Pavel Zhovner edited this page Jun 1, 2017 · 7 revisions

Настройка

Services > VPN > OpenVPN Client

  • Start OpenVPN Client: Enable
  • Server IP/Name: vpn.zaborona.help
  • Port: 1194
  • Tunnel Device: TUN
  • Tunnel Protocol: TCP
  • Encryption Cipher: AES-128 CBC
  • Hash Algorithm: SHA1
  • User Pass Authentication: Disable
  • Advanced Options: Enable
  • TLS Cipher: None
  • LZO Compression: Disabled
  • NAT: Enable
  • Additional Config:
remote-cert-tls server
setenv opt ncp-ciphers AES-128-GCM
  • Если не нужна поддержка IPv6, то сюда же в Additional Config нужно добавить строки:
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "
  • CA Cert:
-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIJAOZ+WWiLZjjVMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
BAMMDVphYm9yb25hLmhlbHAwHhcNMTcwNTE5MTk0MzI3WhcNMjcwNTE3MTk0MzI3
WjAYMRYwFAYDVQQDDA1aYWJvcm9uYS5oZWxwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4BufraaBWWD5M8h7vt+4wGw/7OHeKOqZN4hS/OmqfwOIEJV3
5OWtzLmL5OpT5kIZ+NetF3ooc2pWRSZ+642IlzjIC2GqT/V5p/VXKjZsAZXQaaVo
OuWXlVmJFpR9nO3PIDn4wQvhQPPnJIYQgCl/vMV7TE9ZkpziEBAY9v3chwXHJ8+w
DyXkFn/BIMBdDamz+K7ffH17CM4aLr59W9AKc/DVox9ogdXmiVwCXag6byENZZEz
1LgpU+YtH/GnVyLSsaXC/fZQ12/NMjI/XXIM6x02pR/F4faOCLHHdYaWp3XJTQPj
vdPp7ve/8qWNijdkRma7y8TbmRYEut/JbiLFyQIDAQABo4GHMIGEMB0GA1UdDgQW
BBR7+jwpIvjCvbSi5cDxbig/UkYIuDBIBgNVHSMEQTA/gBR7+jwpIvjCvbSi5cDx
big/UkYIuKEcpBowGDEWMBQGA1UEAwwNWmFib3JvbmEuaGVscIIJAOZ+WWiLZjjV
MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCA
HG//Q5HrOuucEdqQqmxUhyXp+wZgcHMkDmqaXD2kgbhaa6L7M68yGryDsHFh+pZ6
1ePabk7kmvJnYWEY7veQzWJgBNfHBja+2wTEOEQTJW0DCeJw9QUpajrBcrRQz5DJ
BGrXcKAWZvqYjgp3fIDGtxZh0KCaJrPT2jmj3qM+aq8LEhM2mlqpvLVq6FLvUYiU
/iTdNpVL6Xdd16839G1VatvnZlCoGTc/6iBwbs9+xt7BkCVdY2gb3egB833gAxwv
DMwC41oj8XJlY2N5ieqhINYCtNOa+9REoJP9fycoNMpcejbF/UeEdZtpCfRHAE7h
BvStsSqP1Gl9ZeCtmntI
-----END CERTIFICATE-----
  • Public Client Cert:
-----BEGIN CERTIFICATE-----
MIIDWzCCAkOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1aYWJv
cm9uYS5oZWxwMB4XDTE3MDUxOTE5NDQxMloXDTI3MDUxNzE5NDQxMlowETEPMA0G
A1UEAwwGcHVibGljMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RMM
ZHEgUmH5Mve+lOPrAIVfbmLNP+93J3Gymtga4pu/ia44/+7hQiE01ad13RuoiplI
1KyQAaHUiYh2YKX6K+ZTQwHWYXBXVsbmQVjqftSOlakWSWW0gZq9qV8Dbxa1hP51
KTdj8fPk2jfiv/D2N60FaqSg/pL4+Xjjo2ogBLvHujnNebOaZ2VJFQT1chEpT9ch
/H0GWMS3qK6vBEnXBcxio8DxfyRMarwbzFfSM4prv4VE7BfgJ+5Fm2IEsLtWKAM1
kH+1rPXaBlZbDj4ozlV4gYD1rJYXL3ngzMj5/Tymt3Oj/RVsM1fl25JaA9hQSr0r
Y/2Qb3PuuuQiUkk64wIDAQABo4G2MIGzMAkGA1UdEwQCMAAwHQYDVR0OBBYEFBHa
Ph6sI0eq0z6O+E2KFdLA2fPnMEgGA1UdIwRBMD+AFHv6PCki+MK9tKLlwPFuKD9S
Rgi4oRykGjAYMRYwFAYDVQQDDA1aYWJvcm9uYS5oZWxwggkA5n5ZaItmONUwHQYD
VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMRMAsGA1UdDwQEAwIHgDARBgNVHREE
CjAIggZwdWJsaWMwDQYJKoZIhvcNAQELBQADggEBAFWlN/iFntyrXC6GA/VY9sWF
