NSLU2-Linux
view · edit · print · history

OpenSlug.OpenVPNTapMode History

Hide minor edits - Show changes to markup

March 19, 2008, at 04:50 AM by Lajasha --
Added lines 93-94:

server.conf

Deleted line 95:

server.conf

Added line 118:
March 19, 2008, at 04:49 AM by Lajasha --
Added line 13:
 # ipkg install bridge-utils
Added line 22:
 # echo 1 > /proc/sys/net/ipv4/ip_forward
Added line 33:
 # echo 1 > /proc/sys/net/ipv4/ip_forward
Added lines 136-206:

(:table border=0 width=100% bgcolor=#eeffee:) Bridge-Startup Script "/etc/openvpn/bridge-scripts/bridge-start" (:cell:)

 
#!/bin/sh

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.1.77"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
eth_default_gateway="192.168.1.99"

for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw $eth_default_gateway

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) VPN Startup Script "/etc/openvpn/startup" (:cell:)

 
#!/bin/sh

if [ -n "`pidof openvpn`" ]; then
  /bin/killall openvpn 2>/dev/null
fi

# load TUN/TAP kernel module
/sbin/modprobe tun
/sbin/modprobe bridge

# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Startup VPN tunnel in daemon mode
/etc/openvpn/bridge-scripts/./bridge-start
/etc/init.d/openvpn start

(:tableend:)

March 19, 2008, at 04:39 AM by Lajasha --
Changed lines 126-127 from:

cert "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.crt" key "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.key"

to:

cert "C:\\Program Files\\OpenVPN?\\config\\client1.crt" key "C:\\Program Files\\OpenVPN?\\config\\client1.key"

March 19, 2008, at 04:39 AM by Lajasha --
Changed lines 93-118 from:
  port 1194
  proto udp
  dev tap0
  ca /etc/openvpn/easy-rsa/keys/server/ca.crt
  cert /etc/openvpn/easy-rsa/keys/server/server.crt
  key /etc/openvpn/easy-rsa/keys/server/server.key
  dh /etc/openvpn/easy-rsa/keys/server/dh1024.pem
  ifconfig-pool-persist /etc/openvpn/ipp.txt
  server-bridge 192.168.1.77 255.255.255.0 192.168.1.250 192.168.1.254
  push "dhcp-option WINS 192.168.1.77"
  keepalive 10 120
  comp-lzo
  user nobody
  group nobody
  persist-key
  persist-tun
  status openvpn-status.log
  verb 3

=] (:tableend:) (:table border=0 width=100% bgcolor=#eeffee:) client.conf (*.ovpn) (:cell:)

 [=

client dev tap

to:

port 1194

Changed lines 95-97 from:

remote YOUR-SERVER-NAME-HERE 1194 resolv-retry infinite nobind

to:

dev tap0 ca /etc/openvpn/easy-rsa/keys/server/ca.crt cert /etc/openvpn/easy-rsa/keys/server/server.crt key /etc/openvpn/easy-rsa/keys/server/server.key dh /etc/openvpn/easy-rsa/keys/server/dh1024.pem ifconfig-pool-persist /etc/openvpn/ipp.txt server-bridge 192.168.1.77 255.255.255.0 192.168.1.250 192.168.1.254 push "dhcp-option WINS 192.168.1.77" keepalive 10 120 comp-lzo user nobody group nobody

Changed lines 109-112 from:

ca "C:\\Program Files\\OpenVPN?\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.crt" key "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.key" comp-lzo

to:

status openvpn-status.log

Added lines 113-130:

(:table border=0 width=100% bgcolor=#eeffee:) client.conf (*.ovpn) (:cell:)

 
client
dev tap
proto udp
remote YOUR-SERVER-NAME-HERE 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\JAH-NOTEBOOK.crt"
key "C:\\Program Files\\OpenVPN\\config\\JAH-NOTEBOOK.key"
comp-lzo
verb 3

Added line 132:

(:tableend:)

March 19, 2008, at 04:38 AM by Lajasha --
Changed line 92 from:

[=

to:
 [=
Changed line 116 from:

[=

to:
 [=
March 19, 2008, at 04:37 AM by Lajasha --
Added lines 114-116:

client.conf (*.ovpn) (:cell:) [=

Added line 130:

=]

March 19, 2008, at 04:36 AM by Lajasha --
Added lines 87-128:

