpack control files from /tmp/opkg-ofNoNf/libblkid_2.25.2-4_brcm63xx.ipk.
* opkg_install_cmd: Cannot install package mc.
root@OpenWrt:~#
vi /etc/opkg/distfeeds.conf
src/gz designated_driver_base http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/base
#src/gz designated_driver_luci http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/luci
#src/gz designated_driver_management http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/management
src/gz designated_driver_packages http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/packages
#src/gz designated_driver_routing http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/routing
#src/gz designated_driver_telephony http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/telephony
# src/gz designated_driver_targets http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/targets
opkg install kmod-usb-core kmod-usb-uhci kmod-usb2 kmod-usb-ohci
https://dev.openwrt.org/ticket/21299
vi /etc/chatscripts/3g.chat
Tue Dec 29 22:40:18 2015 daemon.notice pppd[4874]: pppd 2.4.7 started by root, uid 0
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (BUSY)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (NO CARRIER)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (ERROR)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: report (CONNECT)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: timeout set to 10 seconds
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: send (AT&F^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: AT&F^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: OK
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- got it
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: send (ATE1^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ATE1^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: OK
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- got it
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: send (AT+CGDCONT=1,"IP","ibox.tim.it"^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: timeout set to 30 seconds
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: AT+CGDCONT=1,"IP","ibox.tim.it"^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ERROR
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- failed
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: Failed (ERROR)
Tue Dec 29 22:40:20 2015 daemon.err pppd[4874]: Connect script failed
Tue Dec 29 22:40:21 2015 daemon.info pppd[4874]: Exit.
vi /etc/chatscripts/3g.chat
AT+CGDCONT=1,"IP","ibox.tim.it"
AT+CFUN=1
"" "AT&F"
OK "AT+CFUN=1"
OK "ATE1"
passiamo a openvpn
opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl
nano /etc/config/network
config interface 'ibox'
option proto '3g'
option device '/dev/ttyUSB0'
option service 'umts'
option apn 'ibox.tim.it'
option ipv6 'auto'
root@OpenWrt:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/config/client_pp.conf'
option enabled '1'
root@OpenWrt:~# cat /etc/config/client_pp.conf
dev tun
port 1192
proto udp
remote fisso.davidea.it 1192
verb 3
comp-lzo
client
ca /etc/openvpn/ca_103.crt
cert /etc/openvpn/portatile_103.crt
key /etc/openvpn/portatile_103.key
log /tmp/openvpn_pp.log