You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.8 KiB
1.8 KiB
| title |
|---|
| openssh and openwrt |
Success! Unrestricted, encrypted internet access from my laptop to a linksys wrt54g running openwrt. The OpenSSH documentation and irc channel bot were especially helpful - follow them for generating the keys, and use a configuration like the one below if you want all your internet traffic routed through a tunnel. The firewall.user I would not copy directly, since it is overly open. Since I have almost no clue to how IPTables works, any help on simplifying it would be appreciated.
client.conf:
client
dev tun
proto udp
pull # new for 2.1
remote fayth.ath.cx 1194
nobind
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/fayth.crt
key /etc/openvpn/keys/fayth.key
dh /etc/openvpn/keys/dh2048.pem
comp-lzo
verb 3
server.conf:
### connection
port 1194
proto udp
dev tun
client-to-client
# security
user nobody
group nobody
### keys
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
### routing
server 10.8.0.0 255.255.255.0
### make sure to include def1
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
### logging
comp-lzo
keepalive 10 120
status /tmp/openvpn.status
/etc/firewall.user:
iptables -I FORWARD -j ACCEPT
### OpenVPN
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE