Monday, May 13, 2013

DD-WRT OpenVPN Daemon Settings


http://pantestmb.blogspot.ro/2013/04/dd-wrt-openvpn-router-to-router.html
http://pantestmb.blogspot.ro/2013/04/setup-openvpn-client-to-connect-to-dd.html

Services

VPN
OpenVPN Daemon
OpenVPN Config : 

# Servers LAN route 

## Push route to server subnet onto all clients
push "route 192.168.61.0 255.255.255.0"
#
## Clients LAN route 
route 192.168.101.0 255.255.255.0 172.16.0.2
route 192.168.33.0 255.255.255.0 172.16.0.2
route 192.168.62.0 255.255.255.0 172.16.0.2
route 192.168.15.0 255.255.255.0 172.16.0.2
#
## Bug workaround, this is fixed in r17685
client-config-dir /tmp/openvpn/ccd
#
server 172.16.0.0 255.255.0.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001






Administration
Commands
Startup


mkdir -p /tmp/openvpn/ccd
echo "iroute 192.168.15.0 255.255.255.0" > /tmp/openvpn/ccd/bac15cli4res
echo "iroute 192.168.33.0 255.255.255.0" > /tmp/openvpn/ccd/dev03cli4res
echo "iroute 192.168.62.0 255.255.255.0" > /tmp/openvpn/ccd/buc06cli4res

Firewall


iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p tcp --source 192.168.61.0/24 -j ACCEPT
iptables -I INPUT -p tcp --source 192.168.101.0/24 -j ACCEPT
iptables -I INPUT -p tcp --source 172.16.0.0/16 -j ACCEPT
iptables -I INPUT -i tun0 -p icmp -j ACCEPT
iptables -I FORWARD --source 172.16.0.0/16 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.15.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.61.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.62.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.101.0/24 -p icmp -j ACCEPT
iptables -I FORWARD -p tcp --source 172.16.0.0/16 -j ACCEPT
iptables -I FORWARD -p tcp --source 192.168.101.0/24 -j ACCEPT
iptables -I FORWARD -p tcp --source 192.168.61.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT



If there is a gateway server - a routing command can be used :
route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.16.49