The content of this topic has been archived on 17 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hello all !
After ready the OpenVPN docs and HowTos i am still missing something ...
My goal would be to setup a VPN in between two WRTSL54GS routers
to route the IAX2 traffic (UDP port 4569) ... in between them (Asterisk trunk)
Now i can't figure out to accomplish this ...
Do i need to run the OpenVPN Server on one side and a VPN client or the other side ?
Or ???
I would appreciate any help. No detailed installation needed just the general setup ...
Tnx.
Noel
Tnx Vincentefox ! ... I may be missing something but i don't really see how this can help me ... (?)
I am looking fo the general procedure to setup a VPN in between 2 OpenWrt ...
so that IAX2 traffic in between the systems would go through the VPN (for secure VoIP communication) in
between the systems.
Noel
As you are not giving out much clues about what you tried and what did or didn't work I will give the most basic suggestions.
1.First install the openvpn package (ipkg install openvpn) on both sides.
2.Grab the client server example files from the openvpn website and see if you can get this to work. Login to both machines using ssh and run openvpn from the command line to see its output.
3.If you manage to achieve a working setup based on the defaults start editing the configuration on both sides
4.Post back here your exact problems with your versions of both config files. (remove specific ip addresses or domain names if you feel that is needed for security reasons).
Good luck.
As you are not giving out much clues about what you tried and what did or didn't work I will give the most basic suggestions.
Good luck.
Tnx for your reply !
Well i haven't tried anything yet as i am still trying to understand what i need to do ;-)
I have OpenVPN installed on my WRTSL54GS ...
I have read the OpenVPNHowTo: http://wiki.openwrt.org/OpenVPNHowTo?hi … 28HowTo%29
which give the setup for a VPN server on OpenWrt and VPN client on Windows ...
So i suppose i need Install the OpenVPN packages on both and configure one side as server (as above)
and the other side as a VPN client ... Right ?
BTW the Webif interface seems to offer to configure the VPN as client ...
Anyway i will give it a try later as "trying things" is the best way to learn ...
and will report later
Noel
Update ...
I have made some test with 2 WRT54GS on my local lan with one running OpenVPN Server and the other an OpenVPN client and ...
it seems to work ...
I setup the server as given in the openVPNHowTo: http://wiki.openwrt.org/OpenVPNHowTo?hi … 28HowTo%29
.. and the 2nd one using the WebIF
Here are the log for the Server and the Client
+-----------------------+
OpenVPN server Log
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Feb 13 2007
Jul 12 01:01:15 (none) kern.warn openvpn[1069]: WARNING: file '/etc/secret.key' is group or others accessible
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: TUN/TAP device tap0 opened
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Local Options hash (VER=V4): '8b888ddc'
Jul 12 01:01:15 (none) kern.notice openvpn[1069]: Expected Remote Options hash (VER=V4): '8b888ddc'
Jul 12 01:01:15 (none) kern.notice openvpn[1075]: UDPv4 link local (bound): [undef]:1194
Jul 12 01:01:15 (none) kern.notice openvpn[1075]: UDPv4 link remote: [undef]
tap0 Link encap:Ethernet HWaddr 00:FF:B4:7E:09:0C
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:163 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+-----------------------+
OpenVPN Client Log
Jul 12 00:42:06 (none) kern.notice openvpn[504]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Feb 13 2007
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 00:42:06 (none) kern.notice openvpn[504]: LZO compression initialized
Jul 12 00:42:06 (none) kern.notice openvpn[504]: TUN/TAP device tun0 opened
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Local Options hash (VER=V4): '62cf4b05'
Jul 12 00:42:06 (none) kern.notice openvpn[504]: Expected Remote Options hash (VER=V4): '62cf4b05'
Jul 12 00:42:06 (none) kern.notice openvpn[512]: UDPv4 link local: [undef]
Jul 12 00:42:06 (none) kern.notice openvpn[512]: UDPv4 link remote: 192.168.1.50:1194
Noel
Last update:
I got the openVPN Server and Client running on 2 WRT54GS to work and connect on startup.
To setup the server, i basically followed the client setup in the openVPNHowTo.
For the client, i simply used the WebIf interface.
I added the server startup script as S46openvpn under /etc/init.d
and on the client side, the WebIf interface changed the nvram value so that the client is started
Some traces:
openVPN client
476 root 1076 S openvpn --proto udp --port 1194 --remote 192.168.1.50
openVPN Server
507 root 1092 S /usr/sbin/openvpn --daemon --config /etc/server.ovpn
tap0 Link encap:Ethernet HWaddr 00:FF:7A:39:4F:92
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:1498 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Strangely ifconfig doesn't display a tun0 interface on the client ?
but according to the log it seems ok ... :
Jul 12 17:47:54 (none) kern.notice openvpn[468]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Feb 13 2007
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 12 17:47:54 (none) kern.notice openvpn[468]: LZO compression initialized
Jul 12 17:47:54 (none) kern.notice openvpn[468]: TUN/TAP device tun0 opened
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Local Options hash (VER=V4): '62cf4b05'
Jul 12 17:47:54 (none) kern.notice openvpn[468]: Expected Remote Options hash (VER=V4): '62cf4b05'
Jul 12 17:47:55 (none) kern.notice openvpn[476]: UDPv4 link local: [undef]
Jul 12 17:47:55 (none) kern.notice openvpn[476]: UDPv4 link remote: 192.168.1.50:1194
It says tun0 opened and connects to the server (on lan)
+==============================================+
I am still unsure on the VPN workings ...
could someone tell me please:
If i understand all traffic going in between the VPN server and client will be "tuneled" trough the VPN
no matter the dest ports or protocols ... Right ?
... so that the VPN will encapsulate, encript and optionally compress the data transiting in between the 2 systems ... Right ?
... and everything will transit on port 1194 ... Right or ?
Thanks for anyone willing to contibute to my education ;-)
Noel
The discussion might have continued from here.