Skip to main content

VPN

PPTP

PPTP in LAN not working

LAN 網路的電腦無法連接外網的 PPTP VPN Server

解決:OpenWRT 預設不支援 PPTP 連線,需安裝 kmod-nf-nathelper-extra

opkg update
opkg install kmod-nf-nathelper-extra

  重啟設備後,重新再試一次。

OpenVPN

OpenVPN Server

Preparation

# Install packages
opkg update
opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn luci-i18n-openvpn-zh-tw

Generate Keys

# Configuration parameters
cat << EOF > /etc/profile.d/50-openvpn-easy-rsa.sh
export EASYRSA_PKI="/etc/openvpn/pki"
export EASYRSA_TEMP_DIR=${EASYRSA_TEMP_DIR:-${TMPDIR:-/tmp/}}
export EASYRSA_CERT_EXPIRE="3650"
export EASYRSA_BATCH="1"
EOF
. /etc/profile.d/50-openvpn-easy-rsa.sh

# Remove and re-initialize PKI directory
easyrsa init-pki
 
# Generate DH parameters
easyrsa gen-dh
 
# Create a new CA
easyrsa build-ca nopass
 
# Generate server keys and certificate
easyrsa build-server-full server nopass
openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/server.pem
 
# Generate client keys and certificate
easyrsa build-client-full client nopass
openvpn --tls-crypt-v2 ${EASYRSA_PKI}/server.pem \
--genkey tls-crypt-v2-client ${EASYRSA_PKI}/client.pem

OpenVPN Configuration

  1. LuCI UI → VPN → OpenVPN → Delete : custom_config/sample_server/sample_client
  2. LuCI UI → VPN → OpenVPN → Add : Template based configuration
    • Name : ovpnServer
    • Template : Server configuration for a routed multi-client VPN
  3. LuCI UI → VPN → OpenVPN → Edit : ovpnServer
    • server : 10.9.8.0 255.255.255.0      ( tun 介面網段)
    • ca : /etc/openvpn/pki/ca.crt 
    • dh : /etc/openvpn/pki/dh.pem
    • cert : /etc/openvpn/pki/issued/server.crt
    • key : /etc/openvpn/pki/private/server.key
    • port : 1194
    • proto : UDP
    • dev_type : tun
  4. LuCI UI → VPN → OpenVPN → Edit : ovpnServer (Advanced configuration) → Cryptography
    • tls-crypt-v2 : /etc/openvpn/pki/server.pem

Wireguard

Back to top