HowTo install OpenVPN server WL500gP
================================================== =======
NOTES:
I do not take any credit for most of the information herein written. I just collected (copy&paste) most the information and adapted it to be executed under an Asus WL-500g device.This is a simple setup that has a limited scalability — one client, one server.
This HowTo is oriented to create a VPN connection between an Asus WL-500g device and a Windows XP client.
ASSUMPTIONS:
i.- firmware: Oleg 1.9.2.7-7b
ii.- root file system on the external USB drive
iii.- telnet/ssh deamon installed and active
iv.- nano editor installedSOURCES:
i.- http://openvpn.net
ii.- http://www.sprayfly.com/wiki/User_talk:Jonolumb
iii.- This forum
================================================== =======CONFIGURING THE CLIENT (Windows XP)
Download from http://openvpn.se/download.html openvpn-2.0.7-gui-1.0.3-install.exe which will install both OpenVPN and a Windows GUI. Install everything.
During the installation you will be prompted about authentication of drivers to be installed. You should accept it.Open «network connections» and rename the connection recently created from «Local Area Connection x» to «tun0» (it should have «TAP-Win32 Adapter V8 (coLinux)» as NIC)
Open a dos-prompt window
C:
cd \Program Files\OpenVPN\config
openvpn —genkey —secret static.keycreate a txt file called «client.ovpn» and add the following information:
remote myremote.mydomain
dev tun0
ifconfig 10.8.0.2 10.8.0.1
secret static.key
keepalive 10 60where myremote.mydomain is the WAN ip address or host name of your Asus WL-500g router.
Install OpenVPN package on WL-500g
ipkg -force-depends install openvpn
Check for message:
Warning: Cannot satisfy the following dependencies for openvpn: kernel-module-tunBut warning can be disregarded, tun is already included in Oleg’s firmware.
Create the TUN device node
(users report these two lines below are not necessary any longer. They give error messages. See comment #9)mkdir /dev/net
mknod /dev/net/tun c 10 200Load the TUN/TAP kernel module
insmod tun
Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
Configuring VPN Server
cd /opt/etc/openvpn
nano server.conf
(add following lines)
dev tun0
ifconfig 10.8.0.1 10.8.0.2
secret static.key
(exit editor)
^O ^XCopy via FTP the file static.key from WinXP client folder C:\Program Files\OpenVPN\config to Asus wl500g directory /opt/etc/openvpn
Add firewall rules
cd /usr/local/sbin
nano post-firewall#!/bin/sh
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp —dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp —dport 1194 -j DNAT —to-destination $4:1194
iptables -A INPUT -j DROPiptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT(exit editor)
^O ^XNOTES:
With WL-500gP eth1 shall be changed to vlan1 and $4 to router’s LAN gateway (192.168.1.1)Start OpenVPN server manually
/sbin/insmod tun
/opt/sbin/openvpn —cd /opt/etc/openvpn —daemon \
—log-append /var/log/openvpn.log \
—config server.confIf you want to try the OpenVPN server at this point, without making an autostart, you should execute all iptables commands above written by copy&paste them on the Asus wl500g prompt and jump to the next point called «Trying the VPN tunnel».
Autostart
To automatically start the OpenVPN server processes at boot time:nano /opt/etc/init.d/S24openvpn
#!/bin/sh
if [ -n «`pidof openvpn`» ]; then
/bin/killall openvpn 2>/dev/null
fi# load TUN/TAP kernel module
/sbin/insmod tun# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward# Startup VPN tunnel in daemon mode
/opt/sbin/openvpn —cd /opt/etc/openvpn —daemon \
—log-append /var/log/openvpn.log \
—config server.conf(exit editor)
^O ^XSave and Reboot
chmod +x /opt/etc/init.d/S24openvpn
flashfs save
flashfs commit
flashfs enable
rebootTrying the VPN tunnel
Execute file client.ovpn in Windows XP (C:\Program Files\OpenVPN\config). A DOS window will appear. Pay attention to message «Initialization Sequence Completed«. This message indicates that the VPN connection has been established. (Do not close the DOS window! If you close the DOS window you will close the VPN connection)To test that everything works as it should try to ping 10.8.0.1 from the client (Windows XP) and to ping 10.8.0.2 from Asus WL-500g. You should get ping responses on both cases. If it is so, everything works!
FINAL NOTES
i)If you are running Windows XP/SP2 don’t forget to add a rule in your Windows XP firewall to accept traffic on port 1194.
ii) HowTo: Routing all client traffic through VPN tutorial available