OpenWrt Forum Archive

Topic: HTTP through VPN Tunnel

The content of this topic has been archived on 17 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
toelen
14 Dec 2005, 15:01

Hi,
I would like to do the following with a WRT54GL:
- install vpnc and setup a VPN connection
- install srelay and route all traffic through the vpn tunnel

This is not going without any problems. I have installed openwrt and it is running like a charm. Configuring it is something completely different. I will only connect one cable, so all traffic should go through this one cable (probably the WAN port). Every time I reboot the machine all changes are gone, how can I write everything installed to ROM, or do I have to compile my own firmware?

Regards,
Leen Toelen

Post #2
toelen
14 Dec 2005, 15:10

Reading this agian, I think it is probably safer to connect two ports with two IP adresses, one for management, and one for the tunnel.

Post #3
rAWTAZ
14 Dec 2005, 15:19

Can you not use OpenVPN instead? It works like a charm for me.

I'm sure some top-security gurus that's been using VPNs for ages would say it's a lame thing, but I don't see a problem with it, it works well, and it's gotten some good opinions too smile

Post #4
toelen
14 Dec 2005, 15:23

Well, the other network I have to VPN to is using a Cisco server, I don't think openvpn can connect to it.

Post #5
rAWTAZ
14 Dec 2005, 15:27
toelen wrote:

Well, the other network I have to VPN to is using a Cisco server, I don't think openvpn can connect to it.

Oh smile I guess that's an issue ^^ As long as you dont want to mix in a server behind the Cisco thingie of course. I have, but I don't have that complex of a LAN. One central router, two border gateways, and the VPN between one server there and my home network, with the router having a route to the server for my home network of course.

Post #6
toelen
14 Dec 2005, 15:34

First things firts, anyone knows how to edit /etc/ipkg.cnf, install some packages andf save the changes to flash? That would be greatly helpful.

Regards,
Leen

Post #7
rAWTAZ
14 Dec 2005, 15:39

To edit the file you rm the link thats currently there to /rom/etc/ipkg.conf, and cp /rom/etc/ipkg.conf /etc and edit it.

Someone else should really answer this, but "install some packages and save the changes to flash" sounds like `ipkg install <packagename>`, perhaps after `ipkg update` and `ipkg list`.

Look in the wiki if you're new to ipkg and I didn't misunderstand your question wink

Post #8
toelen
14 Dec 2005, 16:32

I did the following:
rm /etc/ipkg.conf
cp /rom/etc/ipkg.conf /etc
vi /etc/ipkg.conf


##########################################
src whiterussian http://downloads.openwrt.org/whiterussian/packages
src non-free http://downloads.openwrt.org/whiterussi … s/non-free

src florian http://openwrt.alphacore.net/

dest root /
dest ram /tmp
##########################################



ipkg update
ipkg install vpnc libgcrypt srelay kmod-tun
insmod tun

vi /etc/vpnc.conf


##########################################
Interface name myvpn
IPSec gateway 167.293.56.144
IPSec ID ipsec
IPSec secret cisco123
Xauth username myuser
Xauth password mypass
##########################################

vpnc


ifconfig
##########################################
...

vpnlink   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:157.193.29.145  P-t-P:157.193.29.145  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
##########################################

So far, so good. When I leave the device running everything works fine. But when I reboot, all changes are lost and I have a default firmware again. Is it possible to save changes, and if so, how. Is there some command to write the ram to rom?
The alternative is to make my own firmware version, but that is alot more work.

Regards,
Leen

Post #9
rAWTAZ
15 Dec 2005, 08:59

Are you saying that your configuration, for example the file /etc/vpnc.conf, is lost/removed along with a reboot? That's the weirdest I've hear, all my files that i create on the writeable /etc stays put smile

If you just mean that the tunnel/vpnc doesn't go up with a boot, you might want to look into /etc/init.d and write a startup script for the vpnc. Look in the wiki for more info on this. The tunnel software needs to be started.

Post #10
toelen
15 Dec 2005, 09:06

Hi,

I solved the deletion of all files by performing mtd unlock linux; jffs2root --clean, as found on the bugzilla.

Regards,
Leen

Post #11
birky
30 Dec 2005, 21:53

hi,
the tunnel is up, but no packets are going through tunnel.

I think, that I need add routing rules to both sides.
Please how can I add routing rules to the OpenWrt ?

Thanks

Post #12
birky
6 Jan 2006, 15:32

I can ping the destination network 10.10.10.1 from OpenWRT,when I add this route:
             
      route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

But I don't know ping the 10.10.10.1 from PC behind OpenWRT router (on LAN, WLAN)

Gabriel

The discussion might have continued from here.