ĥ) Remark 2), 3) and 4) were tested/verified again on 27-28/Nov 2012 on the same router.Ħ) If TLS authentication is to be implemented, populate the content of ta.key(generated in step #1 remark) to the field "TLS Auth Key "īegin from "-BEGIN OpenVPN Static key V1-" to "-END OpenVPN Static key V1-" inclusive.Ĭonfigure DD-WRT as OPENVPN client ( e.g. Even after successful connection with OpenVPN server, the client's request could not be routed to WAN/internet.Ĥ) Therefore, dd-wrt.v24-17084_NEWD_openvpn_jffs_small.bin (1) is the most-updated firmware that tested to be fully working in OpenVPN and general AP/Router functions for me. Even after successful connection with OpenVPN server, the client's request could not be routed to WAN/internet.ģ) dd-wrt.v24-17990_NEWD_openvpn_jffs_small.bin (0) tested to be fail in OpenVPN. See other articles for DDNS setup in DD-WRT.Ģ) dd-wrt.v24-18946_NEWD_openvpn_jffs_small.bin (0) tested to be fail in OpenVPN. If VPN server is up properly, GUI>Status > OpenVPN, State will show message "Server: CONNECTED:Local Address:Remote Address 192.168.60.1".ġ) If your server's IP from ISP is dynamic, you can use DDNS to resolve. Reboot router and see status at Status > OpenVPN
Iptables -I FORWARD -i tun0 -o br0 -j ACCEPTĪttention : 1194 is Port number, must match with OPENVPN server configĥ. Iptables -I FORWARD -i br0 -o tun0 -j ACCEPT # Thus, we include them so that this works for more people: # These next two lines may or may not be necessary. Iptables -I INPUT -p udp -dport 1194 -j ACCEPT Iptables -I INPUT -p tcp -dport 1194 -j ACCEPT Port - 1194 or 用其他不會被官方 block 的 Port numberĪdditional Config - push "dhcp-option DNS " Server mode - Router(Tun) or Bridge (TAP), I used Router(Tun) OpenVPN = "Enable" Startup Type = "Wan Up" IMPORTANT : Need to synchronize the DD-WRT router's clock by proper configuration at Setup > BasicSetup > Time Settings Tested with DD-WRT v24-sp2 (05/17/11) vpn-small - build 17084M NEWD Eko Hong Kong Side as OpenVPN server that you can freely surf )
Note: this will create a c:\Program Files\OpenVPN\config\key.txt file, you will can rename it as ta.key which is to be used in the later configuration steps.īoth server(DD-WRT) and clients ( Windows/Android/DD-WRT) need to do the corresponding configuration with this ta.key file to make connection.Ĭonfigure DD-WRT as OPENVPN server ( e.g. If you want to implement TLS authentication, which may be helpful (not proved/tested yet) to resolve the issueĬlick on "Start > Programs ->OpenVPN ->Utility-> Generate a static OpenVPN key" Now we will find our newly-generated keys and certificates in the keys subdirectory. Always use a unique common name for each client.ħ. Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. Two other queries require positive responses, "Sign the certificate? " and "1 out of 1 certificate requests certified, commit? ". When the Common Name is queried, enter "server". In the example above, I used "OpenVPN-CA".Īs in the previous step, most parameters can be defaulted. The only parameter which must be explicitly entered is the Common Name. The final command (build-ca) will build the certificate authority (CA) certificate and key by invoking the interactive openssl command. Don't leave any of these parameters blank. Now edit the vars file (called vars.bat on Windows) and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. Run the following batch file to copy configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files):ģ.
Dd wrt v24 sp2 vpn android#
Tomleehk 發表於 21:48 OPENVPN 用 certificate 設定 : DD-WRT server,DD-WRT client, Windows, Android 本帖最後由 tomleehk 於 10:44 編輯
0 kommentar(er)
