Openwrt: Unterschied zwischen den Versionen
Aus Vosp.info
V (Diskussion | Beiträge) K (→=Interfaces anzeigen) |
F (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
| + | [[LEDE]] | ||
| + | = allgemein = | ||
==Befehle== | ==Befehle== | ||
===Interfaces anzeigen=== | ===Interfaces anzeigen=== | ||
| Zeile 6: | Zeile 8: | ||
=== Anzeige der Clients die mit wlan verbunden sind === | === Anzeige der Clients die mit wlan verbunden sind === | ||
iwinfo wlan0 assoclist | iwinfo wlan0 assoclist | ||
| + | |||
| + | |||
| + | =VPN = | ||
| + | |||
| + | |||
| + | |||
| + | ==Anleitungen== | ||
| + | https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/ | ||
| + | http://www.kammerath.net/openwrt-mit-openvpn-client.html | ||
| + | https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung) | ||
| + | |||
| + | <source lang=bash> | ||
| + | ssh root@192.168.1.1 | ||
| + | opkg update | ||
| + | opkg install openvpn-openssl | ||
| + | </source> | ||
| + | |||
| + | |||
| + | Alternative zur folgenden config über gui mit paket luci-app-openvpn | ||
| + | |||
| + | === riseup openvpn client auf den openwrt einrichten === | ||
| + | |||
| + | * /etc/openvpn/[https://riseup.net/security/network-security/riseup-ca/RiseupCA.pem RiseupCA.pem] | ||
| + | <source lang=bash> | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV | ||
| + | BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw | ||
| + | DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq | ||
| + | hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0 | ||
| + | MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz | ||
| + | MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ | ||
| + | BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2 | ||
| + | ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV | ||
| + | uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg | ||
| + | ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc | ||
| + | g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y | ||
| + | BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f | ||
| + | 2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT | ||
| + | Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf | ||
| + | /gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ | ||
| + | f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C | ||
| + | 2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI | ||
| + | 5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE | ||
| + | HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/ | ||
| + | BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+ | ||
| + | 2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu | ||
| + | xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu | ||
| + | W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy | ||
| + | Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm | ||
| + | YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R | ||
| + | xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x | ||
| + | ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn | ||
| + | 8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q | ||
| + | MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D | ||
| + | /dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN | ||
| + | osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ | ||
| + | YtxDI+d1jIFZ7zMmts4= | ||
| + | -----END CERTIFICATE----- | ||
| + | </source> | ||
| + | |||
| + | ==== openvpn starten mit Passwortabfrage ==== | ||
| + | '''start befehl''' | ||
| + | <source lang=bash> | ||
| + | openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem | ||
| + | </source> | ||
| + | |||
| + | |||
| + | ==== openvpn starten mit Passwortdatei ==== | ||
| + | |||
| + | /etc/openvpn/riseup_auth.txt | ||
| + | <source lang=bash> | ||
| + | user | ||
| + | secret | ||
| + | </source> | ||
| + | |||
| + | '''start befehl''' | ||
| + | <source lang=bash> | ||
| + | openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem | ||
| + | </source> | ||
| + | |||
| + | ==== openvpn starten mit configfile ==== | ||
| + | |||
| + | /etc/openvpn/riseup2.ovpn | ||
| + | <source lang=bash> | ||
| + | client | ||
| + | dev tun | ||
| + | auth-user-pass /etc/openvpn/riseup_auth.txt | ||
| + | remote vpn.riseup.net 1194 | ||
| + | keysize 256 | ||
| + | auth SHA256 | ||
| + | cipher AES-256-CBC | ||
| + | ca /etc/openvpn/RiseupCA.pem | ||
| + | # | ||
| + | auth-nocache | ||
| + | # | ||
