|
|
@@ -12,9 +12,11 @@
|
|
|
});
|
|
|
|
|
|
$('li').each(function(i,e){
|
|
|
- var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
|
|
|
- $(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
|
|
|
- $(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
|
|
|
+ if(!$(this).hasClass('noCheckbox')){
|
|
|
+ var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
|
|
|
+ $(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
|
|
|
+ $(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
|
|
|
+ }
|
|
|
});
|
|
|
|
|
|
$('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
|
|
|
@@ -23,7 +25,7 @@
|
|
|
theElement.empty();
|
|
|
for(l=0;l<lines.length;l++){
|
|
|
if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
|
|
|
- theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ lines[l].replace(/"/g, '"') +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
|
|
|
+ theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ $.trim(lines[l].replace(/"/g, '"')) +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
|
|
|
} else {
|
|
|
theElement.append(lines[l]);
|
|
|
}
|
|
|
@@ -33,9 +35,15 @@
|
|
|
$(document).on('click','input.copy-text',function(){
|
|
|
theButton = $(this);
|
|
|
$('input.copy-text').attr('src','images/clipboard.png');
|
|
|
- $('span.copy-animation').removeClass('copy-animation');
|
|
|
+ $('span.copy-animation,span.copy-animation-ps').removeClass('copy-animation copy-animation-ps');
|
|
|
try {
|
|
|
- $('#'+ theButton.attr('rel')).addClass('copy-animation');
|
|
|
+ if($('#'+ theButton.attr('rel')).parent('div').hasClass('PS')){
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation-ps');
|
|
|
+ } else if($('#'+ theButton.attr('rel')).parent('div').hasClass('CMD')){
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation-cmd');
|
|
|
+ } else {
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation');
|
|
|
+ }
|
|
|
navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
|
|
|
theButton.attr('src','images/clipboard_active.png');
|
|
|
} catch(err) {
|
|
|
@@ -57,8 +65,8 @@
|
|
|
});
|
|
|
|
|
|
if(window.self !== window.top){
|
|
|
- window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
|
|
|
- }
|
|
|
+ window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
|
|
|
+ }
|
|
|
});
|
|
|
</script>
|
|
|
<link href="css/steps.css" rel="stylesheet" type="text/css" />
|
|
|
@@ -71,295 +79,191 @@
|
|
|
</div>
|
|
|
<div></div>
|
|
|
<div id="content">
|
|
|
- <h2>
|
|
|
- Create Required Certificates</h2>
|
|
|
+ <p>This is part five of a series of creating your own self-signed PKI and some ways to utilize the PKI to setup SSL for your web server or create your own OpenVPN server.</p>
|
|
|
+
|
|
|
+<p>Disclaimer: I am not a security expert. This is just demonstrating an easy way to get OpenVPN up and running to allow access to a remote network from anywhere in the world.</p>
|
|
|
+
|
|
|
+<p>For increased security, use a non-standard TCP or UDP port for your OpenVPN server, making sure to update the client "remote" line with the matching port number.</p>
|
|
|
+
|
|
|
