Long-term Memory

Posts tagged ‘VPN’

Adding OpenVPN to dd-wrt mini

As described before, I chose to use the mini-build of dd-wrt on my Linksys WRT320N. Since I wanted OpenVPN support, I needed to add it myself.

Installing

I again used the openwrt modules, openvpn has its own package. There are, however, several dependencies:

libssl.so.0.9.8 and libcrypto.so.0.9.8 from libopenssl
liblzo2.so.2.0.0 (and symlinks) from liblzo

I already had libcrypto installed, so I only needed 713kB of free space.

Configuring

Setup was fairly straightforward. Just make sure to do all heavy calculations on your desktop computer (i.e. generating keys). I installed the CA and host certificate into /jffs/etc/ssl, and added my openvpn-specific config files into /jffs/etc/openvpn. I did rewrite the verify-cn script from perl to bash, since dd-wrt doesn’t come with perl.

Next, I wrote a very simple wanup script to get openvpn (re)started at the appropriate time:

# openvpn.wanup
if [ -e /tmp/openvpn.pid ] ; then
    kill -HUP `cat /tmp/openvpn.pid`
else
    /jffs/sbin/openvpn --cd /jffs/etc/openvpn --config server.conf --daemon --log /tmp/openvpn.log --writepid /tmp/openvpn.pid
fi

Obviously: don’t forget to add the corresponding configuration to the firewall.

Posted by Niobos on 2011-08-30 at 19:18 under Networking & Security.
Tags: dd-wrt, OpenVPN, VPN
1 Comment.

Configuring OpenVPN to support IPv6

As mentioned before, when switching to IPv6 (or more realistically, to dual stack) one of the things that might not work out of the box is VPNs. I decided to put some effort in it to get it to work anyway.

Continue reading ‘Configuring OpenVPN to support IPv6’ »

Posted by Niobos on 2011-06-27 at 10:50 under Networking & Security.
Tags: IPv6, linux, MacOSX, OpenVPN, VPN, Windows
6 Comments.

iPhone compatible IPsec VPN on an Ubuntu server, with LDAP authentication

To get secure access to internal networks, one usually employs one of the many variants of a VPN. When connecting from a normal computer, you can install basically whatever variant you wish. When using devices such as smartphones however, the number of supported VPN technologies is usually limited. Especially on non-open platforms such as the iDevices by Apple, you can not add VPN software yourself, contrary to the Android platform.

In this post, I’ll explain how to set up an IPsec (without L2TP) tunnel endpoint on an Ubuntu server, capable of handling an iPhone/iPad/iPod/iWhatever. The users will be authenticated against an LDAP directory.

Continue reading ‘iPhone compatible IPsec VPN on an Ubuntu server, with LDAP authentication’ »

Posted by Niobos on 2011-03-03 at 10:53 under Networking & Security.
Tags: Cisco, iPhone, IPsec, VPN
25 Comments.