Tamadite
18-05-2006, 20:12
================================================== =======
NOTES:
I do not take any credit for most of the information herein written. I just collected (copy&paste) most the information and adapted it to be executed under an Asus WL-500g device.
This is a simple setup that has a limited scalability -- one client, one server.
This HowTo is oriented to create a VPN connection between an Asus WL-500g device and a Windows XP client.
ASSUMPTIONS:
i.- firmware: Oleg 1.9.2.7-7b
ii.- root file system on the external USB drive
iii.- telnet/ssh deamon installed and active
iv.- nano editor installed
SOURCES:
i.- http://openvpn.net
ii.- http://www.sprayfly.com/wiki/User_talk:Jonolumb
iii.- This forum
================================================== =======
CONFIGURING THE CLIENT (Windows XP)
Download from http://openvpn.se/download.html openvpn-2.0.7-gui-1.0.3-install.exe which will install both OpenVPN and a Windows GUI. Install everything.
During the installation you will be prompted about authentication of drivers to be installed. You should accept it.
Open "network connections" and rename the connection recently created from "Local Area Connection x" to "tun0" (it should have "TAP-Win32 Adapter V8 (coLinux)" as NIC)
Open a dos-prompt window
cd C:\Program Files\OpenVPN\config
openvpn --genkey --secret static.key
create a txt file called "client.ovpn" and add the following information:
remote myremote.mydomain
dev tun0
ifconfig 10.8.0.2 10.8.0.1
secret static.key
where myremote.mydomain is the WAN ip address or host name of your Asus WL-500g router.
Install OpenVPN package on WL-500g
ipkg -force-depends install openvpn
Check for message:
Warning: Cannot satisfy the following dependencies for openvpn: kernel-module-tun
But warning can be disregarded, tun is already included in Oleg's firmware.
Create the TUN device node
mkdir /dev/net
mknod /dev/net/tun c 10 200
Load the TUN/TAP kernel module
insmod tun
Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
Configuring VPN Server
cd /opt/etc/openvpn
nano server.conf
(add following lines)
dev tun0
ifconfig 10.8.0.1 10.8.0.2
secret static.key
(exit editor)
^O ^X
Copy via FTP the file static.key from WinXP client folder C:\Program Files\OpenVPN\config to Asus wl500g directory /opt/etc/openvpn
Add firewall rules
cd /usr/local/sbin
nano post-firewall
#!/bin/sh
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
(exit editor)
^O ^X
Start OpenVPN server manually
/sbin/insmod tun
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
If you want to try the OpenVPN server at this point, without making an autostart, you should execute all iptables commands above written by copy&paste them on the Asus wl500g prompt and jump to the next point called "Trying the VPN tunnel".
Autostart
To automatically start the OpenVPN server processes at boot time:
nano /opt/etc/init.d/S24openvpn
#!/bin/sh
if [ -n "`pidof openvpn`" ]; then
/bin/killall openvpn 2>/dev/null
fi
# load TUN/TAP kernel module
/sbin/insmod tun
# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Startup VPN tunnel in daemon mode
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
(exit editor)
^O ^X
Save and Reboot
chmod +x /opt/etc/init.d/S24openvpn
flashfs save
flashfs commit
flashfs enable
reboot
Trying the VPN tunnel
Execute file client.ovpn in Windows XP (C:\Program Files\OpenVPN\config). A DOS window will appear. Pay attention to message "Initialization Sequence Completed". This message indicates that the VPN connection has been established. (Do not close the DOS window! If you close the DOS window you will close the VPN connection)
To test that everything works as it should try to ping 10.8.0.1 from the client (Windows XP) and to ping 10.8.0.2 from Asus WL-500g. You should get ping responses on both cases. If it is so, everything works!
FINAL NOTES
i)If you are running Windows XP/SP2 don't forget to add a rule in your Windows XP firewall to accept traffic on port 1194.
ii) HowTo: Routing all client traffic through VPN (http://wl500g.info/showthread.php?t=17034) tutorial available
NOTES:
I do not take any credit for most of the information herein written. I just collected (copy&paste) most the information and adapted it to be executed under an Asus WL-500g device.
