diff options
Diffstat (limited to 'vpntunnel.page')
| -rw-r--r-- | vpntunnel.page | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/vpntunnel.page b/vpntunnel.page new file mode 100644 index 0000000..e93619c --- /dev/null +++ b/vpntunnel.page @@ -0,0 +1,85 @@ + +On the server side, install openvpn 2.3 (beta): + + http://repos.openvpn.net/repos/apt/squeeze-snapshots/ + +On the router, install openvpn-devel ipkg. + +## Server Configuration + +/etc/openvpn/server.conf: + + script-security 2 + ;local a.b.c.d + port 1194 + + dev tun0 + tun-ipv6 + tls-server + mode server + proto tcp-server + up-restart + ifconfig-ipv6 fec0::1/64 fec0::1 + route-ipv6 2600:3c03:e001:1300::/56 fec0::1 + ;server-ipv6 2600:3c03:e001:1300::1/64 + server 10.4.0.0 255.255.0.0 + + ;ifconfig-pool-persist ipp.txt 0 + ccd-exclusive + client-config-dir /etc/openvpn/clients + + comp-lzo + persist-key + persist-tun + status openvpn-status.log + log-append openvpn.log + +mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like +/etc/openvpn/ttt: + + iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1 + +if you must have ipv4 routing with NAT: + + iroute 10.4.0.10 10.4.0.1 + iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1 + +## rooter Configuration + +/etc/openvpn/client.conf: + + verb 3 + mute 20 + + client + pull + dev tun0 + tun-ipv6 1 + proto tcp-client + tls-client + + remote sniffles.rooter.is 1194 + resolv-retry infinite + nobind + persist-key + persist-tun + ca /etc/openvpn/rooter_ca.crt + cert /etc/openvpn/ttt.crt + key /etc/openvpn/ttt.key + + comp-lzo yes + ping 10 + ping-restart 120 + +Go to "Network" tab of web interface and create new "wan6" interface with the +"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6 +gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall +zone. + +-> static config +-> don't sent RA + +## References + +- http://www.greenie.net/ipv6/openvpn.html +- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage |