User Tools

Site Tools


docs:guide-user:network:routing_in_openvpn

Routing Example: OpenVPN

For creating a basic network configuration in OpenVPN like it shows in the picture.

In this example, we will use 3 routers and 2 stations (computers).

R1

The following configuration is for the Router “R1” which is located in the directory /etc/config/network

config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth1' option proto 'static' option ipaddr '172.16.1.1' option netmask '255.255.255.0' config interface 'lan2' option ifname 'eth0' option proto 'static' option ipaddr '10.1.1.1' option netmask '255.255.255.252' config route 'default' option interface 'lan2' option target '0.0.0.0' option netmask '0.0.0.0' option gateway '10.1.1.2'

WAN

For the “WAN” router which is located is also placed the directory /etc/config/network

config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option proto 'static' option ipaddr '10.1.1.2' option netmask '255.255.255.252' config interface 'lan2' option ifname 'eth1' option proto 'static' option ipaddr '10.2.2.2' option netmask '255.255.255.252' config route 'network' option interface 'lan' option target '172.16.1.0' option netmask '255.255.255.0' option gateway '10.1.1.1' config route 'network2' option interface 'lan2' option target '172.16.2.0' option netmask '255.255.255.0' option gateway '10.2.2.1'

R2

Finally for the “R2” router which is located is also placed the directory /etc/config/network:

config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth1' option proto 'static' option ipaddr '10.2.2.1' option netmask '255.255.255.252' config interface 'lan2' option ifname 'eth0' option proto 'static' option ipaddr '172.16.2.1' option netmask '255.255.255.0' config route 'default' option interface 'lan' option target '0.0.0.0' option netmask '0.0.0.0' option gateway '10.2.2.2'

PC configuration

For the pc configuration, we just set up the IP addresses in each station.

PC1 IP 172.16.1.3 netmask 255.255.255.0 gateway 172.16.1.1
PC2 ip 172.16.2.3 netmask 255.255.255.0 gateway 172.16.2.1

In order to have the complete configuration is necesary to follow other steps:

Installling OpenVPN

Type these commands into the routers R1 and R2

opkg update opkg install openvpn-openssl openvpn-easy-rsa

Creating certificates

These commands have to be type in the server router R1 and R2

build-ca build-dh build-key-server my-server build-key-pkcs12 my-client

Configuration network on the router server "R2"

1. Create the VPN interface (named vpn0)

\uci set network.vpn0=interface uci set network.vpn0.ifname=tun0 uci set network.vpn0.proto=none uci set network.vpn0.auto=1

2. Commit the changes

uci commit network /etc/init.d/network reload uci commit firewall /etc/init.d/firewall reload

OpenVPN configuration on server (In our case is the router “R2”)

echo > /etc/config/openvpn # clear the openvpn uci config uci set openvpn.myvpn=openvpn uci set openvpn.myvpn.enabled=1 uci set openvpn.myvpn.verb=3 uci set openvpn.myvpn.port=1194 uci set openvpn.myvpn.proto=udp uci set openvpn.myvpn.dev=tun uci set openvpn.myvpn.server='10.8.0.0 255.255.255.0' uci set openvpn.myvpn.keepalive='10 120' uci set openvpn.myvpn.ca=/etc/openvpn/ca.crt uci set openvpn.myvpn.cert=/etc/openvpn/my-server.crt uci set openvpn.myvpn.key=/etc/openvpn/my-server.key uci set openvpn.myvpn.dh=/etc/openvpn/dh2048.pem uci commit openvpn

OpenVPN configuration on client (In our case is the router “R1”)

echo > /etc/config/openvpn # clear the openvpn uci config uci set openvpn.myvpn=openvpn uci set openvpn.myvpn.enabled=1 uci set openvpn.myvpn.dev=tun uci set openvpn.myvpn.proto=udp uci set openvpn.myvpn.verb=3 uci set openvpn.myvpn.ca=/etc/openvpn/ca.crt uci set openvpn.myvpn.cert=/etc/openvpn/my-client.crt uci set openvpn.myvpn.key=/etc/openvpn/my-client.key uci set openvpn.myvpn.client=1 uci set openvpn.myvpn.remote_cert_tls=server uci set openvpn.myvpn.remote=“SERVER_IP_ADDRESS 1194” uci commit openvpn

Starting up OpenVPN

/etc/init.d/openvpn enable /etc/init.d/openvpn start

Configure Clients For Your Server

dev tun proto udp log openvpn.log verb 3 ca /etc/openvpn/ca.crt cert /etc/openvpn/my-client.crt key /etc/openvpn/my-client.key client remote-cert-tls server remote SERVER_IP_ADDRESS 1194

NOTE: After typing these commands in R2 they will create the certificates that must be copied to the client router in our case is “R1” the names of these certificates are “my-client.crt”, “my-client.csr”, “my-client.key” and “my-client.p12”

Finally after thsese commands configuration OpenVPN should work perfectly. By the way is the necessary to ping trough the following tracerouters in order to confirm the total success of the configuration.

Testing the tunnel

traceroute 10.8.0.1 traceroute 8.8.8.8 #Google-DNS server
docs/guide-user/network/routing_in_openvpn.txt · Last modified: 2018/03/04 13:18 by 149.255.33.155