Hy!
I have an Asus RT-AC51U router and i have OpenWRT on it! Putting OpenWRT on this router is explained very good on the page dedicated to it on openWRT site. I used windows method.
Now, why not installing a private VPN? Maybe you are abroad and want access to your internal network or want to watch your netflix series or other tv stations/programs who cannot stream abroad because DRM and copyright things...
Installing openvpn is explained here very good. All you have to do is ssh into your router and literally write down every line in the tutorial followed by enter key. The single thing that didn't work very well for me was the firewall thing. In that case i followed the tutorial HERE (network/firewall section of the tutorial). After that, follow along the firs tutorial issuing terminal commands like they are written, till the end.
An observation: i generated 4 key for clients, as maybe i will gave one or two to somebody in the family. I used tcp protocol instead of udp.
Of course, after that you need to ftp into your router and edit manually some files to better link/fit to your needs and correct some errors who might have appear.
i modified
/etc/openvpn/server.conf ("server" is the name i gave to my server, really original :) )
/etc/openvpn/client.ovpn
examples of "server.conf" and "client.ovpn" are provided here. keys and certificates are deleted form examples.
for "server.conf".
user nobody
group nogroup
dev tun0
port 1194
proto tcp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option 8.8.8.8 "
push "route 192.168.1.0 255.255.255.0"
# these 2 lines are for when you want to "see" the internal network behind the router and #use samba or ftp with your home station
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
#tls-auth /etc/easy-rsa/pki/ta.pem 0 this is old and incompatible with the new tls auth
mssfix 1305
ifconfig-pool-persist /tmp/ipp.txt
<dh>
-----BEGIN DH PARAMETERS-----
..................
-----END DH PARAMETERS-----
</dh>
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 server key-----
..................
-----END OpenVPN tls-crypt-v2 server key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
...............
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----.
........................
-----END CERTIFICATE-----
</ca>
the corespondent client.ovpn for the file above is:
(keys and certificates are deleted form example here)
user nobody
group nogroup
dev tun0
nobind
client
proto tcp
remote put your ddns/IP address or your domain here 1194
auth-nocache
persist-key
persist-tun
ns-cert-tls server
remote-cert-tls server
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
..........................
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----
.......................
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
.......................
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
................
-----END CERTIFICATE-----
</ca>
a screenshot of my firewall:
openwrt and openvpn firewall |
a screenshot of interfaces (note, i didn't delete ip's and things, i don't care as i have everyday another ip address)
openwrt with openvpn interfaces |
and thats it! Restart your router and enjoy your private VPN! :)
p.s.: do not forget to assign your VPN0 interface to vpn firewall zone (after you create VPN0 unmanaged interface additional settings will apear, among them is assign to firewall zone).
No comments:
Post a Comment