(:table border=0 width=100% bgcolor=#eeffee:) Create Config Files (:table border=0 width=100% bgcolor=#eeffee:) (:cell:) server.conf port 1194 proto udp dev tap0 ca /etc/openvpn/easy-rsa/keys/server/ca.crt cert /etc/openvpn/easy-rsa/keys/server/server.crt key /etc/openvpn/easy-rsa/keys/server/server.key dh /etc/openvpn/easy-rsa/keys/server/dh1024.pem ifconfig-pool-persist /etc/openvpn/ipp.txt server-bridge 192.168.1.77 255.255.255.0 192.168.1.250 192.168.1.254 push "dhcp-option WINS 192.168.1.77" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 (:tableend:) (:table border=0 width=100% bgcolor=#eeffee:) client dev tap proto udp remote YOUR-SERVER-NAME-HERE 1194 resolv-retry infinite nobind persist-key persist-tun ca "C:\\Program Files\\OpenVPN?\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.crt" key "C:\\Program Files\\OpenVPN?\\config\\JAH-NOTEBOOK.key" comp-lzo verb 3 (:tableend:) (:tableend:)

March 19, 2008, at 04:23 AM by Lajasha --
Changed line 63 from:
 **Note** You will need at least two very strong keys and one more for when you want to connect to the VPN. I recommend using https://www.grc.com/passwords.htm
to:
 **Note** You will need at least two very strong keys and one more for when you want to connect to the VPN. I recommend using https://www.grc.com/passwords.htm to get some sick passwords.
March 19, 2008, at 04:21 AM by Lajasha --
Deleted line 51:
March 19, 2008, at 04:20 AM by Lajasha --
Changed lines 5-8 from:

We will be setting up OpenVPN in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

to:

We will be setting up OpenVPN in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

Changed lines 64-66 from:
 **Note** You will need at least two very strong keys and one more for when you want to

connect to the VPN. I recommend using https://www.grc.com/passwords.htm

to:
 **Note** You will need at least two very strong keys and one more for when you want to connect to the VPN. I recommend using https://www.grc.com/passwords.htm
March 19, 2008, at 04:18 AM by Lajasha --
Deleted line 3:
Added line 11:

(:table border=0 width=100% bgcolor=#eeffee:)

Deleted line 12:

(:table border=0 width=100% bgcolor=#eeffee:)

Deleted line 21:
Changed lines 28-30 from:
to:

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:)

Deleted line 31:
Added line 40:

(:table border=0 width=100% bgcolor=#eeffee:)

Deleted line 41:

(:table border=0 width=100% bgcolor=#eeffee:)

March 19, 2008, at 04:17 AM by Lajasha --
Added line 21:

(:table border=0 width=100% bgcolor=#eeffee:)

Changed line 23 from:

(:table border=0 width=100% bgcolor=#eeffee:)

to:
Changed lines 30-31 from:

(:tableend:)

to:
Changed line 32 from:

(:table border=0 width=100% bgcolor=#eeffee:)

to:
Added line 53:

(:table border=0 width=100% bgcolor=#eeffee:)

Changed line 56 from:

(:table border=0 width=100% bgcolor=#eeffee:)

to:
Added line 66:

(:table border=0 width=100% bgcolor=#eeffee:)

Changed line 70 from:

(:table border=0 width=100% bgcolor=#eeffee:)

to:
March 19, 2008, at 04:15 AM by Lajasha --
Added line 5:

(:table border=0 width=100% bgcolor=#eeffee:)

Deleted line 6:
Changed lines 10-11 from:
to:

(:tableend:)

March 19, 2008, at 04:14 AM by Lajasha --
Changed lines 5-6 from:

We will be setting up OpenVPN in Tap Mode which will allow us to establish<br>

to:

We will be setting up OpenVPN in Tap Mode which will allow us to establish

March 19, 2008, at 04:14 AM by Lajasha --
Changed line 5 from:

We will be setting up OpenVPN in Tap Mode which will allow us to establish

to:

We will be setting up OpenVPN in Tap Mode which will allow us to establish<br>

March 19, 2008, at 04:13 AM by Lajasha --
Changed lines 5-7 from:

We will be setting up OpenVPN in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

to:

We will be setting up OpenVPN in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

