Hopp-rsk-owr01: Difference between revisions

(13 intermediate revisions by the same user not shown)

Line 1:

Linksys WRT3200ACM running OpenWRT, each partition ~~will run~~ a different VPN server for now. KISS!

Linksys WRT3200ACM running OpenWRT, each partition is running a different VPN server for now. KISS!

[https://firmware-selector.openwrt.org/?version=24.10.4 Custom install]

Line 10:

# wlan_password="12345678"

#

root_password="~~<my-password>~~"

root_password="changeme"

lan_ip_address="10.65.30.1"

#

# pppoe_username=""

# pppoe_password=""

# log potential errors

exec >/tmp/setup.log 2>&1

if [ -n "$root_password" ]; then

(echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null

Line 51:

echo "So long, and thanks for all the fish!"

Custom OpenVPN Packages

base-files ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-nft-offload libc libgcc libustream-mbedtls logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd kmod-mwlwifi wpad-basic-mbedtls kmod-btmrvl kmod-mwifiex-sdio mwlwifi-firmware-88w8964 iwinfo luci luci-app-advanced-reboot luci-app-filemanager luci-app-openvpn openssh-sftp-server openvpn-easy-rsa openvpn-openssl

Custom Wireguard Packages

base-files ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-nft-offload libc libgcc libustream-mbedtls logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd kmod-mwlwifi wpad-basic-mbedtls kmod-btmrvl kmod-mwifiex-sdio mwlwifi-firmware-88w8964 iwinfo luci luci-app-advanced-reboot luci-app-filemanager luci-proto-wireguard openssh-sftp-server qrencode wireguard-tools

==OpenVPN==

Line 62:

Line 68:

[https://forums.openvpn.net/viewtopic.php?t=33309 OpenVPN link]

====beadon====

well holy moly, someone released a what looks to be working allinone script that i could never hope to write in a sane timeframe

https://github.com/beadon/OpenWRTOpenVPNMgmt

https://openwrt.org/docs/guide-user/services/vpn/openvpn/server

==WireGuard==

[https://openwrt.org/docs/guide-user/services/vpn/wireguard/server OpenWRT Wiki]

~~OpenWrt Wiki~~

===Command-line instructions===

Command-line instructions

1. Preparation

Install the required packages. Specify configuration parameters for VPN server.

# Install packages

opkg update

Line 79:

Line 94:

VPN_ADDR="192.168.9.1/24"

VPN_ADDR6="fd00:9::1/64"

2. Key management

Generate and exchange keys between server and client.

# Generate keys

umask go=

Line 95:

Line 113:

# Client public key

VPN_PUB="$(cat wgclient.pub)"

3. Firewall

Consider VPN network as private. Assign VPN interface to LAN zone to minimize firewall setup. Allow access to VPN server from WAN zone.

# Configure firewall

uci rename firewall.@zone[0]="lan"

Line 111:

Line 132:

uci commit firewall

service firewall restart

4. Network

Configure VPN interface and peers.

# Configure network

uci -q delete network.${VPN_IF}

Line 131:

Line 155:

uci commit network

service network restart

LuCI Web Interface instructions

===LuCI Web Interface instructions===

1. Installing packages

Navigate to LuCI → System → Software and install the package luci-proto-wireguard.

Line 138:

Line 165:

2. Restarting services

Navigate to LuCI → System → Startup → Initscripts and click on network → Restart.

3. Add WireGuard Network Interface

To create a new WireGuard interface go to LuCI → Network → Interfaces → Add new interface...

Line 146:

Line 175:

Name the interface wg0 (or whatever is preferred)

Click on Create Interface to create it and open it for editing

4. Configure the WireGuard Network Interface

In the open edit window of the interface configure the following:

Line 153:

Line 184:

IP addresses: 10.0.0.1/24 or preferred internal VPN IPv4 address for the WireGuard server interface end of the VPN

Save this configuration

5. Configure WireGuard Peers

To create a new WireGuard peer configuration go to LuCI → Network → Interfaces → wg0 → Edit → Peers

*Click on Add peer

Line 174:

Line 207:

6. Configure Firewall for WireGuard traffic

Go to LuCI → Network → Firewall → General Settings and under Zones add a new zone:

*Name: WireguardVPN (or preferred name)

