One popular use for routers with OpenWrt is hosting a VPN server. Here is a way to setup your own VPN server so you can access your files from anywhere using Windows' built-in VPN client.
The /etc/ppp/options file
This holds the configuration settings shared by all your PPP connexions.
# désactive les compressions et autres contrôles de connection
noaccomp
nopcomp
nocrtscts
lock # garanti un accès exclusif sur l'interface réseau
maxfail 0 # en cas d'échec, recommence à l'infini
The /etc/ppp/options.pptpd file
This file contains the pptp server options.
Caution: you have to make sure your VPN server and your LAN address are on a different network.
logfile /tmp/pptp-server.log
192.168.99.1: # L'adresse ip du serveur
auth
name "*"
lcp-echo-failure 3
lcp-echo-interval 60
default-asyncmap
mtu 1482
mru 1482
nobsdcomp
nodeflate
nodefaultroute
proxyarp
ipparam mon_vpn # le nom donné à la connection dans les scripts ip-up et ip-down.
# requis pour que l'on puisse se connecter via une connection vpn "Windows".
mppe required,no40,no56,stateless
require-mschap-v2
refuse-chap
refuse-mschap
refuse-eap
refuse-pap
ms-wins 192.168.99.100 # Si vous disposez d'un serveur wins
The /etc/ppp/ip-up.d/mon_vpn file
This script is called whenever a new connexion is established. Here we will authorize this new trafic by adding a new rule in iptable.
if [ $6 = "mon_vpn" ]; then
/usr/sbin/iptables -A FORWARD -i $1 -j ACCEPT
exit 0
fi
The /etc/ppp/chap-secrets file
This is the list of authorized users and their passwords.
#USERNAME PROVIDER PASSWORD IPADDRESS
nom_login * mon_mdp 192.168.99.20
The /etc/init.d/S51pptpd file
This script will start the VPN server during router startup.
#!/bin/sh
BIN=pptpd
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid
[ -f $DEFAULT ] && . $DEFAULT
case $1 in
start)
mkdir -p $RUN_D
for m in arc4 sha1 slhc ppp_generic ppp_async ppp_mppe_mppc ip_conntrack_proto ip_nat_proto_gre ip_conntrack_proto_gre ip_gre ip_nat_pptp ip_conntrack_pptp; do
insmod $m >/dev/null 2>&1
done
$BIN $OPTIONS
;;
stop)
[ -f $PID_F ] && kill $(cat $PID_F)
;;
*)
echo "usage: $0 (start|stop)"
exit 1
esac
exit $?
You're done, now you should be able to connect to your VPN from outside
Comments
Would be better to show us how to set up a OpenVPN, IPSec or L2TP server ;).
RSS feed for comments to this post