{"id":2058,"date":"2013-10-03T22:01:16","date_gmt":"2013-10-03T20:01:16","guid":{"rendered":"http:\/\/blog.wenzlaff.de\/?p=2058"},"modified":"2021-11-22T17:16:01","modified_gmt":"2021-11-22T16:16:01","slug":"wie-wird-ein-openvpn-server-auf-openwrt-version-12-auf-eiem-tp-wr703n-router-eingerichtet","status":"publish","type":"post","link":"http:\/\/blog.wenzlaff.de\/?p=2058","title":{"rendered":"Wie wird ein OpenVPN Server auf OpenWrt (Version 12) auf eiem TP-WR703N Router eingerichtet?"},"content":{"rendered":"<p>Nach dieser <a href=\"https:\/\/oldwiki.archive.openwrt.org\/doc\/howto\/vpn.server.openvpn.tap\">Anleitung<\/a> vorgehen.<br \/>\nAuf einem lauff\u00e4higen OpenWrt mit USB-Stick zuerst <a href=\"https:\/\/openvpn.net\/\" title=\"OpenVPN\" target=\"_blank\" rel=\"noopener noreferrer\">OpenVpn<\/a> installieren:<br \/>\n<code><br \/>\nopkg update<br \/>\nopkg install openvpn<br \/>\n<\/code><\/p>\n<p>Und einen Static Key generieren.<br \/>\n<code><br \/>\nopenvpn --genkey --secret static.key<br \/>\n<\/code><br \/>\nDieser Key muss auf allen Ger\u00e4ten, die im VPN Netz sind kopiert werden.<br \/>\nAlso den Key nach \/etc unter anderen Namen kopieren oder verschieben:<br \/>\n<code><br \/>\ncp static.key \/etc\/openvpn.key<br \/>\n<\/code><\/p>\n<p>Die  <code>\/etc\/config\/firewall<\/code> Datei um diese Eintr\u00e4ge am Ende erg\u00e4nzen, damit der Port 1194 durchgelassen wird:<br \/>\n<code><br \/>\nconfig 'rule'<br \/>\n        option 'target' 'ACCEPT'<br \/>\n        option 'src' 'wan'<br \/>\n        option 'proto' 'tcp'<br \/>\n        option 'dest_port' '22'<br \/>\n        option '_name' 'ssh-wan'<\/p>\n<p>config 'rule'<br \/>\n        option '_name' 'openvpn-udp'<br \/>\n        option 'src' 'wan'<br \/>\n        option 'target' 'ACCEPT'<br \/>\n        option 'proto' 'udp'<br \/>\n        option 'dest_port' '1194'<br \/>\n<\/code><br \/>\nDie Datei <strong>\/etc\/firewall.rules<\/strong> neu anlegen mit folgenden Inhalt:<br \/>\n<code><br \/>\niptables -I OUTPUT -o tap+ -j ACCEPT<br \/>\niptables -I INPUT -i tap+ -j ACCEPT<\/p>\n<p>iptables -I FORWARD -o tap+ -j ACCEPT<br \/>\niptables -I FORWARD -i tap+ -j ACCEPT<br \/>\n<\/code><br \/>\nFolgendes Start Script anlegen<strong>\/etc\/openvpnbridge<\/strong> mit folgenden Inhalt:<br \/>\n<code><br \/>\n#!\/bin\/sh<\/p>\n<p>#\/etc\/openvpnbridge<br \/>\n# OpenVPN Bridge Config File<br \/>\n# Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge<br \/>\n# Taken from http:\/\/openvpn.net\/bridge.html<\/p>\n<p># Make sure module is loaded<br \/>\ninsmod tun<\/p>\n<p># Define Bridge Interface<br \/>\n# Preexisting on OpenWRT<br \/>\nbr=\"br0\"<\/p>\n<p># Define list of TAP interfaces to be bridged,<br \/>\n# for example tap=\"tap0 tap1 tap2\".<br \/>\ntap=\"tap0\"<\/p>\n<p># Build tap devices<br \/>\nfor t in $tap; do<br \/>\n    openvpn --mktun --dev $t<br \/>\ndone<\/p>\n<p># Add TAP interfaces to OpenWRT bridge<\/p>\n<p>for t in $tap; do<br \/>\n    brctl addif $br $t<br \/>\ndone<\/p>\n<p>#Configure bridged interfaces<\/p>\n<p>for t in $tap; do<br \/>\n    ifconfig $t 0.0.0.0 promisc up<br \/>\ndone<br \/>\n<\/code><\/p>\n<p>Und diese Datei ausf\u00fchrbar machen mit:<br \/>\n<code>chmod +x \/etc\/openvpnbridge<\/code><\/p>\n<p>Nun noch die VPN-Server Konfig Datei <strong>\/etc\/server.ovpn<\/strong> erstellen:<br \/>\n<code><br \/>\nport 1194<br \/>\nproto udp<br \/>\ndev tap<br \/>\nkeepalive 10 120<br \/>\nstatus openvpn-status.log<br \/>\nverb 3<br \/>\n# Pfad zum Static Key evl. noch dem Pfad anpassen<br \/>\nsecret \/etc\/openvpn.key<br \/>\n<\/code><\/p>\n<p>Restart des OpenWrt.