*Input: accept

@@ Line 1: / Line 1: @@
-Linksys WRT3200ACM running OpenWRT, each partition will run a different VPN server for now.  KISS!
+Linksys WRT3200ACM running OpenWRT, each partition is running a different VPN server for now. KISS!
 [https://firmware-selector.openwrt.org/?version=24.10.4 Custom install]
@@ Line 10: / Line 10: @@
   # wlan_password="12345678"
   #
-  root_password="<my-password>"
+  root_password="changeme"
   lan_ip_address="10.65.30.1"
   #
   # pppoe_username=""
   # pppoe_password=""
   # log potential errors
   exec >/tmp/setup.log 2>&1
   if [ -n "$root_password" ]; then
     (echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null
@@ Line 51: / Line 51: @@
   echo "So long, and thanks for all the fish!"
+Custom OpenVPN Packages
+ base-files ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-nft-offload libc libgcc libustream-mbedtls logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd kmod-mwlwifi wpad-basic-mbedtls kmod-btmrvl kmod-mwifiex-sdio mwlwifi-firmware-88w8964 iwinfo luci luci-app-advanced-reboot luci-app-filemanager luci-app-openvpn openssh-sftp-server openvpn-easy-rsa openvpn-openssl
+Custom Wireguard Packages
+ base-files ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-nft-offload libc libgcc libustream-mbedtls logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd kmod-mwlwifi wpad-basic-mbedtls kmod-btmrvl kmod-mwifiex-sdio mwlwifi-firmware-88w8964 iwinfo luci luci-app-advanced-reboot luci-app-filemanager luci-proto-wireguard openssh-sftp-server qrencode wireguard-tools
 ==OpenVPN==
@@ Line 62: / Line 68: @@
 [https://forums.openvpn.net/viewtopic.php?t=33309 OpenVPN link]
+====beadon====
+well holy moly, someone released a what looks to be working allinone script that i could never hope to write in a sane timeframe
+https://github.com/beadon/OpenWRTOpenVPNMgmt
+https://openwrt.org/docs/guide-user/services/vpn/openvpn/server
 ==WireGuard==
 [https://openwrt.org/docs/guide-user/services/vpn/wireguard/server OpenWRT Wiki]
-OpenWrt Wiki
+===Command-line instructions===
-Command-line instructions
 . Preparation
 Install the required packages. Specify configuration parameters for VPN server.
   # Install packages
   opkg update
@@ Line 79: / Line 94: @@
   VPN_ADDR="192.168.9.1/24"
   VPN_ADDR6="fd00:9::1/64"
 . Key management
 Generate and exchange keys between server and client.
   # Generate keys
   umask go=
@@ Line 95: / Line 113: @@
   # Client public key
   VPN_PUB="$(cat wgclient.pub)"
 . Firewall
 Consider VPN network as private. Assign VPN interface to LAN zone to minimize firewall setup. Allow access to VPN server from WAN zone.
   # Configure firewall
   uci rename firewall.@zone[0]="lan"
@@ Line 111: / Line 132: @@
   uci commit firewall
   service firewall restart
 . Network
 Configure VPN interface and peers.
   # Configure network
   uci -q delete network.${VPN_IF}
@@ Line 131: / Line 155: @@
   uci commit network
   service network restart
-LuCI Web Interface instructions
+===LuCI Web Interface instructions===
 . Installing packages
 Navigate to LuCI → System → Software and install the package luci-proto-wireguard.
@@ Line 138: / Line 165: @@
 . Restarting services
 Navigate to LuCI → System → Startup → Initscripts and click on network → Restart.
 . Add WireGuard Network Interface
 To create a new WireGuard interface go to LuCI → Network → Interfaces → Add new interface...
@@ Line 146: / Line 175: @@
 Name the interface wg0 (or whatever is preferred)
 Click on Create Interface to create it and open it for editing
 . Configure the WireGuard Network Interface
 In the open edit window of the interface configure the following:
@@ Line 153: / Line 184: @@
 IP addresses: 10.0.0.1/24 or preferred internal VPN IPv4 address for the WireGuard server interface end of the VPN
 Save this configuration
-. Configure WireGuard Peers
+. Configure WireGuard Peers
 To create a new WireGuard peer configuration go to LuCI → Network → Interfaces → wg0 → Edit → Peers
 *Click on Add peer
@@ Line 174: / Line 207: @@
 . Configure Firewall for WireGuard traffic
 Go to LuCI → Network → Firewall → General Settings and under Zones add a new zone:
 *Name: WireguardVPN (or preferred name)
 *Input: accept