| + | remote-cert-tls server | ||
| + | script-security 2 | ||
| + | persist-tun | ||
| + | persist-key | ||
| + | #route-noexec | ||
| + | #route-up /etc/openvpn/ruvpnrouteadd.sh | ||
| + | |||
| + | |||
| + | # logging | ||
| + | log-append /var/log/openvpn.log | ||
| + | log /var/log/openvpn.log | ||
| + | verb 4 | ||
| + | </source> | ||
| + | |||
| + | |||
| + | '''start befehl''' | ||
| + | <source lang=bash> | ||
| + | openvpn /etc/openvpn/riseup2.ovpn | ||
| + | </source> | ||
| + | |||
| + | ==== openvpn starten mit /etc/init.d/openvpn ==== | ||
| + | |||
| + | |||
| + | '''/etc/config/openvpn''' | ||
| + | <source lang=bash> | ||
| + | config openvpn cryptn_vpn | ||
| + | # Set to 1 to enable this instance: | ||
| + | option enable 1 | ||
| + | |||
| + | # Include OpenVPN configuration | ||
| + | option config /etc/openvpn/riseup2.ovpn | ||
| + | </source> | ||
| + | |||
| + | |||
| + | '''start befehl''' | ||
| + | <source lang=bash> | ||
| + | /etc/init.d/openvpn start | ||
| + | /etc/init.d/openvpn restart | ||
| + | /etc/init.d/openvpn stop | ||
| + | </source> | ||
| + | |||
| + | === Netzwerkeinstellungen auf openwrt für openvpn === | ||
| + | '''/etc/config/network''' | ||
| + | <source lang=bash> | ||
| + | # .... | ||
| + | config interface 'ncvpn' | ||
| + | option proto 'dhcp' | ||
| + | option ifname 'tun0' | ||
| + | option hostname 'LEde' | ||
| + | |||
| + | </source> | ||
| + | |||
| + | ''' start befehle ''' | ||
| + | /etc/init.d/network restart | ||
| + | |||
| + | |||
| + | '''/etc/config/firewall''' | ||
| + | <source lang=bash> | ||
| + | # .... | ||
| + | config rule | ||
| + | option name 'Allow-OpenVPN-Inbound' | ||
| + | option target 'ACCEPT' | ||
| + | option src '*' | ||
| + | option proto 'udp' | ||
| + | option dest_port '1194' | ||
| + | |||
| + | config zone | ||
| + | option name 'newzone' | ||
| + | option forward 'REJECT' | ||
| + | option output 'ACCEPT' | ||
| + | option input 'REJECT' | ||
| + | option masq '1' | ||
| + | option mtu_fix '1' | ||
| + | option network 'ncvpn' | ||
| + | |||
| + | config forwarding | ||
| + | option dest 'newzone' | ||
| + | option src 'lan' | ||
| + | </source> | ||
| + | |||
| + | ''' start befehle ''' | ||
| + | /etc/init.d/firewall restart | ||
Version vom 17. August 2019, 12:05 Uhr
Inhaltsverzeichnis
allgemein
Befehle
Interfaces anzeigen
iwinfo
Anzeige der Clients die mit wlan verbunden sind
iwinfo wlan0 assoclist
VPN
Anleitungen
https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/ http://www.kammerath.net/openwrt-mit-openvpn-client.html https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung)
ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl
Alternative zur folgenden config über gui mit paket luci-app-openvpn
riseup openvpn client auf den openwrt einrichten
- /etc/openvpn/RiseupCA.pem
-----BEGIN CERTIFICATE-----
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
YtxDI+d1jIFZ7zMmts4=
-----END CERTIFICATE-----
openvpn starten mit Passwortabfrage
start befehl
openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
openvpn starten mit Passwortdatei
/etc/openvpn/riseup_auth.txt
user
secret
start befehl
openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
openvpn starten mit configfile
/etc/openvpn/riseup2.ovpn
client
dev tun
auth-user-pass /etc/openvpn/riseup_auth.txt
remote vpn.riseup.net 1194
keysize 256
auth SHA256
cipher AES-256-CBC
ca /etc/openvpn/RiseupCA.pem
#
auth-nocache
#
remote-cert-tls server
script-security 2
persist-tun
persist-key
#route-noexec
#route-up /etc/openvpn/ruvpnrouteadd.sh
# logging
log-append /var/log/openvpn.log
log /var/log/openvpn.log
verb 4
start befehl
openvpn /etc/openvpn/riseup2.ovpn
openvpn starten mit /etc/init.d/openvpn
/etc/config/openvpn
config openvpn cryptn_vpn
# Set to 1 to enable this instance:
option enable 1
# Include OpenVPN configuration
option config /etc/openvpn/riseup2.ovpn
start befehl
/etc/init.d/openvpn start
/etc/init.d/openvpn restart
/etc/init.d/openvpn stop
Netzwerkeinstellungen auf openwrt für openvpn
/etc/config/network
# ....
config interface 'ncvpn'
option proto 'dhcp'
option ifname 'tun0'
option hostname 'LEde'
start befehle /etc/init.d/network restart
/etc/config/firewall
# ....
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone
option name 'newzone'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'ncvpn'
config forwarding
option dest 'newzone'
option src 'lan'
start befehle /etc/init.d/firewall restart
