klipsch Posted August 9, 2010 Share Posted August 9, 2010 Attached is a first quick draft of how to set up OpenVPN with DD-WRT so that you can access your unRAID server from anywhere with an Internet Connection in a secure fashion. I've tried to keep this simple and include every single step-by-step instruction. Please revise or add to the wiki to be edited if this document is well received Note: I have reposted this here in the software section as requested Assumptions.zip Link to comment
gfjardim Posted August 9, 2010 Share Posted August 9, 2010 klipsch, you've really done an amazing job compiling both key generation and dd-wrt installation parts. Here I have a script to automate certs and keys generation in unRAID: #!/bin/bash #OpenVPN common vars PORT=5238 KEY_SIZE=1024 CA_EXPIRE=3650 KEY_EXPIRE=3650 KEY_COUNTRY="US" KEY_PROVINCE="DC" KEY_CITY="Washington" KEY_ORG="unRAID" KEY_EMAIL="[email protected]" #Clients config CLIENTS=10 CLI_PREFIX="cli-" #Server config IP="192.168.0.100" MASK="255.255.255.0" INTERVAL="192.168.0.80 192.168.0.90" CONF_DIR="$(dirname "$(readlink -f ${BASH_SOURCE[0]})")" KEY_DIR="$CONF_DIR/keys" CLI_DIR="$CONF_DIR/clients" LOG_DIR="/var/log/openvpn" installpkg $CONF_DIR/packages/openssl-0.9.8n-i486-1.txz if [ -e $KEY_DIR ]; then rm -rf $KEY_DIR mkdir $KEY_DIR else mkdir $KEY_DIR fi if [ -e $CLI_DIR ]; then rm -rf $CLI_DIR mkdir $CLI_DIR else mkdir $CLI_DIR fi sleep 1 cd /usr/doc/openvpn-2.1.1/easy-rsa/2.0 echo "export KEY_DIR=\"$KEY_DIR\" " >> vars echo "export KEY_SIZE=$KEY_SIZE " >> vars echo "export CA_EXPIRE=$CA_EXPIRE " >> vars echo "export KEY_EXPIRE=$KEY_EXPIRE " >> vars echo "export KEY_COUNTRY=\"$KEY_COUNTRY\" " >> vars echo "export KEY_PROVINCE=\"$KEY_PROVINCE\" " >> vars echo "export KEY_CITY=\"$KEY_CITY\" " >> vars echo "export KEY_ORG=\"$KEY_ORG\" " >> vars echo "export KEY_EMAIL=\"$KEY_EMAIL\" " >> vars source vars clean-all pkitool --initca pkitool --server server build-dh count=0 while [[ $count -lt $CLIENTS ]]; do PREF=$CLI_PREFIX$count pkitool $PREF CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto tcp\nport $PORT\nresolv-retry infinite\n" CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n" CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn) CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto udp\nport $PORT\nresolv-retry infinite\n" CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n" CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn) LIST="$KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn)\n$KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn)\n$KEY_DIR/dh1024.pem\n" LIST+="$KEY_DIR/$CLI_PREFIX$count$(echo .key)\n$KEY_DIR/$CLI_PREFIX$count$(echo .crt)\n$KEY_DIR/ca.crt" echo -e $LIST | zip -@ -j $CLI_DIR/$CLI_PREFIX$count$(echo .zip) count=$((count + 1)) done TCP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n" TCP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n" TCP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n" TCP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n" TCP+="port $PORT\nproto tcp\ndev tap0\nserver-bridge $IP $MASK $INTERVAL\n" TCP+="push \"route-gateway 192.168.0.254\" " UDP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n" UDP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n" UDP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n" UDP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n" UDP+="port $PORT\nproto udp\ndev tap1\nserver-bridge $IP $MASK $INTERVAL\n" UDP+="push \"route-gateway 192.168.0.254\" " echo -e $TCP > $CONF_DIR/server-tcp.ovpn echo -e $UDP > $CONF_DIR/server-udp.ovpn You can adapt it to use in dd-drt, as it can make life easier. Link to comment
klipsch Posted August 9, 2010 Author Share Posted August 9, 2010 awesome! 10 clients should be more than enough for both maybe we can get this added to the wiki and make it a "living" doc for various revisions and script additions and further details for anything missed or added Link to comment
gfjardim Posted August 9, 2010 Share Posted August 9, 2010 It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k. Link to comment
boof Posted December 7, 2010 Share Posted December 7, 2010 It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k. We can hope... Do you have any docs on how you did the above? Link to comment
BRiT Posted December 7, 2010 Share Posted December 7, 2010 http://lime-technology.com/wiki/index.php?title=Building_a_custom_kernel http://lime-technology.com/wiki/index.php?title=Installing_unRAID_on_a_full_Slackware_distro http://lime-technology.com/forum/index.php?topic=2073.0 http://lime-technology.com/forum/index.php?topic=2937.0 http://lime-technology.com/forum/index.php?topic=3899.0 Link to comment
boof Posted December 7, 2010 Share Posted December 7, 2010 first should do it - thanks Link to comment
m4f1050 Posted January 9, 2012 Share Posted January 9, 2012 Can somebody compile a kernel with TUN/TAP? I would like to use OpenVPN server on my unRAID box. Is there a request thread where I can post this request? Link to comment
peter_sm Posted January 22, 2012 Share Posted January 22, 2012 I haver just compiled kernel 3.2.1 on B14 and enabled Tun/Tap "tun: Universal TUN/TAP device driver, 1.6!" Going to try this :-) //Peter Link to comment
m4f1050 Posted January 23, 2012 Share Posted January 23, 2012 Nice! Let me know because I am now running a WatchGuard Firebox X500 with 4 diferent VPN's IPSec, L2TP, PPTP and OpenVPN, but I am always open to testings.. Link to comment
peter_sm Posted April 14, 2012 Share Posted April 14, 2012 Hi , I have followed klipsch guid, but i run the script that gfjardim created for all files. Now it looks like this in my folder /boot/openvpn-server clients/ createcert.sh* keys/ server-tcp.ovpn* server-udp.ovpn* There are lots of files in clients and keys folder that not cover in the guide? I have manage to get my router works Installed everything in my windows 7 PC, (ca.crt , cli-1.crt , cli-1.key , cli-1.ovpn) but there is more files in the zip files in the clients folder. ?? But what shall I do on my unraid server ? I think I should start something ?? EDIT Looked on my router, now it looks like this, is this right ? this is after a router reboot and windows 7 recognition a new network, before reboot it was according the guide. ps | grep open openvpn --config /tmp/openvpn/openvpn.conf --route-up /tmp/openvpn/route-up.sh --down /tmp/openvpn/route-down.sh --daemon //Peter Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.