DD-WRT - Router Support
|
This configuration has been tested with DD-WRT K26 svn 14569 mega build (of Brainslayer) on a WRT610Nv1 router.
- Install openvpn using ipkg.
# ipkg-opt update
# ipkg-opt install openvpn
- Dump your vpn configuration file in /opt/etc/openvpn/. Let us assume the name of the configuration file is config.ovpn. You might have to make certain changes in the configuration file such as:
- Setting the name of the user and group in the config file to that which are existing on the router. 'nobody' user and 'nobody' group exist on the system so you can use these. If you intend to use the route-down.sh script (see below), you will have to set these to 'root' user and 'root' group. For route-up.sh script though, it is fine if you use 'nobody' user and 'nobody' group because the downgrade of privileges by openvpn client happens after the route-up.sh script is called.
- Setting the correct paths for key and certificate files in config.ovpn.
- Test if openvpn connection is being established by running the below command.
# /opt/sbin/openvpn --cd /opt/etc/openvpn --config config.ovpn
If the connection is being established properly you may proceed to the next step.
- Set up the scripts for allowing machines behind the dd-wrt router to access machines in the VPN network and for machines in the VPN network to access the dd-wrt router.
/opt/etc/openvpn/route-up.sh:
# Enable clients behind the router to access the machines in VPN network
/usr/sbin/iptables -I POSTROUTING -t nat -o tun0 -j MASQUERADE
# Enable the machines in the VPN network to access the router
/usr/sbin/iptables -I INPUT -t filter -i tun0 -j ACCEPT
/opt/etc/openvpn/route-down.sh:
# Disable clients behind the router to access the machines in VPN network
/usr/sbin/iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
# Disable the machines in the VPN network to access the router
/usr/sbin/iptables -D INPUT -t filter -i tun0 -j ACCEPT
Test the connection again.
# chmod 755 route-up.sh route-down.sh
# /opt/sbin/openvpn --cd /opt/etc/openvpn --config config.ovpn --script-security 2 system \
--route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh
- In this last step, we enable openvpn client to connect automatically during startup. Edit /opt/etc/init.d/S20openvpn and make the following changes:
- Comment the statement "return 0" so that we can keep run openvpn as a daemon.
- Set the proper path for killall command (/usr/bin/killall).
- Add the line "/opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config config.ovpn --script-security 2 system --route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh" at the bottom.
/opt/etc/init.d/S20openvpn:
#!/bin/sh
#
# Startup script for openvpn as standalone server
#
# Make sure IP forwarding is enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
# Make device if not present (not devfs)
if ( [ ! -c /dev/net/tun ] ) then
# Make /dev/net directory if needed
if ( [ ! -d /dev/net ] ) then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
fi
# Make sure the tunnel driver is loaded
if ( !(lsmod | grep -q "^tun") ); then
insmod /opt/lib/modules/tun.o
fi
# I you want a standalone server (not xinetd), comment out the return statement below
#return 0
## This is for standalone servers only!!!!
# Kill old server if still there
if [ -n "`pidof openvpn`" ]; then
/usr/bin/killall openvpn 2>/dev/null
fi
# Start afresh - add as many daemons as you want
#/opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config openvpn.conf
/opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config config.ovpn --script-security 2 \
--route-up /opt/etc/openvpn/route-up.sh --down /opt/etc/openvpn/route-down.sh
# [EOF]
Test the script.
# chmod u+x /opt/etc/init.d/S20openvpn
# /opt/etc/init.d/S20openvpn
- Rebooting the router should now get you connected automatically to your VPN network.
|
 Add to Favourites
 Print this Article
|
Also Read
Powered by WHMCompleteSolution
