Openvpn

OpenVpn is a Server component that will allow you to create a secure virtual Network between
your Windows Workstation and your Mybook.
In other words, the idea is to be in the same situation as if you were in your local home wifi
network, even if you are at the other side of the planet.
This will allow you to map a network drive to your Mybook remotely, putty your Mybook
without opening the Port 22 on your Router, and even connect to your others family computers
from your office !

ma_ko did the hard work of compiling the necessary component "tun.ko" and he uploaded it
here.
and now, it is possible to install open-vpn from optware …

Prerequisites before installation :

• openssl is needed, check that the ipkg openssl package has already been installed.

• ipkg must be fully configured : on my mybook, i can access openssl and openvpn from
any folder without providing the complete path.

check that when you type opens , then type <TAB> the mybook complete with openssl

• Gather all the following information before you start :

Request some help in the forum if you are unsure of the values that are suitable for your
configuration.

Family Network configuration : (what kind of ip address do your computers and mybook have?)
<FamilyNetworkIPaddress>=(mine is 192.168.0.0)
<FamilyNetworkMask>=mine is (255.255.255.0)

<VpnNetworkIPaddress>=(mine is 192.168.1.0)
<VpnNetworkMask>=mine is (255.255.255.0)

<InternalMybookIPAddress>=mine is (192.168.0.5)
<PublicMybookIPAddress>= ( how do you connect to your Mybook when you are not at home?)
<PublicMybookName>= (Optional, if you do not have a public name for your Mybook, use it's
public ip address, if you use dyndns, then use the Name)

Office Network Configuration :

<OpenVpnPort> =port that you will use for your openvpn connection. ( some proxies perform
some filtering on the standard 1194 port)
Your Office Internet Access Mode : With Proxy? Without Proxy?
if you cannot ping www.google.com , but you can browse www.google.com via internet
explorer, then you have a proxy.

If you have a proxy, you will need the following :

<ProxyServer>=

If your proxy needs a user and password, you will need the following :
<ProxyUser>=
<ProxyPassword>=

In the following tutorial, when i will use <FamilyNetworkIPaddress> in a command line , it will
mean that you will have to replace
<FamilyNetworkIPaddress> by your value.

if you cannot figure out what are these informations , then you should 'nt go further.

Installation Procedure on the Mybook :

• Original "Blue light" MyBook
• New "White light" MyBook

Download the tun module :

mkdir /lib/modules/2.6.17.14/kernel/drivers/net
wget http://mybookworld.wikidot.com/local--files/openvpn/tun.ko -O
/lib/modules/2.6.17.14/kernel/drivers/net/tun.ko

Configure the tun module :

Run the following command to add /lib/modules/2.6.17.14/kernel/drivers/net/tun.ko: at the end
of the modules.dep file.
(Be carefull to launch only once the following command. if you have a doubt, check first if the
line is already present in the file)

echo
/lib/modules/2.6.17.14/kernel/drivers/net/tun.ko:>>/lib/modules/2.6.17.14/mod
ules.dep

load the tun module :

modprobe tun

install open-vpn :

/opt/bin/ipkg update
/opt/bin/ipkg install openvpn
/opt/bin/ipkg install lzo
ldconfig

Download the custom S20openvpn startup script , openvpn.cnf and easy-rsa tools:

wget http://mybookworld.wikidot.com/local--files/openvpn/S20openvpn -O
/opt/etc/init.d/S20openvpn
wget http://mybookworld.wikidot.com/local--files/openvpn/openvpn.conf -O
/opt/etc/openvpn/openvpn.conf
wget http://mybookworld.wikidot.com/local--files/openvpn/easy-rsa.tar -O
/opt/etc/openvpn/easy-rsa.tar
chmod a+x /opt/etc/init.d/S20openvpn
cd /opt/etc/openvpn/
tar -xf /opt/etc/openvpn/easy-rsa.tar
cd /opt/etc/openvpn/easy-rsa

At this point, it is CRITICAL to check that the current folder is /opt/etc/openvpn/easy-rsa

launch the following command :

pwd

The command should return /opt/etc/openvpn/easy-rsa

do not continue this tutorial if it is not the case.

If you are in the correct folder, then launch the following commands to generate certificates files
:

. vars

You should see the following exact output :

NOTE: when you run ./clean-all, I will be doing a rm -rf on
/opt/etc/openvpn/easy-rsa/keys

Then type the following

./clean-all
./build-ca
./build-key-server OpenVPNserver

you will be asked some questions: type "ENTER" except for the following one:

Common Name (eg, your name or your server's hostname) []:

Answer your <PublicMybookIPAddress> ip address ( or <PublicMybookName> if your Mybook

have a public name).

When you are asked for a challenge phrase, type "ENTER".

When you are requested to sign a certificate, type y :

Sign the certificate? [y/n]: y
Launch the following command :

./build-dh

The process is quite long : it took 1H on my Mybook…. you may see 20 lines of +++++ :-)
be patient.