+<p>In this tutorial I am running DD-WRT in a VirtualBox VM. Learn how at https://www.youtube.com/watch?v=BRLukj4dZxk</p>
|
|
|
+
|
|
|
+<h2>Create Required Certificates</h2>
|
|
|
+
|
|
|
<ol>
|
|
|
- <li>
|
|
|
- Launch XCA</li>
|
|
|
- <li>
|
|
|
- Open the PKI database if it is not already (File > Open DataBase), enter password</li>
|
|
|
- <li>
|
|
|
- Click on the Certificates tab, right click on your Intermediate CA certificate</li>
|
|
|
- <li>
|
|
|
- Select New</li>
|
|
|
- <li>
|
|
|
- On the Source tab, make sure Use this Certificate for signing is selected</li>
|
|
|
- <li>
|
|
|
- Verify your Intermediate CA certificate is selected from the drop down</li>
|
|
|
- <li>
|
|
|
- Click the Subject tab</li>
|
|
|
- <li>
|
|
|
- Complete the Distinguished Name section
|
|
|
- <p>
|
|
|
- internalName: OpenVPN Server<br />
|
|
|
- countryName: US<br />
|
|
|
- stateOrProvinceName: Virginia<br />
|
|
|
- localityName: Northern<br />
|
|
|
- organizationName: i12bretro<br />
|
|
|
- organizationUnitName: i12bretro Certificate Authority<br />
|
|
|
- commonName: vpn.i12bretro.local</p>
|
|
|
+ <li>Launch XCA</li>
|
|
|
+ <li>Open the PKI database if it is not already (File > Open DataBase), enter password</li>
|
|
|
+ <li>Click on the Certificates tab, right click on your Intermediate CA certificate</li>
|
|
|
+ <li>Select New</li>
|
|
|
+ <li>On the Source tab, make sure Use this Certificate for signing is selected</li>
|
|
|
+ <li>Verify your Intermediate CA certificate is selected from the drop down</li>
|
|
|
+ <li>Click the Subject tab</li>
|
|
|
+ <li>Complete the Distinguished Name section
|
|
|
+ <p>internalName: OpenVPN Server<br />
|
|
|
+ countryName: US<br />
|
|
|
+ stateOrProvinceName: Virginia<br />
|
|
|
+ localityName: Northern<br />
|
|
|
+ organizationName: i12bretro<br />
|
|
|
+ organizationUnitName: i12bretro Certificate Authority<br />
|
|
|
+ commonName: vpn.i12bretro.local</p>
|
|
|
</li>
|
|
|
- <li>
|
|
|
- Click the Generate a New Key button</li>
|
|
|
- <li>
|
|
|
- Enter a name and set the key size to at least 2048</li>
|
|
|
- <li>
|
|
|
- Click Create</li>
|
|
|
- <li>
|
|
|
- Click on the Extensions tab</li>
|
|
|
- <li>
|
|
|
- Set the Type dropdown to End Endity</li>
|
|
|
- <li>
|
|
|
- Check the box next to Subject Key Identifier</li>
|
|
|
- <li>
|
|
|
- Update the validity dates to fit your needs</li>
|
|
|
- <li>
|
|
|
- Click the Key Usage tab</li>
|
|
|
- <li>
|
|
|
- Under Key Usage select Digital Signature and Key Encipherment</li>
|
|
|
- <li>
|
|
|
- Under Extended Key Usage select TLS Web Server Authentication</li>
|
|
|
- <li>
|
|
|
- Click the Netscape tab</li>
|
|
|
- <li>
|
|
|
- Deselect all options and clear the Netscape Comment field</li>
|
|
|
- <li>
|
|
|
- Click OK to create the certificate</li>
|
|
|
- <li>
|
|
|
- Click on the Certificates tab, right click on your Intermediate CA certificate again</li>
|
|
|
- <li>
|
|
|
- Select New</li>
|
|
|
- <li>
|
|
|
- On the Source tab, make sure Use this Certificate for signing is selected</li>
|
|
|
- <li>
|
|
|
- Verify your Intermediate CA certificate is selected from the drop down</li>
|
|
|
- <li>
|
|
|
