https://mywiki.romanost.co.il/index.php?action=history&feed=atom&title=OpenWRT
OpenWRT - Revision history
2026-04-16T14:32:52Z
Revision history for this page on the wiki
MediaWiki 1.27.4
https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=82&oldid=prev
Meadmin at 14:18, 25 April 2020
2020-04-25T14:18:41Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:18, 25 April 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l11" >Line 11:</td>
<td colspan="2" class="diff-lineno">Line 11:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/openssl-easyrsa.cnf</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  mv server /etc/easy-rsa/pki/x509-types/  </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  mv server /etc/easy-rsa/pki/x509-types/  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  mv client /etc/easy-rsa/pki/x509-types/</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  mv client /etc/easy-rsa/pki/x509-types/</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> mv openssl-easyrsa.cnf /etc/easy-rsa/pki/</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>2. Configure firewall</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>2. Configure firewall</div></td></tr>
</table>
Meadmin
https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=79&oldid=prev
Meadmin at 13:50, 25 April 2020
2020-04-25T13:50:55Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:50, 25 April 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l100" >Line 100:</td>
<td colspan="2" class="diff-lineno">Line 100:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>5. Create client configuration file:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>5. Create client configuration file:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  # Fetch IP address</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  # Fetch IP address <ins class="diffchange diffchange-inline">or update to FQDN</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> #OVPN_SERV="fqdn.myhome.com"</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  OVPN_SERV=`wget -qO- ifconfig.co`</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  OVPN_SERV=`wget -qO- ifconfig.co`</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </div></td></tr>
</table>
Meadmin
https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=78&oldid=prev
Meadmin: Created page with "Install OpenVPN on OpenWRT 1. Install packages: opkg update opkg install luci-app-openvpn opkg install openvpn-openssl wget https://raw.githubusercontent.com/OpenVPN/ea..."
2020-04-25T13:39:54Z
<p>Created page with "Install OpenVPN on OpenWRT 1. Install packages: opkg update opkg install luci-app-openvpn opkg install openvpn-openssl wget https://raw.githubusercontent.com/OpenVPN/ea..."</p>
<p><b>New page</b></p><div>Install OpenVPN on OpenWRT<br />
<br />
1. Install packages:<br />
opkg update<br />
opkg install luci-app-openvpn<br />
opkg install openvpn-openssl<br />
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/easyrsa<br />
chmod 755 easyrsa<br />
mv easyrsa /usr/bin<br />
mkdir -p /etc/easy-rsa/pki/x509-types<br />
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server<br />
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client<br />
mv server /etc/easy-rsa/pki/x509-types/ <br />
mv client /etc/easy-rsa/pki/x509-types/<br />
<br />
2. Configure firewall<br />
uci rename firewall.@zone[0]="lan"<br />
uci rename firewall.@zone[1]="wan"<br />
uci rename firewall.@forwarding[0]="lan_wan"<br />
uci del_list firewall.lan.device="tun0"<br />
uci add_list firewall.lan.device="tun0"<br />
uci -q delete firewall.vpn<br />
uci set firewall.ovpn="rule"<br />
uci set firewall.ovpn.name="Allow-OpenVPN"<br />
uci set firewall.ovpn.src="wan"<br />
uci set firewall.ovpn.dest_port="1194"<br />
uci set firewall.ovpn.proto="udp"<br />
uci set firewall.ovpn.target="ACCEPT"<br />
uci commit firewall<br />
/etc/init.d/firewall restart<br />
<br />
3. Create Certificates:<br />
export EASYRSA_PKI="/etc/easy-rsa/pki" <br />
export EASYRSA_REQ_CN="ovpnca"<br />
# Remove and re-initialize the PKI directory<br />
easyrsa --batch init-pki<br />
# Generate DH parameters<br />
easyrsa --batch gen-dh<br />
# Create a new CA<br />
easyrsa --batch build-ca nopass<br />
# Generate a keypair and sign locally for a server<br />
easyrsa --batch build-server-full server nopass<br />
# Generate a keypair and sign locally for a client <br />
easyrsa --batch build-client-full client nopass<br />
<br />
4. Configure VPN server:<br />
# Generate TLS PSK<br />
OVPN_PKI="/etc/easy-rsa/pki"<br />
openvpn --genkey --secret ${OVPN_PKI}/tc.pem<br />
<br />
# Configuration parameters<br />
OVPN_DIR="/etc/openvpn"<br />
OVPN_PKI="/etc/easy-rsa/pki"<br />
OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br />
OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br />
OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br />
OVPN_POOL="192.168.8.0 255.255.255.0"<br />
OVPN_DNS="${OVPN_POOL%.* *}.1"<br />
OVPN_DOMAIN="$(uci get dhcp.@dnsmasq[0].domain)"<br />
OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"<br />
OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br />
OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br />
NL=$'\n'<br />
<br />
# Configure VPN server<br />
umask u=rw,g=,o=<br />
grep -l -r -e "TLS Web Server Auth" "${OVPN_PKI}/issued" \<br />
| sed -e "s/^.*\///;s/\.\w*$//" \<br />
| while read -r OVPN_ID<br />
do<br />
OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br />
OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br />
cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf<br />
verb 3<br />
user nobody<br />
group nogroup<br />
dev ${OVPN_DEV}<br />
port ${OVPN_PORT}<br />
proto ${OVPN_PROTO}<br />
server ${OVPN_POOL}<br />
topology subnet<br />
client-to-client<br />
keepalive 10 120<br />
persist-tun<br />
persist-key<br />
push "dhcp-option DNS ${OVPN_DNS}"<br />
push "dhcp-option DOMAIN ${OVPN_DOMAIN}"<br />
push "redirect-gateway def1"<br />
push "persist-tun"<br />
push "persist-key"<br />
<dh>${NL}${OVPN_DH}${NL}</dh><br />
<tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br />
<ca>${NL}${OVPN_CA}${NL}</ca><br />
<cert>${NL}${OVPN_CERT}${NL}</cert><br />
<key>${NL}${OVPN_KEY}${NL}</key><br />
EOF<br />
done<br />
/etc/init.d/openvpn restart<br />
<br />
5. Create client configuration file:<br />
<br />
# Fetch IP address<br />
OVPN_SERV=`wget -qO- ifconfig.co`<br />
<br />
# Configuration parameters<br />
OVPN_DIR="/etc/openvpn"<br />
OVPN_PKI="/etc/easy-rsa/pki"<br />
OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br />
OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br />
OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br />
OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br />
OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br />
NL=$'\n'<br />
<br />
# Generate VPN client profiles<br />
umask u=rw,g=,o=<br />
grep -l -r -e "TLS Web Client Auth" "${OVPN_PKI}/issued" \<br />
| sed -e "s/^.*\///;s/\.\w*$//" \<br />
| while read -r OVPN_ID<br />
do<br />
OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br />
OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br />
cat << EOF > ${OVPN_DIR}/${OVPN_ID}.ovpn<br />
verb 3<br />
dev ${OVPN_DEV%%[0-9]*}<br />
nobind<br />
client<br />
remote ${OVPN_SERV} ${OVPN_PORT} ${OVPN_PROTO}<br />
auth-nocache<br />
remote-cert-tls server<br />
<tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br />
<ca>${NL}${OVPN_CA}${NL}</ca><br />
<cert>${NL}${OVPN_CERT}${NL}</cert><br />
<key>${NL}${OVPN_KEY}${NL}</key><br />
EOF<br />
done<br />
ls ${OVPN_DIR}/*.ovpn</div>
Meadmin