Posted: Sat Jun 29, 2019 19:05 Post subject: Установка VPN
Ребята я новичок и мне нужна помощь по настройке впр на роутере. На роутере уже установлена прошивка wrt со всеми плагинами под различные виды впн. В нашей стране жестко блокируют большинство впн. Кто сможет помощь настроить мне ваш впн на мой роутер для теста? Если будет работать я готов купить подписку. Жду помощи... спасибо!
Posted: Tue Jul 09, 2019 17:29 Post subject: Re: Установка VPN
Merdan wrote:
Ребята я новичок и мне нужна помощь по настройке впр на роутере. На роутере уже установлена прошивка wrt со всеми плагинами под различные виды впн. В нашей стране жестко блокируют большинство впн. Кто сможет помощь настроить мне ваш впн на мой роутер для теста? Если будет работать я готов купить подписку. Жду помощи... спасибо!
root@My:/opt/etc/init.d# opkg install openconnect
Installing openconnect (8.01-1) to root...
Downloading http://bin.entware.net/mipssf-k3.4/openconnect_8.01-1_mips-3.4.ipk
Installing resolveip (2) to root...
Downloading http://bin.entware.net/mipssf-k3.4/resolveip_2_mips-3.4.ipk
Installing vpnc-scripts (20151220-1) to root...
Downloading http://bin.entware.net/mipssf-k3.4/vpnc-scripts_20151220-1_all.ipk
Installing libgmp (6.1.2-2) to root...
Downloading http://bin.entware.net/mipssf-k3.4/libgmp_6.1.2-2_mips-3.4.ipk
Installing libnettle (3.4.1-2) to root...
Downloading http://bin.entware.net/mipssf-k3.4/libnettle_3.4.1-2_mips-3.4.ipk
Installing libatomic (7.4.0-8) to root...
Downloading http://bin.entware.net/mipssf-k3.4/libatomic_7.4.0-8_mips-3.4.ipk
Installing libgnutls (3.6.7-1) to root...
Downloading http://bin.entware.net/mipssf-k3.4/libgnutls_3.6.7-1_mips-3.4.ipk
Installing libtasn1 (4.13-2) to root...
Downloading http://bin.entware.net/mipssf-k3.4/libtasn1_4.13-2_mips-3.4.ipk
Configuring resolveip.
Configuring vpnc-scripts.
Configuring libgmp.
Configuring libnettle.
Configuring libatomic.
Configuring libgnutls.
Configuring libtasn1.
Configuring openconnect.
root@My:/opt/etc/init.d# openconnect -h
Usage: openconnect [options] <server>
Open client for multiple VPN protocols, version v8.01
Using GnuTLS. Features present: HOTP software token, TOTP software token, System keys, DTLS, ESP
--config=CONFIGFILE Read options from config file
-V, --version Report version number
-h, --help Display help text
Set VPN protocol:
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect / Pulse Secure SSL VPN
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
Authentication:
-u, --user=NAME Set login username
--no-passwd Disable password/SecurID authentication
--non-inter Do not expect user input; exit if it is required
--passwd-on-stdin Read password from standard input
--authgroup=GROUP Choose authentication login selection
-F, --form-field=FORM:OPT=VALUE Provide authentication form responses
-c, --certificate=CERT Use SSL client certificate CERT
-k, --sslkey=KEY Use SSL private key file KEY
-e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS
-g, --usergroup=GROUP Set login usergroup
-p, --key-password=PASS Set key passphrase or TPM SRK PIN
--key-password-from-fsid Key passphrase is fsid of file system
--token-mode=MODE Software token type: rsa, totp or hotp
--token-secret=STRING Software token secret
(NOTE: libstoken (RSA SecurID) disabled in this build)
(NOTE: Yubikey OATH disabled in this build)
Server validation:
--servercert=FINGERPRINT Server's certificate SHA1 fingerprint
--no-cert-check Do not require server SSL cert to be valid
--no-system-trust Disable default system certificate authorities