- Click the Subject tab</li>
|
|
|
- <li>
|
|
|
- Complete the Distinguished Name section
|
|
|
- <p>
|
|
|
- internalName: OpenVPN Client #1<br />
|
|
|
- countryName: US<br />
|
|
|
- stateOrProvinceName: Virginia<br />
|
|
|
- localityName: Northern<br />
|
|
|
- organizationName: i12bretro<br />
|
|
|
- organizationUnitName: i12bretro Certificate Authority<br />
|
|
|
- commonName: VPN Client 1</p>
|
|
|
+ <li>Click the Generate a New Key button</li>
|
|
|
+ <li>Enter a name and set the key size to at least 2048</li>
|
|
|
+ <li>Click Create</li>
|
|
|
+ <li>Click on the Extensions tab</li>
|
|
|
+ <li>Set the Type dropdown to End Endity</li>
|
|
|
+ <li>Check the box next to Subject Key Identifier</li>
|
|
|
+ <li>Update the validity dates to fit your needs</li>
|
|
|
+ <li>Click the Key Usage tab</li>
|
|
|
+ <li>Under Key Usage select Digital Signature and Key Encipherment</li>
|
|
|
+ <li>Under Extended Key Usage select TLS Web Server Authentication</li>
|
|
|
+ <li>Click the Netscape tab</li>
|
|
|
+ <li>Deselect all options and clear the Netscape Comment field</li>
|
|
|
+ <li>Click OK to create the certificate</li>
|
|
|
+ <li>Click on the Certificates tab, right click on your Intermediate CA certificate again</li>
|
|
|
+ <li>Select New</li>
|
|
|
+ <li>On the Source tab, make sure Use this Certificate for signing is selected</li>
|
|
|
+ <li>Verify your Intermediate CA certificate is selected from the drop down</li>
|
|
|
+ <li>Click the Subject tab</li>
|
|
|
+ <li>Complete the Distinguished Name section
|
|
|
+ <p>internalName: OpenVPN Client #1<br />
|
|
|
+ countryName: US<br />
|
|
|
+ stateOrProvinceName: Virginia<br />
|
|
|
+ localityName: Northern<br />
|
|
|
+ organizationName: i12bretro<br />
|
|
|
+ organizationUnitName: i12bretro Certificate Authority<br />
|
|
|
+ commonName: VPN Client 1</p>
|
|
|
</li>
|
|
|
- <li>
|
|
|
- Click the Generate a New Key button</li>
|
|
|
- <li>
|
|
|
- Enter a name and set the key size to at least 2048</li>
|
|
|
- <li>
|
|
|
- Click Create</li>
|
|
|
- <li>
|
|
|
- Click on the Extensions tab</li>
|
|
|
- <li>
|
|
|
- Set the Type dropdown to End Endity</li>
|
|
|
- <li>
|
|
|
- Check the box next to Subject Key Identifier</li>
|
|
|
- <li>
|
|
|
- Update the validity dates to fit your needs</li>
|
|
|
- <li>
|
|
|
- Click the Key Usage tab</li>
|
|
|
- <li>
|
|
|
- Under Key Usage select Digital Signature, Key Agreement</li>
|
|
|
- <li>
|
|
|
- Under Extended Key Usage select TLS Web Client Authentication</li>
|
|
|
- <li>
|
|
|
- Click the Netscape tab</li>
|
|
|
- <li>
|
|
|
- Deselect all options and clear the Netscape Comment field</li>
|
|
|
- <li>
|
|
|
- Click OK to create the certificate</li>
|
|
|
- <li>
|
|
|
- On the Certificates tab, click the OpenVPN Server certificate</li>
|
|
|
- <li>
|
|
|
- Select Extra > Generate DH Parameter</li>
|
|
|
- <li>
|
|
|
- Type 2048 for DH parameter bits</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
- <li>
|
|
|
- Select a location for dh2048.pem and click Save</li>
|
|
|
+ <li>Click the Generate a New Key button</li>
|
|
|
+ <li>Enter a name and set the key size to at least 2048</li>
