1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MY Openvpn lab

Discussion in 'Tomato Firmware' started by hsyah, Feb 12, 2009.

  1. hsyah

    hsyah Addicted to LI Member

    HARDWARE

    ASUS 500GP V2 32MB RAM 8MB FLASH

    SOFTWARE

    tomato-ND-USB-v19-VPN-v2.0005.trx [no samba]

    http://www.linksysinfo.org/forums/showthread.php?t=60185

    Experimental (Unstable)

    tomato edit

    http://www.badongo.com/cn/file/13353062

    open vpn gui
    http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe

    OpenVPN Windows HowTo

    http://www.runpcrun.com/howtoopenvpn


    1 download tomato-ND-USB-v19-VPN-v2.0005.trx


    2 tomato_edit

    UnpackTomato.exe tomato-ND-USB-v19-VPN-v2.0005.trx


    3 add openvpn server files

    ca.crt server.key server.crt dh1024.pem

    4 tomato_edit

    PackTomato.exe tomato-ND-USB-v19-VPN-v2.0005.trx ndvpn.bin


    5 upload ndvpn.bin to ASUS 500GP V2



    6 SETUP tomato

    http://192.168.222.254

    init

    insmod /lib/modules/2.4.20/kernel/drivers/net/tun.o
    cp /usr/sbin/ca.crt /tmp
    cp /usr/sbin/server.key /tmp
    cp /usr/sbin/server.crt /tmp
    cp /usr/sbin/dh1024.pem /tmp


    firewall


    iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
    iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 1000 -j ACCEPT
    iptables -I INPUT 1 -p tcp --dport 1000 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 800 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 900 -j ACCEPT
    iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
    iptables -I INPUT 2 -p udp --dport 2100 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    iptables -I INPUT 3 -i tun0 -p icmp -j ACCEPT
    iptables -I INPUT 3 -i tap0 -p icmp -j ACCEPT
    iptables -I INPUT 3 -i tap1 -p icmp -j ACCEPT


    Wan

    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn

    #!/bin/sh
    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up

    openvpn --mktun --dev tap1
    brctl addif br0 tap1
    ifconfig tap1 0.0.0.0 promisc up

    openvpn --mktun --dev tap2
    brctl addif br0 tap2
    ifconfig tap2 0.0.0.0 promisc up



    echo "
    # Tunnel options
    mode server
    proto udp
    port 800
    dev tap0
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    # OpenVPN server mode options
    client-to-client
    duplicate-cn
    # TLS Mode Options
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn.conf


    echo "
    # Tunnel options
    mode server
    proto udp
    port 2100
    dev tap1
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    # OpenVPN server mode options
    client-to-client
    duplicate-cn
    # TLS Mode Options
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn1.conf



    # Config for Site-to-Site SiteA-SiteB
    echo "
    proto udp
    port 2000
    dev tun0
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    " > SiteA-SiteB.conf


    # Config for Static Key
    #
    # 2048 bit OpenVPN static key
    #
    echo "
    -----BEGIN OpenVPN Static key V1-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END OpenVPN Static key V1-----
    " > static.key
    #
    #
    # 2048 bit OpenVPN static key
    #
    echo "
    -----BEGIN OpenVPN Static key V1-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END OpenVPN Static key V1-----
    " > static1.key

    # Create interfaces
    /tmp/myvpn --mktun --dev tun0
    ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up

    # Create routes
    route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.2

    sleep 5
    /tmp/myvpn --config openvpn.conf

    sleep 5
    /tmp/myvpn --config openvpn1.conf

    # Initiate the tunnel
    sleep 5
    /tmp/myvpn --config SiteA-SiteB.conf
    sleep 5
    /tmp/myvpn --dev tap2 --secret /tmp/static1.key --comp-lzo --port 1000 --cipher BF-CBC --proto udp --keepalive 10 60 --verb 3

    --daemon




    http://192.168.2.254


    init

    insmod /lib/modules/2.4.20/kernel/drivers/net/tun.o
    cp /usr/sbin/ca.crt /tmp
    cp /usr/sbin/server.key /tmp
    cp /usr/sbin/server.crt /tmp
    cp /usr/sbin/dh1024.pem /tmp


    firewall


    iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
    iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 1000 -j ACCEPT
    iptables -I INPUT 1 -p tcp --dport 1000 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 800 -j ACCEPT
    iptables -I INPUT 1 -p udp --dport 900 -j ACCEPT
    iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
    iptables -I INPUT 2 -p udp --dport 2100 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    iptables -I INPUT 3 -i tun0 -p icmp -j ACCEPT
    iptables -I INPUT 3 -i tap0 -p icmp -j ACCEPT
    iptables -I INPUT 3 -i tap1 -p icmp -j ACCEPT


    Wan

    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn

    #!/bin/sh
    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up

    openvpn --mktun --dev tap1
    brctl addif br0 tap1
    ifconfig tap1 0.0.0.0 promisc up

    openvpn --mktun --dev tap2
    brctl addif br0 tap2
    ifconfig tap2 0.0.0.0 promisc up



    echo "
    # Tunnel options
    mode server
    proto udp
    port 800
    dev tap0
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    # OpenVPN server mode options
    client-to-client
    duplicate-cn
    # TLS Mode Options
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn.conf


    echo "
    # Tunnel options
    mode server
    proto udp
    port 2100
    dev tap1
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    # OpenVPN server mode options
    client-to-client
    duplicate-cn
    # TLS Mode Options
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn1.conf



    # Config for Site-to-Site SiteA-SiteB
    echo "
    remote x.x.x.x
    proto udp
    port 2000

    dev tun0
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    " > SiteA-SiteB.conf


    # Config for Static Key
    #
    # 2048 bit OpenVPN static key
    #
    echo "
    -----BEGIN OpenVPN Static key V1-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END OpenVPN Static key V1-----
    " > static.key
    #
    #
    # 2048 bit OpenVPN static key
    #
    echo "
    -----BEGIN OpenVPN Static key V1-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END OpenVPN Static key V1-----
    " > static1.key

    # Create interfaces
    /tmp/myvpn --mktun --dev tun0
    ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up

    # Create routes
    route add -net 192.168.222.0 netmask 255.255.255.0 gw 10.0.0.1

    sleep 5
    /tmp/myvpn --config openvpn.conf

    sleep 5
    /tmp/myvpn --config openvpn1.conf

    # Initiate the tunnel
    sleep 5
    /tmp/myvpn --config SiteA-SiteB.conf
    sleep 5
    /tmp/myvpn --dev tap2 --secret /tmp/static1.key --comp-lzo --port 1000 --cipher BF-CBC --proto udp --keepalive 10 60 --verb 3

    --daemon

    [​IMG]
     

Share This Page