標題:
[教學]LaFonera flash 做 DD-WRT + OpenVPN Server
[打印本頁]
作者:
nissin
時間:
2010-10-13 15:26
標題:
[教學]LaFonera flash 做 DD-WRT + OpenVPN Server
事前準備:
1. LaFonera 一隻
2. 有NIC的PC一部
3.
FonFlash
4.
DD-WRT
(Console image)
================================================
1. 將LaFonera 的Wan port 用Lan線連接PC, router 不需要插電
2. 開啟FonFlash, 介面如下
[attach]9642[/attach]
3. Network Interface選擇連接到router的NIC
4. Firmware Type 選擇DD-WRT
5. 選擇Firmware 所在路徑
6. Click "Flash Router Now!"
7. 把Router 接上電源, 耐心等侯約20分鐘到1小時, 直至出現完成字樣
作者:
nissin
時間:
2010-10-13 15:31
DD-WRT 轉返做原廠firmware 方法
1. LaFonera 一隻
2. 有NIC的PC一部
3.
FonFlash
4. LaFonera Firmware (請自行 Google)
================================================
1. 第1到3步同上
2. LaFonera 2100 請選擇OpenWRT / Gargoyle
其他請選擇Fonera Firmware
3. 第5到7步同上
作者:
nissin
時間:
2010-10-13 15:58
OpenVPN Server 安裝方法.....
詳細步驟我忘記了
請參考
openvpn.com
及
dd-wrt wiki
建立cert (for windows)
開個command prompt
cd \Program Files\OpenVPN\easy-rsa
執行init-config
edit vars.bat (設定KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL, 並可修改KEY_SIZE)
執行vars
執行clean-all
執行build-ca
執行build-key-server server (建立server cert)
執行build-key client1 (建立client cert, 多client者可重複做)
執行build-dh.bat
複製代碼
完成
作者:
nissin
時間:
2010-10-13 17:00
OpenVPN Server / Client 設定
Client.ovpn
client
dev tap
proto udp
remote (server's WAN IP)
port 443
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert client1.crt
key client1.key
#remote-cert-tls server
ns-cert-type server
comp-lzo
verb 3
route-gateway (server's LAN IP e.g. 192.168.10.1)
redirect-gateway
route-method exe
route-delay 2
複製代碼
=============================================================
OpenVPN's startup script
cd /tmp
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo '
# Tunnel options
mode server # Set OpenVPN major mode
proto udp # Setup the protocol (server)
port 443 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name
# IP Address Routing
# push "route 192.168.10.0 255.255.255.0"
# server 192.168.10.0 255.255.255.0
# Above IP addresses need to change to be your own address
# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
ca ca.crt # Certificate authority (CA) file
dh dh2048.pem # File containing Diffie Hellman parameters
cert server.crt # Local peers signed certificate
key server.key # Local peers private key
' > openvpn.conf
echo '
-----BEGIN CERTIFICATE-----
(把ca.crt的內容貼在這裡)
-----END CERTIFICATE-----
' > ca.crt
echo '
-----BEGIN RSA PRIVATE KEY-----
(把server.key的內容貼在這裡)
-----END RSA PRIVATE KEY-----
' > server.key
chmod 600 server.key
echo '
-----BEGIN CERTIFICATE-----
(把server.crt的內容貼在這裡)
-----END CERTIFICATE-----
' > server.crt
echo '
-----BEGIN DH PARAMETERS-----
(把dh*.pem的內容貼在這裡)
-----END DH PARAMETERS-----
' > dh2048.pem
sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config openvpn.conf
複製代碼
OpenVPN 其他設定
Firewall: Off
作者:
nissin
時間:
2010-10-18 15:12
updated
歡迎光臨 PC Infinity (http://pcinhk.com/discuz/)
Powered by Discuz! 7.0.0
