Open vpn

Open vpn

This is an easy “howto” setup a vpn between two locations using a  lashed linksys wrt54 router with DD-WRT firmware. The instructions are rudely copied from dd-wrt.

Prerequisites

  • 2 routers flashed with dd-wrt with vpn
  • Openvpn installed

Configuration

Generate your own secret key, and insert it in the script.

$ /usr/sbin/openvpn --genkey --secret static.key

master router

Place the following script in the command section under start up.

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 192.168.2.1 netmask 255.255.255.0 promisc up

# Create routes
route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.2.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

Slave router

In the below script below, replace key section with the content from the static.key file.

In the below section replace gw.rypevevej.dk with your endpoint vpn.

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
remote gw.rypevej.dk
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 192.168.2.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.2

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT

SSH Socks proxy

Sometimes it can come in handy to create a socks proxy using ssh. Socks proxies are usefull from browsers and other programs you either want to shield or the only way to connect is through a socks proxy. from a linux shell run the following:

$ ssh -D 1080 user@example.com
Socks proxy configuration in browser
Socks proxy configuration in browser