Changed lines 65-66 from:
 **Note** You will need at least two very strong keys and one more for when you want to connect to the VPN. I recommend using https://www.grc.com/passwords.htm
to:
 **Note** You will need at least two very strong keys and one more for when you want to

connect to the VPN. I recommend using https://www.grc.com/passwords.htm

March 19, 2008, at 04:12 AM by Lajasha --
Changed lines 49-50 from:

Download Generation Software

 **NOTE** Find Latest Version http://openvpn.net/index.php/downloads.html
to:

Download Generation Tools

 **Note** Find Latest Version http://openvpn.net/index.php/downloads.html
Added lines 58-65:

=] (:tableend:)

Create Keys

 **Note** You will need at least two very strong keys and one more for when you want to connect to the VPN. I recommend using https://www.grc.com/passwords.htm

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 [=
Deleted line 86:
March 19, 2008, at 03:57 AM by Lajasha --
Changed lines 50-51 from:
  • Note** You may need to copy the bridge module to the correct folder
  • NOTE** Find Latest Version http://openvpn.net/index.php/downloads.html
to:
 **NOTE** Find Latest Version http://openvpn.net/index.php/downloads.html
March 19, 2008, at 03:56 AM by Lajasha --
Added lines 50-51:
  • Note** You may need to copy the bridge module to the correct folder
  • NOTE** Find Latest Version http://openvpn.net/index.php/downloads.html
March 19, 2008, at 03:55 AM by Lajasha --
Deleted line 75:
  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html
March 19, 2008, at 03:55 AM by Lajasha --
Added line 76:
  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html
Changed lines 78-79 from:
  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html
to:
March 19, 2008, at 03:54 AM by Lajasha --
Changed line 76 from:
to:

(:tableend:)

Deleted line 77:

(:tableend:)

March 19, 2008, at 03:53 AM by Lajasha --
Added lines 53-74:
 # cd ~
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
 # mkdir OpenVPN?_sandbox
 # tar -zxvf openvpn-2.0.9.tar.gz -C OpenVPN?_sandbox
 # cd OpenVPN?_sandbox/openvpn-2.0.9/easy-rsa/2.0
 # . ./vars
 # . ./clean-all
 # . ./build-ca
 # . ./build-key-server server
 # . ./build-key-pass client1
 # . ./build-dh
 # cd keys
 # mkdir server
 # mkdir clients
 # cp ca.crt server
 # cp ca.crt clients
 # cp ca.key server
 # cp dh1024.pem server
 # cp server.crt server
 # cp server.key server
 # cp client1.crt clients
 # cp client1.key clients
Changed lines 76-77 from:

(:tableend:)

  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html
to:
  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html

(:tableend:)

March 19, 2008, at 03:53 AM by Lajasha --
Deleted lines 52-73:
 # cd ~
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
 # mkdir OpenVPN?_sandbox
 # tar -zxvf openvpn-2.0.9.tar.gz -C OpenVPN?_sandbox
 # cd OpenVPN?_sandbox/openvpn-2.0.9/easy-rsa/2.0
 # . ./vars
 # . ./clean-all
 # . ./build-ca
 # . ./build-key-server server
 # . ./build-key-pass client1
 # . ./build-dh
 # cd keys
 # mkdir server
 # mkdir clients
 # cp ca.crt server
 # cp ca.crt clients
 # cp ca.key server
 # cp dh1024.pem server
 # cp server.crt server
 # cp server.key server
 # cp client1.crt clients
 # cp client1.key clients
March 19, 2008, at 03:52 AM by Lajasha --
Changed line 49 from:

I) Download Generation Software

to:

Download Generation Software

March 19, 2008, at 03:51 AM by Lajasha --
Changed lines 49-50 from:
  1) Download Generation Software
  (:table border=0 width=100% bgcolor=#eeffee:)
to:

I) Download Generation Software (:table border=0 width=100% bgcolor=#eeffee:)

Changed lines 54-74 from:
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz    *Find Latest Version http://openvpn.net/index.php/downloads.html
to:
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
 # mkdir OpenVPN?_sandbox
 # tar -zxvf openvpn-2.0.9.tar.gz -C OpenVPN?_sandbox
 # cd OpenVPN?_sandbox/openvpn-2.0.9/easy-rsa/2.0
 # . ./vars
 # . ./clean-all
 # . ./build-ca
 # . ./build-key-server server
 # . ./build-key-pass client1
 # . ./build-dh
 # cd keys
 # mkdir server
 # mkdir clients
 # cp ca.crt server
 # cp ca.crt clients
 # cp ca.key server
 # cp dh1024.pem server
 # cp server.crt server
 # cp server.key server
 # cp client1.crt clients
 # cp client1.key clients
Changed lines 77-108 from:
  1. !/bin/sh

