logo

한국어

[OpenWRT] OpenVPN Server/Client 설정

관리자 2014.05.15 02:11 조회 수 : 203

※ 시스템의 시간이 맞는지 먼저 확인하라.

■ Server (OpenBSD)

port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/server.crt.x509"
key "/var/_utm/etc/openvpn/keys/server.key.pem"
dh "/var/_utm/etc/openvpn/keys/dh2048.pem"
client-to-client
server 172.31.0.0 255.255.0.0
duplicate-cn
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
max-clients 0
user _utm
group _utm
mtu-test
nice 0
keepalive 10 120
max-clients 1024
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun
push "route 172.16.0.0 255.255.0.0"
route 192.168.5.0 255.255.255.0

# 클라이언트에게 아래대로 라우팅을 하도록 지시한다.
# 서버측의 사설 네트워크를 명시한다.
push "route 192.168.2.0 255.255.255.0"

# 서버쪽에 라우팅 테이블을 추가한다.
# 클라이언트 쪽의 사설 네트워크를 명시한다. (여러줄 가능)
route 192.168.1.0 255.255.255.0


■ Server (pf.conf에 추가)

pass in quick on bge1 inet from <Client Network> to <Server Network> rdr-to tun0
or
pass in quick on bge1 inet from 192.168.2.0/24 to 192.168.1.0/24 rdr-to tun0:network:0


■ Client (OpenWRT /etc/config/openvpn)

package openvpn

config openvpn openvpn
        # Set to 1 to enable this instance:
        option enabled 1
        # Include OpenVPN configuration
        option config /etc/openvpn/openvpn.conf


■ Client (OpenWRT /etc/openvpn/openvpn.conf)

client
port 1194
proto udp
writepid "/var/_utm/run/openvpn.pid"
dev tun
ca "/var/_utm/etc/openvpn/keys/ca.crt.pem"
cert "/var/_utm/etc/openvpn/keys/client.crt.x509"
key "/var/_utm/etc/openvpn/keys/client.key.pem"
remote "106.240.241.163"
keepalive 10 120
cipher aes-256-cbc
auth sha1
comp-lzo
user _utm
group _utm
keepalive 10 120
ns-cert-type server
resolv-retry infinite
route-delay 2
mtu-test
nobind
pull
status "/var/_utm/log/openvpn/openvpn.status"
log "/var/_utm/log/openvpn/openvpn.log"
verb 0
mute 20
persist-key
persist-tun

■ Client (OpenWRT /etc/config/network에 추가)

config interface 'openvpn'
        option ifname 'tun0'
        option defaultroute '0'
        option peerdns '0'
        option proto 'none'

■ Client (OpenWRT /etc/config/firewall에 추가)

config forwarding
        option src 'lan'
        option dest 'openvpn'

option name 'openvpn'
        option network 'openvpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'


번호 제목 날짜 조회 수
8 OpenWRT VLAN 설정 2014.05.14 265
7 OpenWRT에 pure-ftpd 설치하기 2014.05.04 33
6 ipTIME N604M 2014.05.03 197
5 TP-Link TL-WR740N 2014.05.03 51
4 OpenWRT StrongSwan IPSec VPN 설정 file 2014.05.02 160
3 OpenWRT Package 제작 2014.05.02 78
2 OpenWRT Cross Compile 2014.05.01 343
1 CentOS x86_64에 libmagic 최신버전 설치 2014.04.25 20