Hi Folks,
I am new to Enigma boxes (and Linux). It took me some time to set it up to make it work mainly due to missing knowledge of linux and OpenVPN which I wanted to understand. Some beginners might see this post useful. My idea was to be able to connect from Windows based laptop or iOS device (ipad, iphone) to my home network using OpenVPN with my linuxbox as a temporary server in a secure way. Here is what follows:
1. I've installed openvpn 2.3.9 with opkg on my OpenPLI7.0
2. I've downloaded openvpn-2.3.10.tar.gz and easy-rsa-2.3.3_master with wget from openvpn site (there was no 2.3.9 release on site but only 2.3.10 and newer so chosed this one to be close to OpenVPN PLI package version)
https://build.openvp...loads/releases/ and unziped it to my box (VU+ Uno SE) tmp directory
3. I've created \etc\openvpn folder in my box and moved server.conf, client.conf and easy-rsa folder there.
4. I've changed \etc\openvpn access rights to full access
5. I've edited vars file from \etc\openvpn\easy-rsa\2.0\ and put required keys:
export KEY_COUNTRY="country" export KEY_PROVINCE="province" export KEY_CITY="city" export KEY_ORG="organization" export KEY_EMAIL="email@email" export KEY_CN=yournamehere export KEY_NAME=yournamehere export KEY_OU=yournamehere
6. I've initialized PKI:
. ./vars ./clean-all ./build-ca
7. Then built CA certificate, built server certificate and some client certificates:
./build-ca ./build-key-server server ./build-key ipad_client ./build-key notebook_client
8. Then moved all generated files from /etc/openvpn/easy-rsa/2.0/keys folder to /etc/openvpn/keys
9. Then I configured /etc/openvpn/server.conf and client.conf accordingly (ca.crt, server.key, server.crt paths for both server and client, set remote to my dyndns name and proper port on client.conf and left other setings default)
server:
ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem
client:
remote your-dyndns-or-IP port ca ca.crt cert ipad_client.crt key ipad_client.key
10. I merged client.conf and client ca, client.crt, client.key to single *.ovpn file for each one (laptop, iphone and ipad) by using <ca> </ca> tags
ipad example:
cd /etc/openvpn/keys cp /etc/openvpn/client.conf /etc/openvpn/keys/ipad_client.ovpn echo -e "\n\n<ca>\n$(cat ca.crt)\n</ca>" >> ipad_client.ovpn echo -e "\n\n<cert>\n$(cat ipad_client.crt)\n</cert>" >> ipad_client.ovpn echo -e "\n\n<key>\n$(cat ipad_client.key)\n</key>" >> ipad_client.ovpn
11. Imported *.ovpn file to my ipad with iTunes (I was not able to import *.ovpn file by sending through email) to openvpn app
12. Forwarded port in my router to local VU+ ip:vpnport
13. Created TUN adapter:
mkdir /dev/net mknod /dev/net/tun c 10 200
14. Initiated persistant tunnel and its device:
openvpn --mktun --dev tunX
15. Started VPN
/etc/init.d/openvpn start
Questions:
1. Communication between VPN and LAN
Tunnel works. I can connect from my tablet being outside NAT (external GSM network) to my VPN subnet X.X.X.X thus safely stream from my box without going outside with it but I cannot reach other devices that are in my Local Network in Y.Y.Y.Y subnet. I think It's a matter of routing / masquarading between VPN and LAN. Please be informed that I have added my LAN Subnet to server.config:
push "route Y.Y.Y.Y NETMASK"
Can someone give me a hint, how to set it up? What am I missing?