Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:openvpn:client [2020/09/20 21:28] – [Introduction] link updated vgaetera | docs:guide-user:services:vpn:openvpn:client [2021/09/27 03:25] – [2. Firewall] vgaetera | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This how-to describes the method for setting up [[wp> | * This how-to describes the method for setting up [[wp> | ||
| - | | + | * Follow [[docs: |
| - | | + | |
| - | * See [[docs: | + | |
| - | * Check [[docs: | + | |
| ===== Goals ===== | ===== Goals ===== | ||
| - | {{section> | + | {{section> |
| - | ===== Instructions | + | ===== Command-line instructions |
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| - | Install the packages | + | Install the required |
| <code bash> | <code bash> | ||
| Line 20: | Line 17: | ||
| opkg update | opkg update | ||
| opkg install openvpn-openssl | opkg install openvpn-openssl | ||
| - | |||
| - | # Configuration parameters | ||
| - | OVPN_DIR="/ | ||
| - | OVPN_DEV=" | ||
| - | OVPN_ID=" | ||
| </ | </ | ||
| ==== 2. Firewall ==== | ==== 2. Firewall ==== | ||
| - | Consider VPN network as public | + | Consider VPN network as public. |
| + | Assign | ||
| <code bash> | <code bash> | ||
| Line 34: | Line 27: | ||
| uci rename firewall.@zone[0]=" | uci rename firewall.@zone[0]=" | ||
| uci rename firewall.@zone[1]=" | uci rename firewall.@zone[1]=" | ||
| - | uci rename firewall.@forwarding[0]=" | + | uci del_list firewall.wan.device=" |
| - | uci del_list firewall.wan.device=" | + | uci add_list firewall.wan.device=" |
| - | uci add_list firewall.wan.device=" | + | |
| uci commit firewall | uci commit firewall | ||
| / | / | ||
| </ | </ | ||
| - | ==== 3. Basic client | + | ==== 3. VPN service |
| - | Save your client profile | + | Save your client profile |
| - | Drop VPN service | + | |
| <code bash> | <code bash> | ||
| # Save VPN client profile | # Save VPN client profile | ||
| umask go= | umask go= | ||
| - | cat << | + | cat << EOF > /etc/ |
| COPY_PASTE_CLIENT_PROFILE_HERE | COPY_PASTE_CLIENT_PROFILE_HERE | ||
| EOF | EOF | ||
| - | |||
| - | # Configure VPN client | ||
| - | sed -i -e " | ||
| - | / | ||
| - | \$a user nobody | ||
| - | / | ||
| - | \$a group nogroup | ||
| - | / | ||
| - | \$a dev ${OVPN_DEV} | ||
| - | " ${OVPN_DIR}/ | ||
| / | / | ||
| </ | </ | ||
| - | ==== 4. Commercial provider ==== | + | Configure |
| - | If using a commercial VPN provider, set up credentials for username/ | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Save username/ | + | |
| - | umask go= | + | |
| - | cat << " | + | |
| - | OVPN_USERNAME | + | |
| - | OVPN_PASSWORD | + | |
| - | EOF | + | |
| - | + | ||
| - | # Configure VPN client | + | |
| - | sed -i -e " | + | |
| - | /^auth-user-pass/s/^/#/ | + | |
| - | \$a auth-user-pass ${OVPN_ID}.auth | + | |
| - | / | + | |
| - | \$a redirect-gateway def1 ipv6 | + | |
| - | " ${OVPN_DIR}/ | + | |
| - | / | + | |
| - | </ | + | |
| ===== Testing ===== | ===== Testing ===== | ||
| - | {{section> | + | {{section> |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| - | {{section> | + | {{section> |