Skip to content

Openvpn

Jump to bottom Edit New page
tobiaswaldvogel edited this page Apr 21, 2012 · 7 revisions

OpenVPN

With the released OpenVPN Package, it is possible to use the NAS as an OpenVPN Server.

Howto

First we have to install the openvpn package from Tobias' repository:

opkg update  
opkg install luci-app-openvpn

Then we need to edit /etc/config/openvpn and we put the following lines in it

config 'openvpn' 'custom_config'  
	option 'enabled' '0'
	option 'config' '/etc/openvpn/server.conf'
	option 'enable' '1'

Now create the file /etc/openvpn/server.conf and you can put your custom Server config there.

At least you have to forward your listen port on your router and then you can start the openvpn server by clicking the start button in the webinterface at services/openvpn in the custom_config line

Example

Here is a example for the Server config. I use tap, because its pretty simple and easy to use. It add the client as an extended user in the network. And another nice feature is you can access your NAS services from outside. As example you can reach your samba sharings from friends, work, ...
I use port 443 for connection port between server and client. I used it because, sometimes in public wifis or other network outside, they block some ports. 443 is the port for https connection, and you can expect that this port will be open. First you have to forward the port in your router.

At first you have to generate a pre shared key for authentification. In SSH run:

openvpn --genkey --secret /etc/openvpn/auth.key

This auth.key have to be on server side and on the client which wants to connect to the server.
Now edit your server.conf and past the following lines

dev tap0
port 443
proto udp
secret /etc/openvpn/auth.key
ping-timer-rem
keepalive 10 120
persist-key
verb 3
mute 50

Now you have to setup a bridge between eth0 and tap0 to simply connect the traffic between the normal lan interface and the "virtual tap0" interface. Run the following command in ssh:

openvpn --mktun --dev tap

Now in your WebInterface go to Network -> Edit
Then go to physical setting and check Bridge interfaces and tap0.
Then hit Save and apply.

Now tap0 is constant opened. If you want that tap0 will be opened everytime you start your NAS (in case of reboot):

cd /etc/init.d
cp mdadm mktun
nano mktun

Now replace the line after start with the following line:

/usr/sbin/openvpn --mktun -dev tap

save it and exit nano

And at least run the command:

/etc/init.d/mktun enable

Now you're done on the server side.

Client Config where is the wan ip of your local DSL. You can use no-ip.org to set up a dyndns. is the ip of your router. In most cases the 192.168.1.1 or something like that. :

remote <SERVER-IP>
port 443
dev tap
secret auth.key
proto udp
route-gateway <LOCAL-ROUTER-IP>
redirect-gateway
keepalive 10 120
explicit-exit-notify 2

That's all, now you can connect to the server :)

-daschacka

Back to overview

Add a custom footer
Add a custom sidebar
Clone this wiki locally