HowTo install OpenVPN server
================================================== =======
NOTES:
I do not take any credit for most of the information herein written. I just collected (copy&paste) most the information and adapted it to be executed under an Asus WL-500g device.
This is a simple setup that has a limited scalability -- one client, one server.
This HowTo is oriented to create a VPN connection between an Asus WL-500g device and a Windows XP client.
ASSUMPTIONS:
i.- firmware: Oleg 1.9.2.7-7b
ii.- root file system on the external USB drive
iii.- telnet/ssh deamon installed and active
iv.- nano editor installed
SOURCES:
i.- http://openvpn.net
ii.- http://www.sprayfly.com/wiki/User_talk:Jonolumb
iii.- This forum
================================================== =======
CONFIGURING THE CLIENT (Windows XP)
Download from http://openvpn.se/download.html openvpn-2.0.7-gui-1.0.3-install.exe which will install both OpenVPN and a Windows GUI. Install everything.
During the installation you will be prompted about authentication of drivers to be installed. You should accept it.
Open "network connections" and rename the connection recently created from "Local Area Connection x" to "tun0" (it should have "TAP-Win32 Adapter V8 (coLinux)" as NIC)
Open a dos-prompt window
C:
cd \Program Files\OpenVPN\config
openvpn --genkey --secret static.key
create a txt file called "client.ovpn" and add the following information:
remote myremote.mydomain
dev tun0
ifconfig 10.8.0.2 10.8.0.1
secret static.key
keepalive 10 60
where myremote.mydomain is the WAN ip address or host name of your Asus WL-500g router.
Install OpenVPN package on WL-500g
ipkg -force-depends install openvpn
Check for message:
Warning: Cannot satisfy the following dependencies for openvpn: kernel-module-tun
But warning can be disregarded, tun is already included in Oleg's firmware.
Create the TUN device node
(users report these two lines below are not necessary any longer. They give error messages. See comment #9)
mkdir /dev/net
mknod /dev/net/tun c 10 200
Load the TUN/TAP kernel module
insmod tun
Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
Configuring VPN Server
cd /opt/etc/openvpn
nano server.conf
(add following lines)
dev tun0
ifconfig 10.8.0.1 10.8.0.2
secret static.key
(exit editor)
^O ^X
Copy via FTP the file static.key from WinXP client folder C:\Program Files\OpenVPN\config to Asus wl500g directory /opt/etc/openvpn
Add firewall rules
cd /usr/local/sbin
nano post-firewall
#!/bin/sh
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
(exit editor)
^O ^X
NOTES:
With WL-500gP eth1 shall be changed to vlan1 and $4 to router's LAN gateway (192.168.1.1)
Start OpenVPN server manually
/sbin/insmod tun
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
If you want to try the OpenVPN server at this point, without making an autostart, you should execute all iptables commands above written by copy&paste them on the Asus wl500g prompt and jump to the next point called "Trying the VPN tunnel".
Autostart
To automatically start the OpenVPN server processes at boot time:
nano /opt/etc/init.d/S24openvpn
#!/bin/sh
if [ -n "`pidof openvpn`" ]; then
/bin/killall openvpn 2>/dev/null
fi
# load TUN/TAP kernel module
/sbin/insmod tun
# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Startup VPN tunnel in daemon mode
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon \
--log-append /var/log/openvpn.log \
--config server.conf
(exit editor)
^O ^X
Save and Reboot
chmod +x /opt/etc/init.d/S24openvpn
flashfs save
flashfs commit
flashfs enable
reboot
Trying the VPN tunnel
Execute file client.ovpn in Windows XP (C:\Program Files\OpenVPN\config). A DOS window will appear. Pay attention to message "Initialization Sequence Completed". This message indicates that the VPN connection has been established. (Do not close the DOS window! If you close the DOS window you will close the VPN connection)
To test that everything works as it should try to ping 10.8.0.1 from the client (Windows XP) and to ping 10.8.0.2 from Asus WL-500g. You should get ping responses on both cases. If it is so, everything works!
