The Summit Open Source Development Group

User Tools

Site Tools

You are here: Welcome! » EdgeRouter Configuration Snippets » EdgeRouter + OpenVPN Road Warrior Example
edgerouter:openvpn-roadwarrior

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
edgerouter:openvpn-roadwarrior [2017/09/18 15:28] – created brielleedgerouter:openvpn-roadwarrior [2017/09/18 15:38] – [EdgeRouter Configuration] brielle
Line 1: Line 1:
 ====== EdgeRouter + OpenVPN Road Warrior Example ====== ====== EdgeRouter + OpenVPN Road Warrior Example ======
  
-On the EdgeRouter, make changes where appropriate...+===== Generate Certificates With EasyRSA 3 ===== 
 +You'll need to generate server, client, and DH certificates using the instructions [[https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto|here]]. 
 + 
 +Once you do that, copy the server certs (ca.crt, server.crt, dh.pem, and server.key) to: 
 + 
 +<code>/config/auth/openvpn/</code> 
 + 
 +On the EdgeRouter. 
 + 
 +Also generate some client certs either now or later.  You'll need them to put the contents inside of the client ovpn file. 
 + 
 +===== EdgeRouter Configuration ===== 
 +On the EdgeRouter, make changes where appropriate.  Subnet 192.168.0.0/24 should be whatever your LAN subnet behind the EdgeRouter is.  If your subnet is one of the common ones that is by default (like 192.168.0.0/24), there's a good chance your clients may have issues if their LAN also matches yours. 
 + 
 +You can use NETMAP rules to avoid having to change your LAN addressing scheme. 
 <code>set interfaces openvpn vtun0 firewall in name OpenVPN-Mobile <code>set interfaces openvpn vtun0 firewall in name OpenVPN-Mobile
 set interfaces openvpn vtun0 local-host xx.xx.xx.xx set interfaces openvpn vtun0 local-host xx.xx.xx.xx
Line 15: Line 30:
 set interfaces openvpn vtun0 server max-connections 10 set interfaces openvpn vtun0 server max-connections 10
 set interfaces openvpn vtun0 server push-route 10.10.10.0/24 set interfaces openvpn vtun0 server push-route 10.10.10.0/24
 +set interfaces openvpn vtun0 server push-route 192.168.0.0/24
 set interfaces openvpn vtun0 server subnet 10.10.10.0/24 set interfaces openvpn vtun0 server subnet 10.10.10.0/24
 set interfaces openvpn vtun0 tls ca-cert-file /config/auth/openvpn/ca.crt set interfaces openvpn vtun0 tls ca-cert-file /config/auth/openvpn/ca.crt
Line 20: Line 36:
 set interfaces openvpn vtun0 tls dh-file /config/auth/openvpn/dh.pem set interfaces openvpn vtun0 tls dh-file /config/auth/openvpn/dh.pem
 set interfaces openvpn vtun0 tls key-file /config/auth/openvpn/server.key set interfaces openvpn vtun0 tls key-file /config/auth/openvpn/server.key
 +</code>
 +
 +===== OpenVPN .ovpn Config File For Clients =====
 +<code>
 +client
 +tls-client
 +remote remote.hostname.here
 +port xxxx
 +proto udp
 +dev tun
 +pull
 +cipher AES-128-CBC
 +auth SHA256
 +fragment 1400
 +mssfix
 +float
 +<ca>
 +ca certificate file contents here
 +</ca>
 +<cert>
 +pem certificate file contents here
 +</cert>
 +<key>
 +pem key file contents here
 +</key>
 </code> </code>

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki