OpenVPN Remote Access by Static Key (The Simple Way)
From DD-WRT Wiki
(Difference between revisions)
Revision as of 02:05, 9 January 2014 (edit) JNavas (Talk | contribs) (→OpenVPN Server Commands - improve) ← Previous diff |
Revision as of 09:30, 31 May 2014 (edit) (undo) Glenn (Talk | contribs) (+ Category:Tunneling) Next diff → |
||
Line 70: | Line 70: | ||
== Troubleshooting == | == Troubleshooting == | ||
+ | |||
+ | [[Category:Tunneling]] |
Revision as of 09:30, 31 May 2014
WORK-IN-PROGRESS DRAFT ***** WORK-IN-PROGRESS DRAFT ***** WORK-IN-PROGRESS DRAFT
This is a simple VPN recipe for remote access to a private LAN behind a wireless router running DD-WRT.
Contents |
Introduction
OpenVPN has much to recommend it, but setup can be complicated and tricky, and much of the available documentation isn't terribly helpful to non-experts.
Static Key
Tunnel
IP Addressing
To avoid IP address conflicts:
- the private LAN IP subnet
- the VPN subnet
- the remote LAN subnet
must all be different from each other.
The problem in this context is that you probably won't have control over the remote LAN subnet, so you must choose subnets for the private LAN and the VPN that are unlikely to conflict. This example uses:
- 192.168.111.0 for the private LAN
- 192.168.112.0 for the VPN
OpenVPN in DD-WRT
Static IP or Dynamic DNS
Generating the Static Key
OpenVPN Server Commands
cat <<EOF >/tmp/openvpn.$$.tmp dev tun ifconfig 192.168.112.1 192.168.112.2 comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key daemon <secret> -----BEGIN OpenVPN Static key V1----- ... -----END OpenVPN Static key V1----- </secret> EOF openvpn /tmp/openvpn.$$.tmp
Firewall Commands
iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -I INPUT -i tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT
OpenVPN Client Configuration
remote nnn.nnn.nnn.nnn dev tun ifconfig 192.168.112.2 192.168.112.1 route 192.168.111.0 255.255.255.0 secret secret.key comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key