Академический Документы
Профессиональный Документы
Культура Документы
OpenVpn is a Server component that will allow you to create a secure virtual Network between
your Windows Workstation and your Mybook.
In other words, the idea is to be in the same situation as if you were in your local home wifi
network, even if you are at the other side of the planet.
This will allow you to map a network drive to your Mybook remotely, putty your Mybook
without opening the Port 22 on your Router, and even connect to your others family computers
from your office !
ma_ko did the hard work of compiling the necessary component "tun.ko" and he uploaded it
here.
and now, it is possible to install open-vpn from optware …
• ipkg must be fully configured : on my mybook, i can access openssl and openvpn from
any folder without providing the complete path.
check that when you type opens , then type <TAB> the mybook complete with openssl
Request some help in the forum if you are unsure of the values that are suitable for your
configuration.
Family Network configuration : (what kind of ip address do your computers and mybook have?)
<FamilyNetworkIPaddress>=(mine is 192.168.0.0)
<FamilyNetworkMask>=mine is (255.255.255.0)
<VpnNetworkIPaddress>=(mine is 192.168.1.0)
<VpnNetworkMask>=mine is (255.255.255.0)
<InternalMybookIPAddress>=mine is (192.168.0.5)
<PublicMybookIPAddress>= ( how do you connect to your Mybook when you are not at home?)
<PublicMybookName>= (Optional, if you do not have a public name for your Mybook, use it's
public ip address, if you use dyndns, then use the Name)
If your proxy needs a user and password, you will need the following :
<ProxyUser>=
<ProxyPassword>=
In the following tutorial, when i will use <FamilyNetworkIPaddress> in a command line , it will
mean that you will have to replace
<FamilyNetworkIPaddress> by your value.
if you cannot figure out what are these informations , then you should 'nt go further.
mkdir /lib/modules/2.6.17.14/kernel/drivers/net
wget http://mybookworld.wikidot.com/local--files/openvpn/tun.ko -O
/lib/modules/2.6.17.14/kernel/drivers/net/tun.ko
echo
/lib/modules/2.6.17.14/kernel/drivers/net/tun.ko:>>/lib/modules/2.6.17.14/mod
ules.dep
modprobe tun
install open-vpn :
/opt/bin/ipkg update
/opt/bin/ipkg install openvpn
/opt/bin/ipkg install lzo
ldconfig
Download the custom S20openvpn startup script , openvpn.cnf and easy-rsa tools:
wget http://mybookworld.wikidot.com/local--files/openvpn/S20openvpn -O
/opt/etc/init.d/S20openvpn
wget http://mybookworld.wikidot.com/local--files/openvpn/openvpn.conf -O
/opt/etc/openvpn/openvpn.conf
wget http://mybookworld.wikidot.com/local--files/openvpn/easy-rsa.tar -O
/opt/etc/openvpn/easy-rsa.tar
chmod a+x /opt/etc/init.d/S20openvpn
cd /opt/etc/openvpn/
tar -xf /opt/etc/openvpn/easy-rsa.tar
cd /opt/etc/openvpn/easy-rsa
pwd
If you are in the correct folder, then launch the following commands to generate certificates files
:
. vars
./clean-all
./build-ca
./build-key-server OpenVPNserver
you will be asked some questions: type "ENTER" except for the following one:
./build-dh
The process is quite long : it took 1H on my Mybook…. you may see 20 lines of +++++ :-)
be patient.
./build-key OVClient
you will be asked some questions: type "ENTER" except for the following one:
when it is finished, then you can copy the newly generated certificates to the correct folders :
cp /opt/etc/openvpn/easy-rsa/keys/ca.crt /opt/etc/openvpn/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.crt
/opt/etc/openvpn/OpenVPNserver.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.key
/opt/etc/openvpn/OpenVPNserver.key
also prepare Client configuration files that will be used on the Client side :
mkdir /shares/internal/PUBLIC/OVClient
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.crt
/shares/internal/PUBLIC/OVClient/OVClient.crt
cp /opt/etc/openvpn/easy-rsa/keys/ca.crt
/shares/internal/PUBLIC/OVClient/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.key
/shares/internal/PUBLIC/OVClient/OVClient.key
wget http://mybookworld.wikidot.com/local--files/openvpn/OVClient.ovpn
chown -R www-data:www-data /shares/internal/PUBLIC/OVClient
If you want to use a different port than the default 1194 port (this is usefull if your office proxy is
filtering the 1194 port ):
(1194 is the default port for openvpn, but i had to modify it to 8000, because my Office Proxy
does not allow port 1194…)
Replace
port 1194 by
port <OpenVpnPort>
Modify the VPN ip addresses that will be given to clients : these addresses should be different
from the ones you have at home and the one you have in the office…
Replace
server 192.168.1.0 255.255.255.0
by
Nice tip : you want to have a clear vision of your conf file?
ps -ef|grep openvpn
you can type the following to check all the ports that are currently used ( LISTEN)
go to c:\program files\openvpn\config
create a subfolder named OVClient
copy the \\Mybook\PUBLIC\OVClient\*.* files to c:\program files\openvpn\config\OVClient
replace
remote <mybook-server> 1194
by
ProxyUser
ProxyPassword
DomainName\Username
Now, Start the Client VPN by launching OpenVPNGUI when you are at the office, (launch the
openvpn-gui.exe file)
ipconfig /all : you should have a new network card named TAP-Win32 adapter…
with an ip address…192.168.1.X
route print : you should see a line with your home network ip addresses :
192.168.0.0 with a gateway in 192.168.1.X
Accessing other computers on your Home
Network
Simply add a route on each of your home windows computers:
launch a cmd command on each of your windows computers :
Replace 192.168.1.0 by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>=192.168.0.5 …
route print
note that if you want to delete the route : (one day or if something is going wrong …)
Connect from your office and ping the other computers of your home network…
if you have a secondary mybook (be Carefull, not the mybook where you installed openvpn ! ) at
home :launch the following command on it :
Replace 192.168.1.0 by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>=192.168.0.5 …