Arethusa forum

Arethusa discussion forums.

You are not logged in.

Announcement

Registration is not required to post, but is required to post links.

#1 2010-04-05 11:49:50

Zero
Moderator

[EN] OpenVPN: OpenWrt (experimental)

How to setup Arethusa VPN on OpenWrt:


This document was written using OpenWrt Firmware Kamikaze 8.09.1 (r16206), on a Linksys WRT54GL 1.1.
If you don't feel at ease with UNIX commands, or if you don't understand what is said, stop reading this and install DD-WRT.


Install the most recent version of OpenWrt for your router.
Configure the router according to your needs, without the VPN for the moment.


SSH into the router and type:
opkg update
opkg install ntpclient
opkg install openvpn


If the version of openvpn is only 2.0, you need to install a more recent openvpn package. The next stable release of OpenWrt (codename Backfire) will have openvpn 2.1.
You can find here more recent packages for your router: http://downloads.openwrt.org/snapshots/trunk/
For example:
opkg install http://downloads.openwrt.org/snapshots/ … mipsel.ipk


On my router I had to create the symlink and config directory:
ln -s ../init.d/openvpn /etc/rc.d/S95openvpn
mkdir /etc/openvpn


Get arethusa.ovpn and arethusa-ca.crt. Modify arethusa.ovpn:

Replace the line: "ca arethusa-ca.crt" with:
ca /etc/openvpn/arethusa-ca.crt

Replace the line: "auth-user-pass" with:
auth-user-pass /etc/openvpn/arethusa_pass.txt

Create a text file named arethusa_pass.txt
Enter the username for this tunnel on the first line, and the password on the second line. Save and close the file.

Copy these 3 files into the /etc/openvpn/ folder on the router, using SCP.
For example: (from a linux box)
scp -r arethusa* root@192.168.10.1:/etc/openvpn/


On the router, open /etc/config/openvpn and modify it as follows:
package openvpn
config openvpn arethusa
option enable 1
option config /etc/openvpn/arethusa.ovpn


Add these lines to /etc/firewall.user on the router:
iptables -A input_rule -i tun0 -j DROP
iptables -A forwarding_rule -i br-lan -o tun0 -j ACCEPT
iptables -A forwarding_rule -i tun0 -o br-lan -j ACCEPT
iptables -t nat -A postrouting_rule -o tun0 -j MASQUERADE


Reboot the router.
All internet activity should now go through the VPN. If not, you will find useful messages in the system log. Make sure that the time and date are set correctly.

The CPU of this router still can't crypt/decrypt faster than ~ 300 KB/s. This is a problem if your internet connection is faster than that.

This document is provided as-is, with no warranty and no support. Try this at your own risk.

Offline

Board footer

Powered by FluxBB