aah7FUTZ7axd/qL70x+s62VcohddX4qFdETdeAPPva7Z60lKQdXwjXynJ/DiLiS5
UoALMD1bSzDBqA69GrSDTMsYvVU3QvNmUgBvPHjXqqj9ZT287KxYzRPWNY9m8IBA
4T8Q3zJFOtKZH0gijoMUWI10fnwU1olkt5d28ldRC2EYuE+Gdm8jAZDvfQ4XwkvD
CfG+gSIJ8Gg1VfsaX2qKgoBNW5or6RSxdBKCiVgLL3GSITlkrrN0O7VvT8C/qDJs
pk/mgRCDARL8jLwtaRV0xrDAnSPyuctRpHc6BFJzDKerX7ABCgOOcTUAr8SbbSc=
-----END CERTIFICATE-----
  • Private Client Key:
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDREwxkcSBSYfky
976U4+sAhV9uYs0/73cncbKa2Brim7+Jrjj/7uFCITTVp3XdG6iKmUjUrJABodSJ
iHZgpfor5lNDAdZhcFdWxuZBWOp+1I6VqRZJZbSBmr2pXwNvFrWE/nUpN2Px8+Ta
N+K/8PY3rQVqpKD+kvj5eOOjaiAEu8e6Oc15s5pnZUkVBPVyESlP1yH8fQZYxLeo
rq8ESdcFzGKjwPF/JExqvBvMV9Izimu/hUTsF+An7kWbYgSwu1YoAzWQf7Ws9doG
VlsOPijOVXiBgPWslhcveeDMyPn9PKa3c6P9FWwzV+XbkloD2FBKvStj/ZBvc+66
5CJSSTrjAgMBAAECggEBAJBE6603ns0aTCJOcFU/fP8sCXEbfnRa4sb2Hv/YlZy/
SolQDocUqJ3AWjwARUWg+0lAgtA2j1yA9i89WipQ/fNjCRtY3jz4j1wS/fojyBRi
yk0dk4JsSwWP6MZCCRWT/wfZqrEZRr9DxCyMmcxHEy/SFcXD+lAQzPsg3zv5VETO
q67S2s/njkSWyA9woRJLztld/Az/Rgh5VP2TxDCIHb0dTE6648lIUO0VkVfg8+G4
3BLXXA86YCFmRdTfs6rywf9jPN6V1gnyICk198/2Ne+jM3kNxNMn8jBDbjTkxT1b
ovBKDDpNNuLbBTjtlxEm3Q1CPuAH+0L8nfb9ZtSoISkCgYEA6rvgqTwAX272LXZi
jJuE6tJtOB47tih8HRgzQbCLPRduwz7P7ObtUSD88fSYsKCEb3T3kiUeMVADbWnR
DLqUetcDUAjPe0l/KcR0pef0mVvP1CnsTY+i9yGAOMkfrLqIBrLRd+8KRs85DHYm
/NYDHptDdGHjBW8Olc4L6+Wq/4cCgYEA5AQOlD9oWQuvrWhX1K1sK0JQxu36phrD
w5JuS5TJKyWxzABkgHJx8ZVIOhNUtXLSAkVQlaM5hKj/gVgf+DZsKaIcxWT7xLZZ
Qdiz3bRFtigxyZD67oRvzxBWg5XBnrgieM/C5+EiNQ3iRDjbvL228+cDIYPpwwtD
7/hHA15uqMUCgYEAgEZngVQeyAg1U6bMOBaMzl5r/SzYaLU7DhM5f35guOPjTaM3
sTiJG7qxP+/wuSUe+mGrIRxToZMeLF6VNSWJGpABaW1HJRKHAWYwcLGPg3ce3cyD
K+eAoRiXn3CZdKUCzNZPjgD9VrDLdjnjGGxDjChA9oq/qyqDh+3vqdv6VGUCgYBX
qIOeVJ4eFZMNPF7/wUgjfVQmlhjVQNbf2eyTG/kWoGAxCDma8+SANp7UzNe1BhZc
jx9C18RmDr5jkGiB+RIuE0eyT3dHEb9QxCmp4wMl22AAmL8PcVS2qxZHcgxEo4+F
GIJauL943ASPq7g2YEz0iWw3t0noFO2iVLWgQu6R7QKBgQCp9SedsiPJXQADFVln
7j5yLj7qBdATuZHbqfCt4CI7GO+5kjtNqFdZAZphP+gFJe49srS17WPLEFYpQpix
T77eOw4U3iIgoJoxn545CkMdH4H0lsQhfBOTqFJ8rdAzLTAa4pzgAOvLMsZWxM32
c+bjFxzMVzfVFOx30yZN8YbX6Q==
-----END PRIVATE KEY-----
  • Остальное оставить как есть
  • Apply Settings

Проверка статуса подключения

Status > OpenVPN > Status

Если всё настроено правильно, должно быть:

Client: CONNECTED SUCCESS

Настройка DNS

Похоже DD-WRT не умеет обрабатывать команду dhcp-option DNS от OpenVPN-сервера, так что придётся настроить DNS вручную

Setup > Basic Setup > Network Setup > Network Address Server Settings (DHCP)

  • Static DNS 1: 77.88.8.8
  • Static DNS 2: 74.82.42.42
  • Static DNS 3: 10.0.0.0 (заведомо неправильный адрес несуществующего DNS-сервера, чтобы роутер не подставлял сюда DNS-адрес провайдера)
  • Apply Settings

Обсуждение проблем при настройке DD-WRT https://github.com/zhovner/zaborona_help/issues/22

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.