FINAL NOTES
i)If you are running Windows XP/SP2 don't forget to add a rule in your Windows XP firewall to accept traffic on port 1194.
ii) HowTo: Routing all client traffic through VPN tutorial available
Sprayfly Guide now complete
Hi there, you quoted http://www.sprayfly.com/wiki/User_talk:Jonolumb
as a source in your OpenVPN guide.
In fact, I was using the talk page to gather together the key elements together for a mainstream guide. This has now been created thanks to 'Propa', another user on my Wiki and can be found at http://www.sprayfly.com/wiki/OpenVPN. The new guide contains step by step instructions and goes into a great depth of detail. However, the talk page now longer contains the content that was referred to (unless you look at previous versions in the history).
Cheers
Jono
Is there a way to use openvpn without mounting flash or disk?
Openvpn along with openssl takes about 5M space.But the wl500g has only about 2M free.That means i have to use USB to mount a free space to use openvpn.Is there anyway to build a VLAN without demanding any other space except for the 2M free space inside.Can freeswan be added into wl500g?
Openvpn Asus wl500g ping problems
Hey,
I set up openvpn according to http://www.sprayfly.com/wiki/OpenVPN. And I am able to connect from a windows client to the router and assigned the ip 10.8.0.6.
But the problem is I can only ping local windows machine 10.8.0.6 not the router 10.8.0.1.
On the router I can ping both 10.8.0.6 and 10.8.0.1.
When the openvpn client is disconnected(10.8.0.6) then I can ping 10.8.0.1 from the client.
All I wanted was to try getting this vpn to work from my lan clients to the local router, and also see other shares on lan clients.
Some help would be much appriciated.:)
LAN 192.168.1.0/24
[VPN client 10.8.0.6]-------------------------------------------------------------------------------[WL500g openvpn router 10.8.0.1]
/Limpo
How to create a vpn server?
Hi:
Is there anyway to create a vpn server on the asus wl-500gp?
Besides openvpn, is there any other package?
Is wl500gp OpenVPN Possible Without USB Drive?
I'm with you. Has anyone come up with a way to work this out?
I have been struggling with this for 14 hours now... I started with this Wiki and tried to modify the directions to only use flash memory. I couldn't do anything with the /opt directory in flash memory due to "Read-only file system" error. So I did:
Quote:
makedir /usr/local/opt
mount /usr/local/opt /opt
While I could get ipkg update and installs to work, I eventually came close to running out of space and everytime I rebooted the mount would disappear even if I put it (I think) in post-boot.
It seems this thread yields some results but only for wl700g users.
Has anyone figured out how to do this on a wl500gp without an external drive? Can anyone suggest anything else to try? I'm not a linux user normally so I'm struggling with some of the concepts.
Any suggestions would be very helpful. Thanks in advance.
Is OpenVPN Possible without HDD?
I'm going on 2 days with this issue, trying to get OpenVPN installed on Oleg's 1.9.2.7-7g firmware on my wl500gP. I don't have any USB device connected to and would like to know where I can install packages. I started with this Wiki (http://sprayfly.com/wiki/OpenVPN) and tried to modify the directions to only use flash memory. I couldn't do anything with the /opt directory in flash memory due to "Read-only file system" error. So I tried using a different path:
Quote:
Quote:
makedir /usr/local/opt
mount /usr/local/opt /opt
I got ipkg update and installs to work, but I came close to maxing out memory and everytime I rebooted the mount would disappear even if I put it (I think) in post-boot.
This thread (http://wl500g.info/showthread.php?t=...hlight=openvpn) has some answers but only for wl700g users.
Has anyone figured out how to do this on a wl500gp without an external drive? Can anyone suggest anything else to try? I'm not a linux user normally so I'm struggling with some of the concepts.
Any suggestions would be very helpful. Thanks in advance.