Haack's Wiki

User Tools

Site Tools

Trace:
computing:vpnserver-wndr3800

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
computing:vpnserver-wndr3800 [2023/05/22 02:17] – created oemb1905computing:vpnserver-wndr3800 [2024/02/11 22:46] oemb1905
Line 76: Line 76:
   tls-version-min 1.2   tls-version-min 1.2
   tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256   tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
-  dh   easy-rsa/pki/pki/dh.pem +  dh   easy-rsa/pki/dh.pem 
-  ca   easy-rsa/pki/pki/ca.crt +  ca   easy-rsa/pki/ca.crt 
-  key  easy-rsa/pki/pki/private/server.key +  key  easy-rsa/pki/private/server.key 
-  cert easy-rsa/pki/pki/issued/server.crt+  cert easy-rsa/pki/issued/server.crt
   ifconfig-pool-persist /tmp/ipp.txt   ifconfig-pool-persist /tmp/ipp.txt
   client-config-dir clients   client-config-dir clients
Line 87: Line 87:
   topology subnet   topology subnet
   push "topology subnet"   push "topology subnet"
-  ifconfig <10.66.66.1255.255.255.0 +  ifconfig 10.66.66.1 255.255.255.0 
-  route-gateway <10.66.66.1> +  route-gateway 10.66.66.1 
-  push "route-gateway <10.66.66.1>+  push "route-gateway 10.66.66.1" 
-  ifconfig-pool <10.66.66.32> <10.66.66.254255.255.255.0 +  ifconfig-pool 10.66.66.32 10.66.66.254 255.255.255.0 
-  push "route <192.168.1.0255.255.255.0"+  push "route 10.15.15.0 255.255.255.0" 
 +  push "dhcp-option DOMAIN lan.local" 
 +  push "dhcp-option DNS 10.15.15.1" 
 +  client-to-client 
 +  mute 5 
 +  log /tmp/openvpn.log 
 +  keepalive 10 120 
 +  persist-key 
 +  persist-tun
  
 Once those configuration files are built, you can now create the certificate authority, the diffie-hellman key, and certificate/private key for the server. Once those configuration files are built, you can now create the certificate authority, the diffie-hellman key, and certificate/private key for the server.
Line 158: Line 166:
   openvpn /etc/config/openvpnconfig/server.conf   openvpn /etc/config/openvpnconfig/server.conf
  
-Now that the service is running, let's log in to the router and adjust the settings a bit.  In your web browser, visit 192.168.1.1, and log in/change password.  After that, click /Interfaces/Add/tun0/ and enter "VPN" for the name (so its parsing matches the others).  Once the interface is created, go to the firewall tab within it and create a matching firewall zone, call it lower-case vpn (this just distinguishes the zones from the interfaces).  Go to the /Firewall tab, and then edit the vpn zone so that it has the WAN as a source destination. It is now time to test the vpn server //from your client workstation//:+Now that the service is running, let's log in to the router and adjust the settings a bit.  In your web browser, visit 192.168.1.1, and log in/change password.  After that, click /Interfaces/Add/tun0/ and enter "VPN" for the name (so its parsing matches the others).  Once the interface is created, go to the firewall tab within it and create a matching firewall zone, call it lower-case vpn (this just distinguishes the zones from the interfaces).  Go to the /Firewall tab, and then edit the vpn zone so that it has the WAN as a source destination. Everyone's zones will differ according to use-case, but here's a common lan-wan-vpn interface setup: 
 + 
 +{{ :computing:firewall.png?600 |}} 
 + 
 +It is now time to test the vpn server //from your client workstation//:
  
   cd ~/vpn-connection/   cd ~/vpn-connection/

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki