Rooot.net

  • Increase font size
  • Default font size
  • Decrease font size
Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one - Benjamin Franklin
Home Geek stuff Openwrt VPN Server with OpenWrt

VPN Server with OpenWrt

One popular use for routers with OpenWrt is hosting a VPN server. Here is a way to setup your own VPN server so you can access your files from anywhere using Windows' built-in VPN client.

The /etc/ppp/options file

This holds the configuration settings shared by all your PPP connexions.

# désactive les compressions et autres contrôles de connection
noaccomp
nopcomp
nocrtscts

lock # garanti un accès exclusif sur l'interface réseau
maxfail 0 # en cas d'échec, recommence à l'infini

The /etc/ppp/options.pptpd file

This file contains the pptp server options.

Caution: you have to make sure your VPN server and your LAN address are on a different network.

logfile /tmp/pptp-server.log
192.168.99.1: # L'adresse ip du serveur
auth
name "*"
lcp-echo-failure 3
lcp-echo-interval 60
default-asyncmap
mtu 1482
mru 1482
nobsdcomp
nodeflate
nodefaultroute
proxyarp
ipparam mon_vpn # le nom donné à la connection dans les scripts ip-up et ip-down.

# requis pour que l'on puisse se connecter via une connection vpn "Windows".
mppe required,no40,no56,stateless
require-mschap-v2
refuse-chap
refuse-mschap
refuse-eap
refuse-pap

ms-wins 192.168.99.100 # Si vous disposez d'un serveur wins

The /etc/ppp/ip-up.d/mon_vpn file

This script is called whenever a new connexion is established. Here we will authorize this new trafic by adding a new rule in iptable.

if [ $6 = "mon_vpn" ]; then
/usr/sbin/iptables -A FORWARD -i $1 -j ACCEPT
exit 0
fi

The /etc/ppp/chap-secrets file

This is the list of authorized users and their passwords.

#USERNAME PROVIDER PASSWORD IPADDRESS
nom_login * mon_mdp 192.168.99.20

The /etc/init.d/S51pptpd file

This script will start the VPN server during router startup.

#!/bin/sh

BIN=pptpd
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid
[ -f $DEFAULT ] && . $DEFAULT

case $1 in
start)
mkdir -p $RUN_D
for m in arc4 sha1 slhc ppp_generic ppp_async ppp_mppe_mppc ip_conntrack_proto ip_nat_proto_gre ip_conntrack_proto_gre ip_gre ip_nat_pptp ip_conntrack_pptp; do
insmod $m >/dev/null 2>&1
done
$BIN $OPTIONS
;;
stop)
[ -f $PID_F ] && kill $(cat $PID_F)
;;
*)
echo "usage: $0 (start|stop)"
exit 1
esac

exit $?

You're done, now you should be able to connect to your VPN from outside Smile

Comments
Add New Search
Craig Crawford   |::ffff:92.234.1.xxx |2012-12-24 14:14:07
PPTP and MS-CHAPv2 should both be considered insecure.

Would be better to show
us how to set up a OpenVPN, IPSec or L2TP server .
Write comment
Name:
Email:
 
Website:
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:angry::0:confused::cheer:B):evil::silly::dry::lol::kiss::D:pinch:
:(:shock::X:side::):P:unsure::woohoo::huh::whistle:;):s
:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."