|
|
|
+ <li>Click Create</li>
|
|
|
+ <li>Click on the Extensions tab</li>
|
|
|
+ <li>Set the Type dropdown to End Endity</li>
|
|
|
+ <li>Check the box next to Subject Key Identifier</li>
|
|
|
+ <li>Update the validity dates to fit your needs</li>
|
|
|
+ <li>Click the Key Usage tab</li>
|
|
|
+ <li>Under Key Usage select Digital Signature, Key Agreement</li>
|
|
|
+ <li>Under Extended Key Usage select TLS Web Client Authentication</li>
|
|
|
+ <li>Click the Netscape tab</li>
|
|
|
+ <li>Deselect all options and clear the Netscape Comment field</li>
|
|
|
+ <li>Click OK to create the certificate</li>
|
|
|
+ <li>On the Certificates tab, click the OpenVPN Server certificate</li>
|
|
|
+ <li>Select Extra > Generate DH Parameter</li>
|
|
|
+ <li>Type 2048 for DH parameter bits</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Select a location for dh2048.pem and click Save</li>
|
|
|
</ol>
|
|
|
-<h2>
|
|
|
- Exporting Required Files for OpenVPN</h2>
|
|
|
+
|
|
|
+<h2>Exporting Required Files for OpenVPN</h2>
|
|
|
+
|
|
|
<ol>
|
|
|
- <li>
|
|
|
- In XCA, click on the Certificates tab</li>
|
|
|
- <li>
|
|
|
- Right click the Intermediate CA certificate > Export > File</li>
|
|
|
- <li>
|
|
|
- Set the file name with a .pem extension and verify the export format is PEM chain (*.pem)</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
- <li>
|
|
|
- Right click the OpenVPN Server certificate > Export > File</li>
|
|
|
- <li>
|
|
|
- Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
- <li>
|
|
|
- Right click the OpenVPN Client #1 certificate > Export > File</li>
|
|
|
- <li>
|
|
|
- Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
- <li>
|
|
|
- Click on the Private Keys tab</li>
|
|
|
- <li>
|
|
|
- Right click the OpenVPN Server key > Export > File</li>
|
|
|
- <li>
|
|
|
- Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
- <li>
|
|
|
- Right click the OpenVPN Client #1 key> Export > File</li>
|
|
|
- <li>
|
|
|
- Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)</li>
|
|
|
- <li>
|
|
|
- Click OK</li>
|
|
|
+ <li>In XCA, click on the Certificates tab</li>
|
|
|
+ <li>Right click the Intermediate CA certificate > Export > File</li>
|
|
|
+ <li>Set the file name with a .pem extension and verify the export format is PEM chain (*.pem)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Right click the OpenVPN Server certificate > Export > File</li>
|
|
|
+ <li>Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Right click the OpenVPN Client #1 certificate > Export > File</li>
|
|
|
+ <li>Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Click on the Private Keys tab</li>
|
|
|
+ <li>Right click the OpenVPN Server key > Export > File</li>
|
|
|
+ <li>Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Right click the OpenVPN Client #1 key> Export > File</li>
|
|
|
+ <li>Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
</ol>
|
|
|
-<h2>
|
|
|
- Setting Up OpenVPN Server in DD-WRT</h2>
|
|
|
+
|
|
|
+<h2>Setting Up OpenVPN Server in DD-WRT</h2>
|
|
|
+
|
|
|
<ol>
|
|
|
- <li>
|
|
|
- Open a web browser and navigate to your DD-WRT IP address</li>
