VPN@home
I’m going on vacation and decided it was time to be able to access my home network from outside. This blog entry is about my attempts at getting my OpenWrt router to acts as a VPN server.
Getting a domain
I have a setup with a VoIP ADSL router and an internal Asus router. The ADSL router is given to me by my telephone company and I have limited possibility of tinkering, but it does support DynDNS.
DynDNS.org offers a service where you may create your own subdomain to one of their domains. I could create moozing.dyndns.org (which I didn’t) and make it point to an IP address of my choosing. It default to the IP address you are connecting from – a well-chosen default value. Some routers like my ADSL router supports updating DynDNS if the IP address of the connection changes, hence the name dynamic DNS. The service is free and financed by people/groups/companies that are willing to pay for the premium services. Free stuff on the internet is cool – read Chris Andersons Free! to gain some insights.
Using DynDNS, I now have a symbolic name for the entry point to my home network, which get update when needed. I note that there is a log entry saying it updated DynDNS. Cool.
VPN and OpenWrt
Looking in the list of packages on the OpenWrt router (using opkg list), I noticed that there was a LuCI interface for OpenVpn (LuCI is the web interface used by OpenWrt). Also, there is an OpenVpn plugin for network-manager.
Server side
On the server side, I log into my router, and installs the OpenVpn packages
opkg install luci-app-openvpn openvpn
It ought to have worked, except that I am out of flash memory. My Asus WL-500g Deluxe has 4 mb of flash (as stated on the OpenWrt homepage) and 32 mb of RAM. To install OpenVpn at least 2 mb are needed.
root@GreyWilly:~# df -h Filesystem Size Used Available Use% Mounted on /dev/root 1.7M 1.7M 0 100% /rom tmpfs 14.9M 1.3M 13.6M 9% /tmp /dev/mtdblock/4 1.5M 564.0K 972.0K 37% /overlay mini_fo:/overlay 1.7M 1.7M 0 100% /
I only have 972 kb free, so I need a bigger router if I am to succeed. The router I am using now is my old one, and I have a newer Asus WL-500g Premium with 8 mb of flash in stock that I intent to use instead.
Certificates
On the OpenVpn homepage, I located the howto that describes in details how to get started with keys and certificates. It is about setting up a private key infrastructure.
You need to generate the certificate authority (CA) certificate, server key+certificate and the client key+certificate. According to the test, it is possible to make it work using only passwords. I decided in the certificates way.
Client side
On the PC side I install the network manager plugin
apt-get install network-manager-openvpn network-manager-openvpn-gnome
I then have a GUI box to configure the connection. I use the certificates and keys that I generated earlier.
It is not tested due to my servers issues. Bummer. I expect there to be DHCP issues.
[…] I have worked with WDS before, most wireless chips supports multiple WLANs and VPN is just about installing the right packages on Openwrt. Considering the title of this blog entry, it obviously didn’t according to plan. Besides that, I had forgotten that I tried OpenVPN before… […]
Wireless sucks – a story of an 18th century building | Just moozing
July 27, 2013 at 09:16
Very good
دانلود فیلم
November 15, 2014 at 12:08