VPN 概览

就像 DMZ一样， VPN是一个security相关的概念, 它并不是一个协议（比如ssh），也不是一个特定的软件包, 在两个或者多个主机间设置VPN，可以使用的软件包有很多种。它们都使用Client-Server concept，并且互相之间通常不兼容. 查看下 OSI model，你可以意识到加解密可以在通信协议栈的不同layer上进行.

如果你的硬件支持 Cryptographic Hardware Acceleration，你需要确保它被你的OpenWrt版本支持，并且被使能了.

• Protocol: IPsec
• Free software: strongSwan, Openswan, Racoon

strongSwan is a recommended IPsec implementation, though some of this documentation may be relevant for other configurations.

• basics Some basics, considerations and prerequisites for IPsec VPN
• roadwarrior OpenWrt as IPsec gateway for road warriors
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• overlappingsubnets IPsec VPN with overlapping subnets
• performance Get the most out of your IPsec connections
• howto Install/configure strongSwan for IPhone/IPad
• configure strongSwan with UCI

• basics Some basics, considerations and prerequisites for IPsec VPN
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• certificates IPsec VPN with certificates
• overlappingsubnets IPsec VPN with overlapping subnets
• roadwarrior OpenWrt as IPsec VPN gateway for road warriors
• roadwarriorcertificates Road warrior setup with certificates

• site2site Setup a site to site IPsec VPN Using Openswan
• openswanxl2tpvpn OpenWrt as IPsec VPN server using xl2tpd

• Free software: OpenVPN

You may setup OpenWrt as an OpenConnect VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.

• Client side requirements:
  • openconnect: Follow for instructions to configure without luci interface
  • luci-proto-openconnect

• Server side requirements:
  • ocserv
  • luci-app-ocserv
  • A How-To for the server setup. Note: the instructions include comments on the Github advice which might not work for some. In addition, the instructions are for a FULL tunnel setup.

There are various openconnect clients, including in GNOME NetworkManager, Windows, and Android.

Not secure! PPTP is broken since 1997. See poptop security message.

• Protocol: PPTP (Point-to-Point Tunneling Protocol)

• server describes a PPTP solution with pptpd
• client Howto install and setup a VPN client compatible with PPTP servers
• nat_traversal VPN NAT traversal (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN

• vpnc-client - VPN client vpnc compatible with Cisco's EasyVPN equipment
• connect_by_l2tp, see Layer 2 Tunneling Protocol and Template:VPN
• pseudowire
• wireguard, see also How to configure WireGuard on OpenWrt/LEDE using LuCi

• http://www.tinc-vpn.org/
• http://www.ntop.org/n2n/
• OLSR
• B.A.T.M.A.N.

• See our forum: Howto: IPsec and OpenVPN
• A whole load of OpenVPN-related articles can be found on the Project Homepage of OpenVPN:
  • http://openvpn.net/index.php/open-source/faq.html#bridge2
  • http://www.openvpn.net/index.php/component/content/article/60-faq/84-faq.html
  • http://www.openvpn.net/index.php/component/content/article/65-general/89-2xhowto.html
  • http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/1xhowto.html
  • You can always read: http://www.openvpn.net/index.php/open-source/documentation/manuals.html or search: http://www.google.com/search?q=vpn&hl=en
• You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.