OpenVPN Remote Access by Static Key (The Simple Way)

From DD-WRT Wiki

Jump to: navigation, search

WORK-IN-PROGRESS DRAFT ***** WORK-IN-PROGRESS DRAFT ***** WORK-IN-PROGRESS DRAFT

This is a simple VPN recipe for remote access to a private LAN behind a wireless router running DD-WRT.

Contents

[edit] Introduction

OpenVPN has much to recommend it, but setup can be complicated and tricky, and much of the available documentation isn't terribly helpful to non-experts.

Static Key

Tunnel

[edit] IP Addressing

To avoid IP address conflicts:

  • the private LAN IP subnet
  • the VPN subnet
  • the remote LAN subnet

must all be different from each other.

The problem in this context is that you probably won't have control over the remote LAN subnet, so you must choose subnets for the private LAN and the VPN that are unlikely to conflict. This example uses:

  • 192.168.111.0 for the private LAN
  • 192.168.112.0 for the VPN

[edit] OpenVPN in DD-WRT

[edit] Static IP or Dynamic DNS

[edit] Generating the Static Key

[edit] OpenVPN Server Commands

cat <<EOF >/tmp/openvpn.$$.tmp
dev tun
ifconfig 192.168.112.1 192.168.112.2
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
daemon
<secret>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</secret>
EOF
openvpn /tmp/openvpn.$$.tmp

[edit] Firewall Commands

iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT

[edit] OpenVPN Client Configuration

remote nnn.nnn.nnn.nnn
dev tun
ifconfig 192.168.112.2 192.168.112.1
route 192.168.111.0 255.255.255.0
secret secret.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

[edit] Connecting

[edit] Troubleshooting