|
|
|
- <li>
|
|
|
- Login when prompted</li>
|
|
|
- <li>
|
|
|
- Select the Administration tab</li>
|
|
|
- <li>
|
|
|
- Select the Backup sub tab</li>
|
|
|
- <li>
|
|
|
- Click Backup at the very bottom</li>
|
|
|
- <li>
|
|
|
- Save the nvrambak file somewhere safe</li>
|
|
|
- <li>
|
|
|
- Select the Services tab</li>
|
|
|
- <li>
|
|
|
- Select the VPN sub tab</li>
|
|
|
- <li>
|
|
|
- Scroll down and select enable next to OpenVPN under the OpenVPN Server/Daemon header</li>
|
|
|
- <li>
|
|
|
- Set the OpenVPN Settings as the following:
|
|
|
- <ol start="1" style="list-style-type: lower-alpha;">
|
|
|
- <li>
|
|
|
- Start Type: System</li>
|
|
|
- <li>
|
|
|
- Config as: Server</li>
|
|
|
- <li>
|
|
|
- Server mode: Router (TUN)</li>
|
|
|
- <li>
|
|
|
- Network: 10.10.28.0</li>
|
|
|
- <li>
|
|
|
- Netmask: 255.255.255.0</li>
|
|
|
- <li>
|
|
|
- Port: 1194</li>
|
|
|
- <li>
|
|
|
- Tunnel Protocol: TCP</li>
|
|
|
- <li>
|
|
|
- Encyption Cipher: AES-256 GCM</li>
|
|
|
- <li>
|
|
|
- Hash Algorithm: SHA256</li>
|
|
|
- <li>
|
|
|
- Advanced Options: Enable</li>
|
|
|
- <li>
|
|
|
- TLS Cipher: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384</li>
|
|
|
- <li>
|
|
|
- Compression: Compress lz4-v2</li>
|
|
|
- <li>
|
|
|
- Redirect default Gateway: Disable</li>
|
|
|
- <li>
|
|
|
- Allow Client to Client: Enable</li>
|
|
|
- <li>
|
|
|
- Allow duplicate CN: Disable</li>
|
|
|
- <li>
|
|
|
- Tunnel MT setting: 1500</li>
|
|
|
- <li>
|
|
|
- Tunnel UDP MSS-Fix: Disable</li>
|
|
|
- </ol>
|
|
|
+ <li>Open a web browser and navigate to your DD-WRT IP address</li>
|
|
|
+ <li>Login when prompted</li>
|
|
|
+ <li>Select the Administration tab</li>
|
|
|
+ <li>Select the Backup sub tab</li>
|
|
|
+ <li>Click Backup at the very bottom</li>
|
|
|
+ <li>Save the nvrambak file somewhere safe</li>
|
|
|
+ <li>Select the Services tab</li>
|
|
|
+ <li>Select the VPN sub tab</li>
|
|
|
+ <li>Scroll down and select enable next to OpenVPN under the OpenVPN Server/Daemon header</li>
|
|
|
+ <li>Set the OpenVPN Settings as the following:
|
|
|
+ <ol start="1" style="list-style-type: lower-alpha;">
|
|
|
+ <li>Start Type: System</li>
|
|
|
+ <li>Config as: Server</li>
|
|
|
+ <li>Server mode: Router (TUN)</li>
|
|
|
+ <li>Network: 10.10.28.0</li>
|
|
|
+ <li>Netmask: 255.255.255.0</li>
|
|
|
+ <li>Port: 1194</li>
|
|
|
+ <li>Tunnel Protocol: TCP</li>
|
|
|
+ <li>Encyption Cipher: AES-256 GCM</li>
|
|
|
+ <li>Hash Algorithm: SHA256</li>
|
|
|
+ <li>Advanced Options: Enable</li>
|
|
|
+ <li>TLS Cipher: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384</li>
|
|
|
+ <li>Compression: Compress lz4-v2</li>
|
|
|
+ <li>Redirect default Gateway: Disable</li>
|
|
|
+ <li>Allow Client to Client: Enable</li>
|
|
|
+ <li>Allow duplicate CN: Disable</li>
|
|
|
+ <li>Tunnel MT setting: 1500</li>
|
|
|
+ <li>Tunnel UDP MSS-Fix: Disable</li>
|
|
|
+ </ol>
|
|
|
+ </li>
|
|
|
+ <li>Paste the contents of OpenVPN_Server.crt into the Public Server Cert field</li>
|
|
|
+ <li>Paste the contents of CA_Chain.pem into the CA Cert field</li>
|
|
|