Launch the following command :

./build-key OVClient

you will be asked some questions: type "ENTER" except for the following one:

Common Name (eg, your name or your server's hostname) []:

Type : OVClient

When you are asked for a challenge phrase, type "ENTER".

When you are requested to sign a certificate, type y :

Sign the certificate? [y/n]: y

when it is finished, then you can copy the newly generated certificates to the correct folders :

cp /opt/etc/openvpn/easy-rsa/keys/ca.crt /opt/etc/openvpn/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.crt
/opt/etc/openvpn/OpenVPNserver.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.key
/opt/etc/openvpn/OpenVPNserver.key

also prepare Client configuration files that will be used on the Client side :

mkdir /shares/internal/PUBLIC/OVClient
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.crt
/shares/internal/PUBLIC/OVClient/OVClient.crt
cp /opt/etc/openvpn/easy-rsa/keys/ca.crt
/shares/internal/PUBLIC/OVClient/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.key
/shares/internal/PUBLIC/OVClient/OVClient.key
wget http://mybookworld.wikidot.com/local--files/openvpn/OVClient.ovpn
chown -R www-data:www-data /shares/internal/PUBLIC/OVClient

edit the openvpn configuration file :

You now need to edit the openvpn.conf file to your specific configuration :

If you want to use a different port than the default 1194 port (this is usefull if your office proxy is
filtering the 1194 port ):
(1194 is the default port for openvpn, but i had to modify it to 8000, because my Office Proxy
does not allow port 1194…)

Replace
port 1194 by

port <OpenVpnPort>

Modify your Home family Network information :

Replace
push "route 192.168.0.0 255.255.255.0" by

push "route <FamilyNetworkIPaddress> <FamilyNetworkMask>"

Modify the VPN ip addresses that will be given to clients : these addresses should be different
from the ones you have at home and the one you have in the office…
Replace
server 192.168.1.0 255.255.255.0
by

server <VpnNetworkIPaddress> <VpnNetworkMask>

Nice tip : you want to have a clear vision of your conf file?

egrep -v '#|;|^$' /opt/etc/openvpn/openvpn.conf |sort

You can now start openvpn :

/opt/etc/init.d/S20openvpn

you can type

ps -ef|grep openvpn

to check if openvpn is running

you can type the following to check all the ports that are currently used ( LISTEN)

netstat -an|grep -i list

You should see your listening port in the list…

• Installation Procedure on your Client computer

Download the Windows Openvpn client : http://openvpn.net/index.php/downloads.html

download openvpn-2.0.9-install.exe
Downloader l'interface graphique openvpn-gui : http://openvpn.se/download.html
download openvpn-2.0.9-gui-1.0.3-install.exe

Install download openvpn-2.0.9-install.exe

go to c:\program files\openvpn\config
create a subfolder named OVClient
copy the \\Mybook\PUBLIC\OVClient\*.* files to c:\program files\openvpn\config\OVClient

edit the c:\program files\openvpn\config\OVClient\OVClient.ovpn file to configure your

Mybook Public Address :
(you can also use your <PublicMybookName>)

replace
remote <mybook-server> 1194
by

remote <PublicMybookIPAddress> <OpenVpnPort>

If you need to go thru a proxy, modify your proxy settings

uncomment the ;http-proxy line and modify it with your proxy configuration:
http-proxy <ProxyServer> <ProxyPort> proxy_auth.txt basic

create a c:\program files\openvpn\config\OVClient.ovpn\proxy_auth.txt text file that will contain

2 lines :

ProxyUser
ProxyPassword

note that Proxy user is something like

DomainName\Username

Now, Start the Client VPN by launching OpenVPNGUI when you are at the office, (launch the
openvpn-gui.exe file)

RightClick on the openvpn icon, select OVClient / Connect

You should be connected.

Now, you can check the following on your laptop :

ipconfig /all : you should have a new network card named TAP-Win32 adapter…
with an ip address…192.168.1.X

route print : you should see a line with your home network ip addresses :
192.168.0.0 with a gateway in 192.168.1.X
Accessing other computers on your Home
Network
Simply add a route on each of your home windows computers:
launch a cmd command on each of your windows computers :

route add 192.168.1.0 MASK 255.255.255.0 <YourInternalMybookIPAddress> -p

Replace 192.168.1.0 by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>=192.168.0.5 …

in order to see all the routes type the following command :

route print

note that if you want to delete the route : (one day or if something is going wrong …)

route delete 192.168.1.0

Connect from your office and ping the other computers of your home network…

if you have a secondary mybook (be Carefull, not the mybook where you installed openvpn ! ) at
home :launch the following command on it :

route add -net 192.168.1.0 netmask 255.255.255.0 gw

<YourInternalMybookIPAddress>

to delete the route

route del -net 192.168.1.0 netmask 255.255.255.0 gw

<YourInternalMybookIPAddress>

Replace 192.168.1.0 by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>=192.168.0.5 …

Thanks to ma_ko and teinturman.