logo

한국어

[OpenWRT] OpenVPN Server/Client 설정

관리자 2014.05.15 02:11 조회 수 : 193

※ 시스템의 시간이 맞는지 먼저 확인하라.

■ Server (OpenBSD)

port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/server.crt.x509"
key "/var/_utm/etc/openvpn/keys/server.key.pem"
dh "/var/_utm/etc/openvpn/keys/dh2048.pem"
client-to-client
server 172.31.0.0 255.255.0.0
duplicate-cn
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
max-clients 0
user _utm
group _utm
mtu-test
nice 0
keepalive 10 120
max-clients 1024
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun
push "route 172.16.0.0 255.255.0.0"
route 192.168.5.0 255.255.255.0

# 클라이언트에게 아래대로 라우팅을 하도록 지시한다.
# 서버측의 사설 네트워크를 명시한다.
push "route 192.168.2.0 255.255.255.0"

# 서버쪽에 라우팅 테이블을 추가한다.
# 클라이언트 쪽의 사설 네트워크를 명시한다. (여러줄 가능)
route 192.168.1.0 255.255.255.0


■ Server (pf.conf에 추가)

pass in quick on bge1 inet from <Client Network> to <Server Network> rdr-to tun0
or
pass in quick on bge1 inet from 192.168.2.0/24 to 192.168.1.0/24 rdr-to tun0:network:0


■ Client (OpenWRT /etc/config/openvpn)

package openvpn

config openvpn openvpn
        # Set to 1 to enable this instance:
        option enabled 1
        # Include OpenVPN configuration
        option config /etc/openvpn/openvpn.conf


■ Client (OpenWRT /etc/openvpn/openvpn.conf)

client
port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/client.crt.x509"
key "/var/_utm/etc/openvpn/keys/client.key.pem"
remote "106.240.241.163"
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
user _utm
group _utm
keepalive 10 120
ns-cert-type server
resolv-retry infinite
route-delay 2
mtu-test
nobind
pull
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun

■ Client (OpenWRT /etc/config/network에 추가)

config interface 'openvpn'
        option ifname 'tun0'
        option defaultroute '0'
        option peerdns '0'
        option proto 'none'

■ Client (OpenWRT /etc/config/firewall에 추가)

config forwarding
        option src 'lan'
        option dest 'openvpn'

option name 'openvpn'
        option network 'openvpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'


번호 제목 날짜 조회 수
28 dts 파일 컴파일 2014.05.23 1233
27 firmware-mod-kit의 펌웨어(bin) 추출과정 설명 2014.05.31 719
26 OpenWRT Cross Compile 2014.05.01 337
25 OpenWRT VLAN 설정 2014.05.14 256
24 SL-R6804 2016.04.06 247
23 ipTIME N604M 2016.04.06 246
22 ipTIME N702BCM file 2018.04.20 203
» [OpenWRT] OpenVPN Server/Client 설정 2014.05.15 193
20 ipTIME N604M 2014.05.03 192
19 OpenWRT BuildRoot 빌드 방법 2014.05.17 192
18 Buffalo WHR-G300N V2 2016.04.06 180
17 OpenWRT StrongSwan IPSec VPN 설정 file 2014.05.02 141
16 OpenWRT, DD-WRT 국내 지원 모델 2018.04.13 120
15 OpenWRT BuildRoot 중요 디렉토리 및 파일 2014.05.24 118
14 OpenWRT 빌드환경 구축 (Ubuntu) 2018.04.16 117
13 OpenWRT 빌드환경 구축 (CentOS 6.5 x86_64) file 2014.05.17 101
12 OpenWRT 기본 방화벽 룰셋 2014.06.03 88
11 TP-LINK TL-WR740N v4.22 2016.04.06 87
10 MIPS Core군 정리 file 2014.05.19 84
9 OpenWRT 이미지 빌드 2014.06.03 78