+ <li>Paste the contents of OpenVPN_Server.pem into the Private Server Key field</li>
|
|
|
+ <li>Paste the contents of dh2048.pem into the DH PEM field</li>
|
|
|
+ <li>Paste the following into the Additional Config field:
|
|
|
+ <p>push "route-gateway 10.10.27.27"<br />
|
|
|
+ push "route 10.10.27.0 255.255.255.0"<br />
|
|
|
+ push "dhcp-option DNS 10.10.27.1"<br />
|
|
|
+ push "dhcp-option DNS 208.67.222.222"</p>
|
|
|
</li>
|
|
|
- <li>
|
|
|
- Paste the contents of OpenVPN_Server.crt into the Public Server Cert field</li>
|
|
|
- <li>
|
|
|
- Paste the contents of CA_Chain.pem into the CA Cert field</li>
|
|
|
- <li>
|
|
|
- Paste the contents of OpenVPN_Server.pem into the Private Server Key field</li>
|
|
|
- <li>
|
|
|
- Paste the contents of dh2048.pem into the DH PEM field</li>
|
|
|
- <li>
|
|
|
- Paste the following into the Additional Config field:<br />
|
|
|
- push "route-gateway 10.10.27.27"<br />
|
|
|
- push "route 10.10.27.0 255.255.255.0"<br />
|
|
|
- push "dhcp-option DNS 10.10.27.1"<br />
|
|
|
- push "dhcp-option DNS 208.67.222.222"</li>
|
|
|
- <li>
|
|
|
- Note in the above:<br />
|
|
|
- route-gateway is the IP address of the internet gateway on your local network<br />
|
|
|
- route is the subnet of your local network<br />
|
|
|
- dhcp-option DNS sets DNS servers, in my case my domain controller and an OpenDNS server</li>
|
|
|
- <li>
|
|
|
- Click Save at the bottom</li>
|
|
|
- <li>
|
|
|
- Click Apply Settings</li>
|
|
|
- <li>
|
|
|
- Click the Administration tab</li>
|
|
|
- <li>
|
|
|
- Click the Command sub tab</li>
|
|
|
- <li>
|
|
|
- Paste the following into the Commands field<br />
|
|
|
- <p>
|
|
|
- iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT<br />
|
|
|
- iptables -I INPUT -p udp --dport 1194 -j ACCEPT<br />
|
|
|
- iptables -t nat -I PREROUTING -p tcp --dport 1194 -j ACCEPT<br />
|
|
|
- iptables -I INPUT -p tcp --dport 1194 -j ACCEPT<br />
|
|
|
- iptables -I INPUT -i tun2 -j ACCEPT<br />
|
|
|
- iptables -I FORWARD -i tun2 -j ACCEPT<br />
|
|
|
- iptables -I FORWARD -o tun2 -j ACCEPT<br />
|
|
|
- iptables -t nat -A POSTROUTING -s 10.10.28.0/24 -o eth0 -j MASQUERADE</p>
|
|
|
+ <li>Note in the above:<br />
|
|
|
+ route-gateway is the IP address of the internet gateway on your local network<br />
|
|
|
+ route is the subnet of your local network<br />
|
|
|
+ dhcp-option DNS sets DNS servers, in my case my domain controller and an OpenDNS server</li>
|
|
|
+ <li>Click Save at the bottom</li>
|
|
|
+ <li>Click Apply Settings</li>
|
|
|
+ <li>Click the Administration tab</li>
|
|
|
+ <li>Click the Command sub tab</li>
|
|
|
+ <li>Paste the following into the Commands field
|
|
|
+ <p>iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT<br />
|
|
|
+ iptables -I INPUT -p udp --dport 1194 -j ACCEPT<br />
|
|
|
+ iptables -t nat -I PREROUTING -p tcp --dport 1194 -j ACCEPT<br />
|
|
|
+ iptables -I INPUT -p tcp --dport 1194 -j ACCEPT<br />
|
|
|
+ iptables -I INPUT -i tun2 -j ACCEPT<br />
|
|
|
+ iptables -I FORWARD -i tun2 -j ACCEPT<br />
|
|
|
+ iptables -I FORWARD -o tun2 -j ACCEPT<br />
|
|
|
+ iptables -t nat -A POSTROUTING -s 10.10.28.0/24 -o eth0 -j MASQUERADE</p>
