[教學]LaFonera flash 做 DD-WRT + OpenVPN Server
事前準備:1. LaFonera 一隻
2. 有NIC的PC一部
3. [url=http://www.gargoyle-router.com/downloads/fon-flash/fon-flash-windows.zip]FonFlash[/url]
4. [url=http://www.dd-wrt.com/site/support/router-database]DD-WRT[/url] (Console image)
================================================
1. 將LaFonera 的Wan port 用Lan線連接PC, router 不需要插電
2. 開啟FonFlash, 介面如下
[attach]9642[/attach]
3. Network Interface選擇連接到router的NIC
4. Firmware Type 選擇DD-WRT
5. 選擇Firmware 所在路徑
6. Click "Flash Router Now!"
7. 把Router 接上電源, 耐心等侯約20分鐘到1小時, 直至出現完成字樣 DD-WRT 轉返做原廠firmware 方法
1. LaFonera 一隻
2. 有NIC的PC一部
3. [url=http://www.gargoyle-router.com/downloads/fon-flash/fon-flash-windows.zip]FonFlash[/url]
4. LaFonera Firmware (請自行 Google) #hehe#
================================================
1. 第1到3步同上
2. LaFonera 2100 請選擇OpenWRT / Gargoyle
其他請選擇Fonera Firmware
3. 第5到7步同上 OpenVPN Server 安裝方法.....
詳細步驟我忘記了 {:5_587:}
請參考 [url=http://www.openvpn.net/index.php/open-source/documentation/howto.htm]openvpn.com[/url] 及 [url=http://www.dd-wrt.com/wiki/index.php/OpenVPN]dd-wrt wiki[/url]
建立cert (for windows)[code]開個command prompt
cd \Program Files\OpenVPN\easy-rsa
執行init-config
edit vars.bat (設定KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL, 並可修改KEY_SIZE)
執行vars
執行clean-all
執行build-ca
執行build-key-server server (建立server cert)
執行build-key client1 (建立client cert, 多client者可重複做)
執行build-dh.bat[/code]完成 OpenVPN Server / Client 設定
Client.ovpn[code]client
dev tap
proto udp
remote (server's WAN IP)
port 443
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert client1.crt
key client1.key
#remote-cert-tls server
ns-cert-type server
comp-lzo
verb 3
route-gateway (server's LAN IP e.g. 192.168.10.1)
redirect-gateway
route-method exe
route-delay 2[/code]=============================================================
OpenVPN's startup script[code]cd /tmp
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo '
# Tunnel options
mode server # Set OpenVPN major mode
proto udp # Setup the protocol (server)
port 443 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name
# IP Address Routing
# push "route 192.168.10.0 255.255.255.0"
# server 192.168.10.0 255.255.255.0
# Above IP addresses need to change to be your own address
# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
ca ca.crt # Certificate authority (CA) file
dh dh2048.pem # File containing Diffie Hellman parameters
cert server.crt # Local peers signed certificate
key server.key # Local peers private key
' > openvpn.conf
echo '
-----BEGIN CERTIFICATE-----
(把ca.crt的內容貼在這裡)
-----END CERTIFICATE-----
' > ca.crt
echo '
-----BEGIN RSA PRIVATE KEY-----
(把server.key的內容貼在這裡)
-----END RSA PRIVATE KEY-----
' > server.key
chmod 600 server.key
echo '
-----BEGIN CERTIFICATE-----
(把server.crt的內容貼在這裡)
-----END CERTIFICATE-----
' > server.crt
echo '
-----BEGIN DH PARAMETERS-----
(把dh*.pem的內容貼在這裡)
-----END DH PARAMETERS-----
' > dh2048.pem
sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config openvpn.conf
[/code]OpenVPN 其他設定
Firewall: Off updated
頁:
[1]