<\/p>\n<p>Jetzt kann der Server gestartet werden mit:<\/p>\n<p><code>openvpn \/etc\/server.ovpn<\/code><\/p>\n<p>Wenn alles erfolgreich l\u00e4uft, wird solch eine Nachricht ausgegeben.<br \/>\n<code><br \/>\nroot@OpenWrt:\/etc# openvpn \/etc\/server.ovpn<br \/>\nThu Oct  3 19:55:59 2013 OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013<br \/>\nThu Oct  3 19:55:59 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables<br \/>\nThu Oct  3 19:55:59 2013 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key<br \/>\nThu Oct  3 19:55:59 2013 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication<br \/>\nThu Oct  3 19:55:59 2013 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key<br \/>\nThu Oct  3 19:55:59 2013 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication<br \/>\nThu Oct  3 19:55:59 2013 Socket Buffers: R=[163840->131072] S=[163840->131072]<br \/>\nThu Oct  3 19:55:59 2013 TUN\/TAP device tap0 opened<br \/>\nThu Oct  3 19:55:59 2013 TUN\/TAP TX queue length set to 100<br \/>\nThu Oct  3 19:55:59 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]<br \/>\nThu Oct  3 19:55:59 2013 UDPv4 link local (bound): [undef]:1194<br \/>\nThu Oct  3 19:55:59 2013 UDPv4 link remote: [undef]<br \/>\nThu Oct  3 19:56:03 2013 Peer Connection Initiated with 192.168.X.XXX:XXXXX<br \/>\nThu Oct  3 19:56:04 2013 Initialization Sequence Completed<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nach dieser Anleitung vorgehen. Auf einem lauff\u00e4higen OpenWrt mit USB-Stick zuerst OpenVpn installieren: opkg update opkg install openvpn Und einen Static Key generieren. openvpn &#8211;genkey &#8211;secret static.key Dieser Key muss auf allen Ger\u00e4ten, die im VPN Netz sind kopiert werden. Also den Key nach \/etc unter anderen Namen kopieren oder verschieben: cp static.key \/etc\/openvpn.key Die &hellip; <\/p>\n<p class=\"link-more\"><a href=\"http:\/\/blog.wenzlaff.de\/?p=2058\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eWie wird ein OpenVPN Server auf OpenWrt (Version 12) auf eiem TP-WR703N Router eingerichtet?\u201c <\/span>weiterlesen<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[808,695],"tags":[503,988,678,83,855,989,990],"class_list":["post-2058","post","type-post","status-publish","format-standard","hentry","category-linux-2","category-tp-wr703n","tag-install","tag-openvpn","tag-openwrt","tag-server","tag-tunnel","tag-vpn","tag-vpn-server"],"_links":{"self":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/2058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2058"}],"version-history":[{"count":0,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/2058\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2058"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}