[教學]LaFonera flash 做 DD-WRT + OpenVPN Server

事前準備:
1. LaFonera 一隻
2. 有NIC的PC一部
3. FonFlash
4. DD-WRT (Console image)

================================================
1. 將LaFonera 的Wan port 用Lan線連接PC, router 不需要插電
2. 開啟FonFlash, 介面如下

3. Network Interface選擇連接到router的NIC
4. Firmware Type 選擇DD-WRT
5. 選擇Firmware 所在路徑
6. Click "Flash Router Now!"
7. 把Router 接上電源, 耐心等侯約20分鐘到1小時, 直至出現完成字樣
附件: 您所在的用戶組無法下載或查看附件





DD-WRT 轉返做原廠firmware 方法
1. LaFonera 一隻
2. 有NIC的PC一部
3. FonFlash
4. LaFonera Firmware (請自行 Google)

================================================
1. 第1到3步同上
2. LaFonera 2100 請選擇OpenWRT / Gargoyle
    其他請選擇Fonera Firmware
3. 第5到7步同上





OpenVPN Server 安裝方法.....
詳細步驟我忘記了

請參考 openvpn.comdd-wrt wiki

建立cert (for windows)
  1. 開個command prompt
  2. cd \Program Files\OpenVPN\easy-rsa
  3. 執行init-config
  4. edit vars.bat (設定KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL, 並可修改KEY_SIZE)
  5. 執行vars
  6. 執行clean-all
  7. 執行build-ca
  8. 執行build-key-server server (建立server cert)
  9. 執行build-key client1 (建立client cert, 多client者可重複做)
  10. 執行build-dh.bat
複製代碼
完成





OpenVPN Server / Client 設定

Client.ovpn
  1. client
  2. dev tap
  3. proto udp
  4. remote (server's WAN IP)
  5. port 443
  6. resolv-retry infinite
  7. nobind
  8. persist-key
  9. persist-tun
  10. tun-mtu 1500
  11. tun-mtu-extra 32
  12. mssfix 1450
  13. ca ca.crt
  14. cert client1.crt
  15. key client1.key
  16. #remote-cert-tls server
  17. ns-cert-type server
  18. comp-lzo
  19. verb 3
  20. route-gateway (server's LAN IP e.g. 192.168.10.1)
  21. redirect-gateway
  22. route-method exe
  23. route-delay 2
複製代碼
=============================================================

OpenVPN's startup script
  1. cd /tmp
  2. openvpn --mktun --dev tap0
  3. brctl addif br0 tap0
  4. ifconfig tap0 0.0.0.0 promisc up

  5. echo '
  6. # Tunnel options
  7. mode server       # Set OpenVPN major mode
  8. proto udp         # Setup the protocol (server)
  9. port 443          # TCP/UDP port number
  10. dev tap0          # TUN/TAP virtual network device
  11. keepalive 15 60   # Simplify the expression of --ping
  12. daemon            # Become a daemon after all initialization
  13. verb 3            # Set output verbosity to n
  14. comp-lzo          # Use fast LZO compression

  15. # OpenVPN server mode options
  16. client-to-client  # tells OpenVPN to internally route client-to-client traffic
  17. duplicate-cn      # Allow multiple clients with the same common name

  18. # IP Address Routing
  19. # push "route 192.168.10.0 255.255.255.0"
  20. # server 192.168.10.0 255.255.255.0
  21. # Above IP addresses need to change to be your own address


  22. # TLS Mode Options
  23. tls-server        # Enable TLS and assume server role during TLS handshake
  24. ca ca.crt         # Certificate authority (CA) file
  25. dh dh2048.pem     # File containing Diffie Hellman parameters
  26. cert server.crt   # Local peers signed certificate
  27. key server.key    # Local peers private key
  28. ' > openvpn.conf

  29. echo '
  30. -----BEGIN CERTIFICATE-----
  31. (把ca.crt的內容貼在這裡)
  32. -----END CERTIFICATE-----
  33. ' > ca.crt
  34. echo '
  35. -----BEGIN RSA PRIVATE KEY-----
  36. (把server.key的內容貼在這裡)
  37. -----END RSA PRIVATE KEY-----
  38. ' > server.key
  39. chmod 600 server.key
  40. echo '
  41. -----BEGIN CERTIFICATE-----
  42. (把server.crt的內容貼在這裡)
  43. -----END CERTIFICATE-----
  44. ' > server.crt
  45. echo '
  46. -----BEGIN DH PARAMETERS-----
  47. (把dh*.pem的內容貼在這裡)
  48. -----END DH PARAMETERS-----
  49. ' > dh2048.pem

  50. sleep 5
  51. ln -s /usr/sbin/openvpn /tmp/myvpn
  52. /tmp/myvpn --config openvpn.conf
複製代碼
OpenVPN 其他設定
Firewall: Off





updated