This is a simple setup that has a limited scalability -- one client, one server.
This HowTo is oriented to create a VPN connection between an Asus WL-500g device and a Windows XP client.
ASSUMPTIONS:
i.- firmware: Oleg 1.9.2.7-7b
ii.- root file system on the external USB drive
iii.- telnet/ssh deamon installed and active
iv.- nano editor installed
SOURCES:
i.- http://openvpn.net
ii.- http://www.sprayfly.com/wiki/User_talk:Jonolumb
iii.- This forum
================================================== =======
CONFIGURING THE CLIENT (Windows XP)
Download from http://openvpn.se/download.html openvpn-2.0.7-gui-1.0.3-install.exe which will install both OpenVPN and a Windows GUI. Install everything.
During the installation you will be prompted about authentication of drivers to be installed. You should accept it.
Open "network connections" and rename the connection recently created from "Local Area Connection x" to "tun0" (it should have "TAP-Win32 Adapter V8 (coLinux)" as NIC)
Open a dos-prompt window
cd C:\Program Files\OpenVPN\config
openvpn --genkey --secret static.key
create a txt file called "client.ovpn" and add the following information:
remote myremote.mydomain
dev tun0
ifconfig 10.8.0.2 10.8.0.1
secret static.key
where myremote.mydomain is the WAN ip address or host name of your Asus WL-500g router.
Install OpenVPN package on WL-500g
ipkg -force-depends install openvpn
Check for message:
Warning: Cannot satisfy the following dependencies for openvpn: kernel-module-tun
But warning can be disregarded, tun is already included in Oleg's firmware.
Create the TUN device node
mkdir /dev/net
mknod /dev/net/tun c 10 200
Load the TUN/TAP kernel module
insmod tun
Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
Configuring VPN Server
cd /opt/etc/openvpn
nano server.conf
(add following lines)
dev tun0
ifconfig 10.8.0.1 10.8.0.2
secret static.key
(exit editor)
^O ^X
Copy via FTP the file static.key from WinXP client folder C:\Program Files\OpenVPN\config to Asus wl500g directory /opt/etc/openvpn
Add firewall rules
cd /usr/local/sbin
nano post-firewall
#!/bin/sh
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
(exit editor)
^O ^X
Start OpenVPN server manually
/sbin/insmod tun
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
If you want to try the OpenVPN server at this point, without making an autostart, you should execute all iptables commands above written by copy&paste them on the Asus wl500g prompt and jump to the next point called "Trying the VPN tunnel".
Autostart
To automatically start the OpenVPN server processes at boot time:
nano /opt/etc/init.d/S24openvpn
#!/bin/sh
if [ -n "`pidof openvpn`" ]; then
/bin/killall openvpn 2>/dev/null
fi
# load TUN/TAP kernel module
/sbin/insmod tun
# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Startup VPN tunnel in daemon mode
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
(exit editor)
^O ^X
Save and Reboot
chmod +x /opt/etc/init.d/S24openvpn
flashfs save
flashfs commit
flashfs enable
reboot
Trying the VPN tunnel
Execute file client.ovpn in Windows XP (C:\Program Files\OpenVPN\config). A DOS window will appear. Pay attention to message "Initialization Sequence Completed". This message indicates that the VPN connection has been established. (Do not close the DOS window! If you close the DOS window you will close the VPN connection)
To test that everything works as it should try to ping 10.8.0.1 from the client (Windows XP) and to ping 10.8.0.2 from Asus WL-500g. You should get ping responses on both cases. If it is so, everything works!
FINAL NOTES
i)If you are running Windows XP/SP2 don't forget to add a rule in your Windows XP firewall to accept traffic on port 1194.
ii) HowTo: Routing all client traffic through VPN (http://wl500g.info/showthread.php?t=17034) tutorial available