Valutazione attuale: 5 / 5

Stella attivaStella attivaStella attivaStella attivaStella attiva
 

 

ora installiamo openvpn

opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl

 

instalato openvpn ci ritroveremo con una directory nuova

/etc/openvpn

e un file di configurazione nuovo

/etc/config/openvpn

backuppiamo

mv /etc/config/openvpn /etc/config/openvpn.originale

 

io l' ho solo rinominato perche' ho scelto di non affidarmi a UCI per la gestione della vpn, ma di dirgli di caricare la configurazione da un file standard di openvpn

carichiamo nella directory /etc/openvpn/ la chiave del client, il certificato del client e il certificato dell' autorita' che ha firmato il client

/etc/openvpn/ca.crt
/etc/openvpn/client_103.crt
/etc/openvpn/client_103.key

 

lo potete fare o con un semplice copia incolla, avendo aperto in due terminali distinti il file originale da copiare e il file nuovo , o giocando con scp

quindi modifichiamo il file

 /etc/config/openvpn

per gestire una configurazione custom, e gli indichiamo dove sara' messa la configurazione reale

 

config openvpn 'custom_config'
option config '/etc/config/client_pp.conf'
option enabled '1'

 

e creiamo il file della configurazione

root@OpenWrt:~# cat /etc/config/client_pp.conf

dev tun
port 1192
proto udp
remote fisso.davidea.it 1192
verb 3
comp-lzo 
client
ca /etc/openvpn/ca_103.crt
cert /etc/openvpn/portatile_103.crt
key /etc/openvpn/portatile_103.key
log /tmp/openvpn_pp.log

 

 per copiare i certificati e le chiavi abbiamo almeno due vie

  • con scp  
  • dal pc da dove lavoriamo copia e incolla su vi o nano nella sessione ssh del router

ripristinare wifi e network originali

 

mv /etc/config/wireless /etc/config/wireless.casa
cp /etc/config/wireless.originale /etc/config/wireless

mv /etc/config/network /etc/config/network.wan
cp /etc/config/network.originale /etc/config/network



https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun

nano /etc/config/network

aggiungere

config interface 'vpn'
        option ifname 'tun0'
        option defaultroute '0'
        option peerdns '0'
        option proto 'none'

 

Now the Firewall go to Network → Firewall → General Settings

Zones Add

Name: VPN

Input: accept

Output: accept

Forward: accept


Covered networks: vpn = x

Inter-Zone Forwarding

Allow forward to destination zones: lan=x

Allow forward from source zones: lan=x

The result of firewall config

editiamo il file

/etc/config/firewall , nella sezione delle zone, dopo lan e wan aggiungiamo

 

config zone
        option name             vpn
        list   network          'vpn'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

 

nella sezione conf forwarding inserire

config forwarding
        option dest             'lan'
        option src              'vpn'

config forwarding
        option dest             'vpn'
        option src '            lan'

 

 

verificare nei log del server
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/portatile

ed eventuali errori
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 Options error: option 'route' cannot be used in this context
Wed Jan 6 00:02:21 2016 portatile/62.19.69.156:53235 Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/ccd/portatile:3: pippo (2.2.1)

 


passiamo a openvpn

opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl
root@OpenWrt:~# cat /etc/config/openvpn

config openvpn 'custom_config'
option config '/etc/config/client_pp.conf'
option enabled '1'


root@OpenWrt:~# cat /etc/config/client_pp.conf
dev tun
port 1192
proto udp
remote fisso.davidea.it 1192
verb 3
comp-lzo
client
ca /etc/openvpn/ca_103.crt
cert /etc/openvpn/portatile_103.crt
key /etc/openvpn/portatile_103.key
log /tmp/openvpn_pp.log


configurare openvpn simple clien routed

configurare base ,
fisso.davidea.it 1193
salvare e aggiungere i certificati
C:\Users\37501134\AppData\Roaming\Securepoint SSL VPN\config\portatile3
vi /etc/config/openvpn
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/portatile.crt'
option key '/etc/openvpn/portatile.key'

vi /etc/openvpn/ca.crt
vi /etc/openvpn/portatile.crt
vi /etc/openvpn/portatile.key
add ca, cert e key , quindi inserire i certificati


aggiungere

nano /etc/config/network

config interface 'ibox'
option proto '3g'
option device '/dev/ttyUSB0'
option service 'umts'
option apn 'ibox.tim.it'
option ipv6 'auto'




https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun

services -> openvpn
aggiungi : casa_pirelli client configuration for a router multi client vpn

nano /etc/config/network

aggiungere
config interface 'vpn'
option ifname 'tun0'
option defaultroute '0'
option peerdns '0'
option proto 'none'