OPENVPN_DIR="/etc/openvpn"

cd $OPENVPN_DIR/easy-rsa/2.0 echo "Setting up vars"

  1. . ./vars

echo "Cleaning"

  1. . ./clean-all

echo "Building CA"

  1. . ./build-ca

echo "Building Server Cert"

  1. . ./build-key-server server

echo "Building Client Cert"

  1. . ./build-key-pass JAH-NOTEBOOK

echo "Building Diffie Hellman"

  1. . ./build-dh

echo "Copying Files"

cd keys mkdir server mkdir clients cp ca.crt server cp ca.crt clients cp ca.key server cp dh1024.pem server cp server.crt server cp server.key server cp JAH-NOTEBOOK.crt clients cp JAH-NOTEBOOK.key clients

to:
  • Note** Find Latest Version http://openvpn.net/index.php/downloads.html
March 19, 2008, at 03:42 AM by Lajasha --
Changed line 37 from:

Install OpenVPN? and Friends

to:

Install OpenVPN and Friends

Changed line 54 from:
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz * Find Latest Version [http://openvpn.net/index.php/downloads.html]
to:
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz    *Find Latest Version http://openvpn.net/index.php/downloads.html
March 19, 2008, at 03:42 AM by Lajasha --
Changed lines 35-88 from:

(:tableend:)

to:

(:tableend:)

Install OpenVPN? and Friends (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
 # ipkg install openssl
 # ipkg install liblzo1
 # ipkg install openvpn

(:tableend:)

Generating Certificates

  1) Download Generation Software
  (:table border=0 width=100% bgcolor=#eeffee:)

(:cell:)

 
 # cd ~
 # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz * Find Latest Version [http://openvpn.net/index.php/downloads.html]

(:tableend:)

  1. !/bin/sh

OPENVPN_DIR="/etc/openvpn"

cd $OPENVPN_DIR/easy-rsa/2.0 echo "Setting up vars"

  1. . ./vars

echo "Cleaning"

  1. . ./clean-all

echo "Building CA"

  1. . ./build-ca

echo "Building Server Cert"

  1. . ./build-key-server server

echo "Building Client Cert"

  1. . ./build-key-pass JAH-NOTEBOOK

echo "Building Diffie Hellman"

  1. . ./build-dh

echo "Copying Files"

cd keys mkdir server mkdir clients cp ca.crt server cp ca.crt clients cp ca.key server cp dh1024.pem server cp server.crt server cp server.key server cp JAH-NOTEBOOK.crt clients cp JAH-NOTEBOOK.key clients

March 19, 2008, at 03:30 AM by Lajasha --
Added lines 16-35:

Load Kernel Modules (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
 # update-modules
 # modprobe bridge
 # modprobe tun

(:tableend:)

 **Note** You may need to copy the bridge module to the correct folder

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
 # cp /lib/modules/2.6.21.7/kernel/net/bridge/bridge.ko /lib/modules/2.6.21.7/kernel/drivers/net/
 # update-modules
 # modprobe bridge

(:tableend:)

March 19, 2008, at 03:25 AM by Lajasha --
Added lines 7-15:

Install Kernel Modules (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
 # ipkg install kernel-module-bridge
 # ipkg install kernel-module-tun

(:tableend:)

March 19, 2008, at 03:23 AM by Lajasha --
Changed lines 5-6 from:

We will be setting up OpenVPN? in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

to:

We will be setting up OpenVPN in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

March 19, 2008, at 03:22 AM by Lajasha --
Changed lines 1-6 from:

OpenVPN Tap Mode

to:

OpenVPN Tap Mode

Preface: This was done using 4.8 Beta SlugOS/BE, Kernel 2.6.21.7

We will be setting up OpenVPN? in Tap Mode which will allow us to establish a virtual Ethernet connection. This comes in very hand when you have windows/samba shares to get to and if you also want to get to other boxes on the network.

March 19, 2008, at 03:16 AM by Lajasha -- OpenVPN Tap Creation
Added line 1:

OpenVPN Tap Mode

view · edit · print · history · Last edited by Lajasha.
Originally by Lajasha.
Page last modified on March 19, 2008, at 04:50 AM