OpenWrt Forum Archive

Topic: [HELP] OpenVpn configuration

The content of this topic has been archived on 21 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
vital21
22 Oct 2016, 11:30

Hi there,

I've recently got a new hardware - ASUS RT-N66U running Chaos Calmer 15.05.1

I'm not a pro in Networking and Routing, and after reading tons of guides, I'm totally confused.

Thats why Im here, asking you for help. I will appreciate any piece of advice!

So, my current setup looks like:



                                                          ------------ISP------------

                                                                          |

                                                   =========ASUS RT-N66U-=====

                                                                           |

                                            OpenVpn Client (default setup, which route all traffic)   
     
                                                   |                        |                             |

                        TPLINK (for WiFi)                  client1(eth)                client2(eth)

                                                   |
                                         clients ( 3,4...)





                                                 
Question#1: "How could I setup target routing?"  (for example: client1 to VPN, client2 to ISP )

unfortunately I need to say that I'm totally noob in iptables...and i cant find any Openvpn GUI for Chaos Calmer...

Question#2:  "How could I setup the SSH tunnel for specific client?"    (something like Openssh>>socks>>route client to socks>>client appears at SSH server network>>> profit )


I really hope for your help, community!

My configs:

network

config switch 'eth0'
        option name 'eth0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'eth0'
        option vlan '1'
        option ports '1 2 3 4 8t'

config switch_vlan
        option device 'eth0'
        option vlan '2'
        option ports '0 8t'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option force_link '1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ifname 'eth0.1'
        option ipaddr '192.168.21.1'
        option delegate '0'
        option dns '4.2.2.1 8.0.31.0'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option username 'XXXXXXXX'
        option password 'XXXXXXXX'
        option delegate '0'

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'
        option delegate '0'
        option auto '1'

firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'lan'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wwan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config forwarding
        option dest 'wan'
        option src 'lan'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option network 'vpn0'
        option name 'openvpn'

config forwarding
        option dest 'lan'
        option src 'openvpn'

config forwarding
        option dest 'openvpn'
        option src 'lan'
Post #2
mikma
22 Oct 2016, 15:53

#1: Using multiple wan links isn't trivial (VPN+ISP). Have a look at the mwan3 package (multi-wan policy routing).

Post #3
bolvan
22 Oct 2016, 17:44

Q1: Either use multiwan package or configure your own policy routing (requires knowledge of iptables, multiple routing tables and ip rules). Policy routing can be configured in /etc/config/network, no need in explicit iptables commands.
Q2: Thread how to use ssh as vpn : https://forum.openwrt.org/viewtopic.php?id=67632

(Last edited by bolvan on 22 Oct 2016, 17:50)

The discussion might have continued from here.