--cafile=FILE Cert file for server verification
Internet connectivity:
-P, --proxy=URL Set proxy server
--proxy-auth=METHODS Set proxy authentication methods
--no-proxy Disable proxy
--libproxy Use libproxy to automatically configure proxy
(NOTE: libproxy disabled in this build)
--reconnect-timeout Connection retry timeout in seconds
--resolve=HOST:IP Use IP when connecting to HOST
--passtos copy TOS / TCLASS when using DTLS
--dtls-local-port=PORT Set local port for DTLS and ESP datagrams
Authentication (two-phase):
-C, --cookie=COOKIE Use authentication cookie COOKIE
--cookie-on-stdin Read cookie from standard input
--authenticate Authenticate only and print login info
--cookieonly Fetch and print cookie only; don't connect
--printcookie Print cookie before connecting
Process control:
-b, --background Continue in background after startup
--pid-file=PIDFILE Write the daemon's PID to this file
-U, --setuid=USER Drop privileges after connecting
Logging (two-phase):
-l, --syslog Use syslog for progress messages
-v, --verbose More output
-q, --quiet Less output
--dump-http-traffic Dump HTTP authentication traffic (implies --verbose
--timestamp Prepend timestamp to progress messages
VPN configuration script:
-i, --interface=IFNAME Use IFNAME for tunnel interface
-s, --script=SCRIPT Shell command line for using a vpnc-compatible config script
default: "/opt/lib/netifd/vpnc-script"
-S, --script-tun Pass traffic to 'script' program, not tun
Tunnel control:
--disable-ipv6 Do not ask for IPv6 connectivity
-x, --xmlconfig=CONFIG XML config file
-m, --mtu=MTU Request MTU from server (legacy servers only)
--base-mtu=MTU Indicate path MTU to/from server
-d, --deflate Enable stateful compression (default is stateless only)
-D, --no-deflate Disable all compression
--force-dpd=INTERVAL Set minimum Dead Peer Detection interval
--pfs Require perfect forward secrecy
--no-dtls Disable DTLS and ESP
--dtls-ciphers=LIST OpenSSL ciphers to support for DTLS
-Q, --queue-len=LEN Set packet queue limit to LEN pkts
Local system information:
--useragent=STRING HTTP header User-Agent: field
--local-hostname=STRING Local hostname to advertise to server
--os=STRING OS type (linux,linux-64,win,...) to report
--version-string=STRING reported version string during authentication
(default: v8.01)
Trojan binary (CSD) execution:
--csd-user=USER Drop privileges during trojan execution
--csd-wrapper=SCRIPT Run SCRIPT instead of trojan binary
Server bugs:
--no-http-keepalive Disable HTTP connection re-use
--no-xmlpost Do not attempt XML POST authentication
For assistance with OpenConnect, please see the web page at
http://www.infradead.org/openconnect/mail.html
root@My:/opt/etc/init.d# openconnect yourvpn.example.com
POST https://yourvpn.example.com/
getaddrinfo failed for host 'yourvpn.example.com': Name or service not known
Failed to open HTTPS connection to yourvpn.example.com
Failed to obtain WebVPN cookie
root@My:/opt/etc/init.d#
Есть вариант запуска через конфиг или в ручную. При необходимости
А так для начала установить openconnect на ваш роутер, так как в dd-wrt его нет, есть только OpenVPN да и то не во всех прошивках (зависит от размера flash памяти в роутер):
1. Поставить Entware описано по ссылке выше
2. Поставить "opkg install openconnect"
3. Дать команду "insmod tun.ko"
4. Попробовать потом дать команду
"openconnect vpn.server.ip -u username --no-cert-check < /opt/etc/openconnect/vpn1openc.passwd"
где в файле храниться пароль /opt/etc/openconnect/vpn1openc.passwd
В любом случае без начала изучения даже и не стоит и начинать.