1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Additional VPN tabs (server & client) on Victek/Teddy_bear module

Discussion in 'Tomato Firmware' started by rs232, Dec 8, 2010.

  1. rs232

    rs232 Network Guru Member

    Well, the title say it already...
    I was wondering how difficult would it be to modify the VPN config (I use Victek on RT-N16 but whatever module really) to specify how many server/client tabs to enable. By default these are only 2 servers and 2 clients.
    I appreciate that on old routers NVRAM was an issue but nowadays with better performing devices and cifs/USB storage available storing certificates is not an issue any more, is it?

    I do run a 3rd server already (see below) but had to do everything with the WANUP scripts which does the job but it's not smart, especially when you need to change options.

    FYI this is my WANUP script:

    Code:
    mkdir /tmp/etc/openvpn/fw
    cd /tmp/etc/openvpn/fw
    echo "/usr/sbin/iptables -t nat -I PREROUTING -p udp --dport 1195 -j ACCEPT
    /usr/sbin/iptables -I INPUT -p udp --dport 1195 -j ACCEPT
    /usr/sbin/iptables -I INPUT -i tun23 -j ACCEPT
    /usr/sbin/iptables -I FORWARD -i tun23 -j ACCEPT" > server3-fw.sh
    chmod 777 server3-fw.sh
    ./server3-fw.sh
    
    mkdir /tmp/etc/openvpn/server3/
    cd /tmp/etc/openvpn
    ln -s /usr/sbin/openvpn vpnserver3
    cd /tmp/etc/openvpn/server3
    echo "daemon 
    ifconfig 1.1.1.1 1.1.1.2
    proto udp
    port 1195
    dev tun23
    cipher AES-128-CBC
    keepalive 15 60
    verb 3
    secret static.key
    status-version 2
    status status
    script-security 2
    route 1.1.1.1 255.255.255.0
    fast-io
    persist-tun" > /tmp/etc/openvpn/server3/config.ovpn
    chmod 777 /tmp/etc/openvpn/server3/config.ovpn
    
    sleep 10
    
    cp /etc/openvpn/server1/static.key /etc/openvpn/server3/  ##I use the same key as per server1 here
    /etc/openvpn/vpnserver3 --cd /etc/openvpn/server3 --config config.ovpn
    

    Any comment?

    Regards
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The VPN GUI backend is designed to handle an arbitrary number of clients/servers. I think all that would need to be done is changes a few lines in the frontend (add new variables to the nvram line, add another item to the tab list, and add a vpn3up variable like the others) and set the default values for the new nvram variables in nvram/defaults.c.

    One would have to be careful to not use the certificate fields in the GUI, though, since that still uses NVRAM. You'd need to create your certificates manually and put directives in your custom config that points to them.
     
  3. rs232

    rs232 Network Guru Member

    Is this something somebody is planning to do (additional tabs)?

    Also:

    Would it be difficult to just add an option to save the vpn config into e.g. cifs/USB?
    Optionally/alternatively a check on the nvram available (nvram show does the job nicely) if used would also do.

    Is there any plan to update to the latest openvpn?


    Regards
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Not that I'm aware of (I won't be doing it in TomatoVPN, but I can't speak for any of the mods that include it).

    Also:

    It would be non-trivial, but not impossible. However, it seems it would be pretty easy to just do it as I suggested before to have the certs in non-NVRAM storage.

    Yep
     

Share This Page