|
|
|
</li>
|
|
|
- <li>
|
|
|
- Click Save Firewall at the bottom</li>
|
|
|
- <li>
|
|
|
- Click the Management sub tab</li>
|
|
|
- <li>
|
|
|
- Click Reboot Router at the very bottom</li>
|
|
|
+ <li>Click Save Firewall at the bottom</li>
|
|
|
+ <li>Click the Management sub tab</li>
|
|
|
+ <li>Click Reboot Router at the very bottom</li>
|
|
|
</ol>
|
|
|
-<h2>
|
|
|
- Installing OpenVPN Client Software and Testing</h2>
|
|
|
+
|
|
|
+<h2>Installing OpenVPN Client Software and Testing</h2>
|
|
|
+
|
|
|
<ol>
|
|
|
- <li>
|
|
|
- Download the OpenVPN software <a href="https://openvpn.net/community-downloads/" target="_blank">Download</a></li>
|
|
|
- <li>
|
|
|
- Run the installer with all the default values</li>
|
|
|
- <li>
|
|
|
- Click the Start button and search OpenVPN GUI</li>
|
|
|
- <li>
|
|
|
- Select OpenVPN GUI from the results to start the application</li>
|
|
|
+ <li>Download the OpenVPN software <a href="https://openvpn.net/community-downloads/" target="_blank">Download</a></li>
|
|
|
+ <li>Run the installer with all the default values</li>
|
|
|
+ <li>Click the Start button and search OpenVPN GUI</li>
|
|
|
+ <li>Select OpenVPN GUI from the results to start the application</li>
|
|
|
</ol>
|
|
|
-<h2>
|
|
|
- Creating the OpenVPN Client Profile</h2>
|
|
|
+
|
|
|
+<h2>Creating the OpenVPN Client Profile</h2>
|
|
|
+
|
|
|
<ol>
|
|
|
- <li>
|
|
|
- Download the OVPN template <a href="https://drive.google.com/open?id=1cwgQfCoQmDOMbY1kW7JK4q07ijHdl37y" target="_blank">Download</a></li>
|
|
|
- <li>
|
|
|
- Rename the .ovpn template something meaningful</li>
|
|
|
- <li>
|
|
|
- Edit the .ovpn template replacing the following:<br />
|
|
|
- <p>
|
|
|
- <#replace with dynamic dns#> with a dynamic DNS or external IP address to your server<br />
|
|
|
- <#replace with CA chain#> with the contents of CA_Chain.pem<br />
|
|
|
- <#replace with client 1 cert #> with the contents of OpenVPN_Client #1.crt<br />
|
|
|
- <#replace with client 1 key #> with the contents of OpenVPN_Client #1.pk8</p>
|
|
|
+ <li>Download the OVPN template <a href="https://drive.google.com/open?id=1cwgQfCoQmDOMbY1kW7JK4q07ijHdl37y" target="_blank">Download</a></li>
|
|
|
+ <li>Rename the .ovpn template something meaningful</li>
|
|
|
+ <li>Edit the .ovpn template replacing the following:
|
|
|
+ <p><#replace with dynamic dns#> with a dynamic DNS or external IP address to your server<br />
|
|
|
+ <#replace with CA chain#> with the contents of CA_Chain.pem<br />
|
|
|
+ <#replace with client 1 cert #> with the contents of OpenVPN_Client #1.crt<br />
|
|
|
+ <#replace with client 1 key #> with the contents of OpenVPN_Client #1.pk8</p>
|
|
|
</li>
|
|
|
- <li>
|
|
|
- Save your changes</li>
|
|
|
- <li>
|
|
|
- Copy the .ovpn template to OpenVPN install directory/config</li>
|
|
|
- <li>
|
|
|
- Right click OpenVPN GUI in the system tray > Connect</li>
|
|
|
+ <li>Save your changes</li>
|
|
|
+ <li>Copy the .ovpn template to OpenVPN install directory/config</li>
|
|
|
+ <li>Right click OpenVPN GUI in the system tray > Connect</li>
|
|
|
</ol>
|
|
|
</div>
|
|
|
</div>
|
i12bretro