Now the Firewall go to Network → Firewall → General Settings

Zones Add

Name: VPN

Input: accept

Output: accept

Forward: accept


Covered networks: vpn = x

Inter-Zone Forwarding

Allow forward to destination zones: lan=x

Allow forward from source zones: lan=x

The result of firewall config

/etc/config/firewall

config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'vpn'
option forward 'ACCEPT'
option network 'vpn'

config forwarding
option dest 'lan'
option src 'vpn'

config forwarding
option dest 'vpn'
option src 'lan'







wget http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/openwrt-brcm63xx-generic-AGV2+W-squashfs-cfe.bin

wget http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/md5sums

md5sum -c md5sums 2> /dev/null | grep OK

sysupgrade -v /tmp/filename-of-downloaded-sysupgrade.bin

opkg install mc


root@OpenWrt:~# opkg install mc
.

.

.

Configuring libmount.
Collected errors:
* gz_open: fork: Out of memory.
* opkg_install_pkg: Failed to unpack control files from /tmp/opkg-ofNoNf/libblkid_2.25.2-4_brcm63xx.ipk.
* opkg_install_cmd: Cannot install package mc.
root@OpenWrt:~#

vi /etc/opkg/distfeeds.conf

src/gz designated_driver_base http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/base
#src/gz designated_driver_luci http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/luci
#src/gz designated_driver_management http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/management
src/gz designated_driver_packages http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/packages
#src/gz designated_driver_routing http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/routing
#src/gz designated_driver_telephony http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/telephony
# src/gz designated_driver_targets http://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/packages/targets


opkg install kmod-usb-core kmod-usb-uhci kmod-usb2 kmod-usb-ohci

https://dev.openwrt.org/ticket/21299

vi /etc/chatscripts/3g.chat

Tue Dec 29 22:40:18 2015 daemon.notice pppd[4874]: pppd 2.4.7 started by root, uid 0
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (BUSY)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (NO CARRIER)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: abort on (ERROR)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: report (CONNECT)
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: timeout set to 10 seconds
Tue Dec 29 22:40:19 2015 local2.info chat[4915]: send (AT&F^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: AT&F^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: OK
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- got it
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: send (ATE1^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ATE1^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: OK
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- got it
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: send (AT+CGDCONT=1,"IP","ibox.tim.it"^M)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: timeout set to 30 seconds
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: expect (OK)
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: AT+CGDCONT=1,"IP","ibox.tim.it"^M^M
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: ERROR
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: -- failed
Tue Dec 29 22:40:20 2015 local2.info chat[4915]: Failed (ERROR)
Tue Dec 29 22:40:20 2015 daemon.err pppd[4874]: Connect script failed
Tue Dec 29 22:40:21 2015 daemon.info pppd[4874]: Exit.

vi /etc/chatscripts/3g.chat

AT+CGDCONT=1,"IP","ibox.tim.it"
AT+CFUN=1

"" "AT&F"
OK "AT+CFUN=1"
OK "ATE1"

passiamo a openvpn

opkg install luci-app-openvpn luci-i18n-openvpn-it openvpn-easy-rsa openvpn-openssl
nano /etc/config/network

config interface 'ibox'
option proto '3g'
option device '/dev/ttyUSB0'
option service 'umts'
option apn 'ibox.tim.it'
option ipv6 'auto'


root@OpenWrt:~# cat /etc/config/openvpn

config openvpn 'custom_config'
option config '/etc/config/client_pp.conf'
option enabled '1'


root@OpenWrt:~# cat /etc/config/client_pp.conf
dev tun
port 1192
proto udp
remote fisso.davidea.it 1192
verb 3
comp-lzo
client
ca /etc/openvpn/ca_103.crt
cert /etc/openvpn/portatile_103.crt
key /etc/openvpn/portatile_103.key
log /tmp/openvpn_pp.log

 

Vai all'inizio della pagina