August 9, 201015 yr Attached is a first quick draft of how to set up OpenVPN with DD-WRT so that you can access your unRAID server from anywhere with an Internet Connection in a secure fashion. I've tried to keep this simple and include every single step-by-step instruction. Please revise or add to the wiki to be edited if this document is well received Note: I have reposted this here in the software section as requested Assumptions.zip
August 9, 201015 yr klipsch, you've really done an amazing job compiling both key generation and dd-wrt installation parts. Here I have a script to automate certs and keys generation in unRAID: #!/bin/bash #OpenVPN common vars PORT=5238 KEY_SIZE=1024 CA_EXPIRE=3650 KEY_EXPIRE=3650 KEY_COUNTRY="US" KEY_PROVINCE="DC" KEY_CITY="Washington" KEY_ORG="unRAID" KEY_EMAIL="[email protected]" #Clients config CLIENTS=10 CLI_PREFIX="cli-" #Server config IP="192.168.0.100" MASK="255.255.255.0" INTERVAL="192.168.0.80 192.168.0.90" CONF_DIR="$(dirname "$(readlink -f ${BASH_SOURCE[0]})")" KEY_DIR="$CONF_DIR/keys" CLI_DIR="$CONF_DIR/clients" LOG_DIR="/var/log/openvpn" installpkg $CONF_DIR/packages/openssl-0.9.8n-i486-1.txz if [ -e $KEY_DIR ]; then rm -rf $KEY_DIR mkdir $KEY_DIR else mkdir $KEY_DIR fi if [ -e $CLI_DIR ]; then rm -rf $CLI_DIR mkdir $CLI_DIR else mkdir $CLI_DIR fi sleep 1 cd /usr/doc/openvpn-2.1.1/easy-rsa/2.0 echo "export KEY_DIR=\"$KEY_DIR\" " >> vars echo "export KEY_SIZE=$KEY_SIZE " >> vars echo "export CA_EXPIRE=$CA_EXPIRE " >> vars echo "export KEY_EXPIRE=$KEY_EXPIRE " >> vars echo "export KEY_COUNTRY=\"$KEY_COUNTRY\" " >> vars echo "export KEY_PROVINCE=\"$KEY_PROVINCE\" " >> vars echo "export KEY_CITY=\"$KEY_CITY\" " >> vars echo "export KEY_ORG=\"$KEY_ORG\" " >> vars echo "export KEY_EMAIL=\"$KEY_EMAIL\" " >> vars source vars clean-all pkitool --initca pkitool --server server build-dh count=0 while [[ $count -lt $CLIENTS ]]; do PREF=$CLI_PREFIX$count pkitool $PREF CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto tcp\nport $PORT\nresolv-retry infinite\n" CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n" CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn) CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto udp\nport $PORT\nresolv-retry infinite\n" CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n" CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn) LIST="$KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn)\n$KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn)\n$KEY_DIR/dh1024.pem\n" LIST+="$KEY_DIR/$CLI_PREFIX$count$(echo .key)\n$KEY_DIR/$CLI_PREFIX$count$(echo .crt)\n$KEY_DIR/ca.crt" echo -e $LIST | zip -@ -j $CLI_DIR/$CLI_PREFIX$count$(echo .zip) count=$((count + 1)) done TCP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n" TCP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n" TCP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n" TCP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n" TCP+="port $PORT\nproto tcp\ndev tap0\nserver-bridge $IP $MASK $INTERVAL\n" TCP+="push \"route-gateway 192.168.0.254\" " UDP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n" UDP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n" UDP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n" UDP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n" UDP+="port $PORT\nproto udp\ndev tap1\nserver-bridge $IP $MASK $INTERVAL\n" UDP+="push \"route-gateway 192.168.0.254\" " echo -e $TCP > $CONF_DIR/server-tcp.ovpn echo -e $UDP > $CONF_DIR/server-udp.ovpn You can adapt it to use in dd-drt, as it can make life easier.
August 9, 201015 yr Author awesome! 10 clients should be more than enough for both maybe we can get this added to the wiki and make it a "living" doc for various revisions and script additions and further details for anything missed or added
August 9, 201015 yr It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k.
December 7, 201015 yr It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k. We can hope... Do you have any docs on how you did the above?
December 7, 201015 yr http://lime-technology.com/wiki/index.php?title=Building_a_custom_kernel http://lime-technology.com/wiki/index.php?title=Installing_unRAID_on_a_full_Slackware_distro http://lime-technology.com/forum/index.php?topic=2073.0 http://lime-technology.com/forum/index.php?topic=2937.0 http://lime-technology.com/forum/index.php?topic=3899.0
January 9, 201214 yr Can somebody compile a kernel with TUN/TAP? I would like to use OpenVPN server on my unRAID box. Is there a request thread where I can post this request?
January 22, 201214 yr I haver just compiled kernel 3.2.1 on B14 and enabled Tun/Tap "tun: Universal TUN/TAP device driver, 1.6!" Going to try this :-) //Peter
January 23, 201214 yr Nice! Let me know because I am now running a WatchGuard Firebox X500 with 4 diferent VPN's IPSec, L2TP, PPTP and OpenVPN, but I am always open to testings..
April 14, 201214 yr Hi , I have followed klipsch guid, but i run the script that gfjardim created for all files. Now it looks like this in my folder /boot/openvpn-server clients/ createcert.sh* keys/ server-tcp.ovpn* server-udp.ovpn* There are lots of files in clients and keys folder that not cover in the guide? I have manage to get my router works Installed everything in my windows 7 PC, (ca.crt , cli-1.crt , cli-1.key , cli-1.ovpn) but there is more files in the zip files in the clients folder. ?? But what shall I do on my unraid server ? I think I should start something ?? EDIT Looked on my router, now it looks like this, is this right ? this is after a router reboot and windows 7 recognition a new network, before reboot it was according the guide. ps | grep open openvpn --config /tmp/openvpn/openvpn.conf --route-up /tmp/openvpn/route-up.sh --down /tmp/openvpn/route-down.sh --daemon //Peter
Archived
This topic is now archived and is closed to further replies.