logo

한국어

[OpenWRT] OpenVPN Server/Client 설정

관리자 2014.05.15 02:11 조회 수 : 204

※ 시스템의 시간이 맞는지 먼저 확인하라.

■ Server (OpenBSD)

port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/server.crt.x509"
key "/var/_utm/etc/openvpn/keys/server.key.pem"
dh "/var/_utm/etc/openvpn/keys/dh2048.pem"
client-to-client
server 172.31.0.0 255.255.0.0
duplicate-cn
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
max-clients 0
user _utm
group _utm
mtu-test
nice 0
keepalive 10 120
max-clients 1024
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun
push "route 172.16.0.0 255.255.0.0"
route 192.168.5.0 255.255.255.0

# 클라이언트에게 아래대로 라우팅을 하도록 지시한다.
# 서버측의 사설 네트워크를 명시한다.
push "route 192.168.2.0 255.255.255.0"

# 서버쪽에 라우팅 테이블을 추가한다.
# 클라이언트 쪽의 사설 네트워크를 명시한다. (여러줄 가능)
route 192.168.1.0 255.255.255.0


■ Server (pf.conf에 추가)

pass in quick on bge1 inet from <Client Network> to <Server Network> rdr-to tun0
or
pass in quick on bge1 inet from 192.168.2.0/24 to 192.168.1.0/24 rdr-to tun0:network:0


■ Client (OpenWRT /etc/config/openvpn)

package openvpn

config openvpn openvpn
        # Set to 1 to enable this instance:
        option enabled 1
        # Include OpenVPN configuration
        option config /etc/openvpn/openvpn.conf


■ Client (OpenWRT /etc/openvpn/openvpn.conf)

client
port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/client.crt.x509"
key "/var/_utm/etc/openvpn/keys/client.key.pem"
remote "106.240.241.163"
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
user _utm
group _utm
keepalive 10 120
ns-cert-type server
resolv-retry infinite
route-delay 2
mtu-test
nobind
pull
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun

■ Client (OpenWRT /etc/config/network에 추가)

config interface 'openvpn'
        option ifname 'tun0'
        option defaultroute '0'
        option peerdns '0'
        option proto 'none'

■ Client (OpenWRT /etc/config/firewall에 추가)

config forwarding
        option src 'lan'
        option dest 'openvpn'

option name 'openvpn'
        option network 'openvpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'


번호 제목 날짜 조회 수
28 ipTIME N702BCM file 2018.04.20 242
27 OpenWRT 빌드환경 구축 (Ubuntu) 2018.04.16 144
26 OpenWRT, DD-WRT 국내 지원 모델 2018.04.13 133
25 Buffalo WHR-G300N V2 2016.04.06 188
24 ipTIME N604M 2016.04.06 253
23 SL-R6804 2016.04.06 249
22 TP-LINK TL-WR740N v4.22 2016.04.06 88
21 OpenWRT 이미지 빌드 2014.06.03 85
20 OpenWRT 기본 방화벽 룰셋 2014.06.03 95
19 kernel compile 2014.06.02 20
18 firmware-mod-kit의 펌웨어(bin) 추출과정 설명 2014.05.31 756
17 OpenWRT BuildRoot 중요 디렉토리 및 파일 2014.05.24 120
16 [OpenWRT] gnutls 컴파일 오류 해결방법 2014.05.24 33
15 dts 파일 컴파일 2014.05.23 1302
14 SL-R6804 정보 file 2014.05.23 51
13 MIPS Core군 정리 file 2014.05.19 85
12 OpenWRT 빌드환경 구축 (CentOS 6.5 x86_64) file 2014.05.17 104
11 OpenWRT Boot Sequence 2014.05.17 56
10 OpenWRT BuildRoot 빌드 방법 2014.05.17 198
» [OpenWRT] OpenVPN Server/Client 설정 2014.05.15 204