How to configure OpenVPN shared key tunnels using pfsense and OpenWRT. Ver. 1.0 ( ) Author: Ville Leinonen

Similar documents
Step by Step Instruction for Anonyproz OpenVPN and DD-WRT Firmware Router

Virtual Private Network with Open Source and Vendor Based Systems

My problem was not understanding that each tunnel had to be on it's own network. I took subnet as; I could assign each tunnel to an address like

Download OpenVPN windows installer 64bit or 32bit software. (

Configuring OpenVPN Server on Endian

Building a cheap secure wireless (WLAN) infrastructure with OpenVPN and Linux (an advanced tutorial of OpenVPN)

1. TLS client to client Download software Installing software Creating certificates Configure RUT500 as an

R&S GP-U gateprotect Firewall How-to

VIRTUAL PRIVATE NETWORK

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Gino Thomas

User Manual Package Contents... 3 Default Settings... 6

(U) Hive Infrastructure Installation and Configuration Guide

OpenVPN Tunnel APPLICATION NOTE

PureVPN's OpenVPN Setup Guide for pfsense (2.3.2)

OpenVPN: Easy and Secure Setup Guide Steven Roddis

WebADM and OpenOTP are trademarks of RCDevs. All further trademarks are the property of their respective owners.

A Security Solution For Wireless IP Networks

UCI Command Line Interface Reference

May 22 12:44:19 miniupnpd[688]: Listening for NAT-PMP/PCP traffic on port 5351

Firmware RELEASE NOTES

High Availability GUIDE. Netgate

User Manual. SSV Remote Access Gateway. Web ConfigTool

MiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?

Openvpn Client Do Not Change Default Gateway

Connecting CoovaAP 1.x with RADIUSdesk - Basic

1 of 38 8/11/2018, 7:59 PM

Setting an OpenVPN on Linux and MikroTik to securely access a web server. Teddy Yuliswar MikroTik Certified Trainer #TR0442

Defining IPsec Networks and Customers

G806+H3C WSR realize VPN networking

3 Connection, Shell Serial Connection over Console Port SSH Connection Internet Connection... 5

Linux Systems Security. VPN NETS1028 Fall 2016

How to Configure a Remote Management Tunnel for an F-Series Firewall

Multisite VPN Bridge Using Public Key Infrastructure (PKI)

COLD WALLET + MASTERNODE SETUP ON LINUX

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

OpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM

Link Gateway Initial Configuration Manual

SonicOS Release Notes

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Configuring IP Tunnels

Difficult to do, easy to understand. VPN Useful links

Yamaha Router Configuration Training ~ console ~

Configuring the CSS as a Client of a TACACS+ Server

Google Cloud VPN Interop Guide

VPN-Cubed Datacenter Connect IBM Trial Edition v201102

Using the Web-Browser and CLI Interfaces

Configuration examples for the D-Link NetDefend Firewall series DFL-260/860

GTA SSL Client & Browser Configuration

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

OpenVPN Server & Client for Site-to-Site Quick Start Guide

Data Server for PC5200 as Remote Terminal V1.00 9/22/05

SonicOS Enhanced Release Notes SonicWALL, Inc. Software Release: February 8, 2007

REMOTE ACCESS SSL BROWSER & CLIENT

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

Advanced option settings on the command line. Set the interface and ports for the OpenVPN daemons

Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall

SonicOS Enhanced Release Notes

Efficient SpeedStream 5861

SPECTRE Router CONFIGURATION MANUAL

Semester 1. Cisco I. Introduction to Networks JEOPADY. Chapter 11

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

OpenVPN - How to Set Up a Slackware Server and a Slackware Client

firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...

InterWorx Server Administrator SSH Guide. by InterWorx LLC

PPP Tunneling. Step by step explanation and configuration for creating PPP Tunnel

VI. Corente Services Client

Test Lab Introduction to the Test Lab Linux Cluster Environment

CCNA 1 Chapter 2 v5.0 Exam Answers %

ALEOS Release Notes

This material is based on work supported by the National Science Foundation under Grant No

Transport Level Security

This describes how to use DD-WRT to connect to a Cisco VPN Concentrator using vpnc without auto-reconnect and without connect on startup

Copyright NeoAccel Inc. SSL VPN-Plus TM. NeoAccel Management Console: Network Extension version 2.3

Managing GSS User Accounts Through a TACACS+ Server

F5 BIG-IQ Centralized Management: Local Traffic & Network Implementations. Version 5.4

VPN Definition SonicWall:

Island A Test project Linux Environments

M!DGE/MG102i - WAN Backup

Once the VM is started, the VirtualBox OS Manager window can be closed. But our Ubuntu VM is still running.

Administration Manual

CS 716: Introduction to communication networks. Instructor: Sridhar Iyer Demo by: Swati Patil IIT Bombay

Configuring Management Access

FreeSWAN with Netgear ProSafe VPN Client

openvpn man page openvpn secure IP tunnel daemon.

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

SonicOS Enhanced Release Notes

Configuring Secrets Management on the Avaya G250 and G350 Media Gateways - Issue 1.0

Managing GSS User Accounts Through a TACACS+ Server

Google Cloud VPN Interop Guide

Masternode Guide #1. Single masternode on Linux VPS (Ubuntu)+ control wallet on local PC (Windows)

Installing HP Device Manager 4.5

Appliance Quick Start Guide. v7.5

ExtraHop Command-line Reference

SonicOS Enhanced TZ 190 Series Early Field Trial Release Notes SonicWALL, Inc. EFT Release: May 22, 2007

Linux Network Administration

VNS3 Configuration. ElasticHosts

Transcription:

How to configure OpenVPN shared key tunnels using pfsense and OpenWRT. Ver. 1.0 (11.1.2006) Author: Ville Leinonen Intro In this document I try to explain how to configure ssl-based site-to-site tunnels using pfsense /1/ and OpenWRT /2/. In this example I use shared key, because it s easiest way to set up site-to-site tunnel. Bad thing for this is that I can use only one tunnel/key, but it s enough for me. This document assume that reader have some experience how to use pfsense and OpenWRT. Enviroment Bellow is picture for this document example environment. WAN address for pfsense is picked up in my head. Picture 1. Example network environment. Home office: LAN: 10.0.0.0/24 WAN: dhcp Tun0: 10.0.8.2 pfsense: LAN: 192.168.0.0/24 WAN: 212.212.212.1 Tun0: 10.0.8.1 Generating key You must generate shared static key. Step 1. Take ssh session to your pfsense firewall. Step 2. Select 8 and press enter. pfsense console setup *********************** 0) Logout (SSH only) 1) Assign Interfaces 2) Set LAN IP address 3) Reset webconfigurator password 4) Reset to factory defaults 5) Reboot system 6) Halt system 7) Ping host 8) Shell 9) PFtop 10) Filter Logs 11) Restart webconfigurator Enter an option: 8

Step 3. Generate key # openvpn --genkey --secret /tmp/myshared.key Example key: # more /tmp/myshared.key # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- ef9b9f0bff2268eb3966d6a408398db1 f7e6f9823402c76560d1ce25b8d46be4 1c58e656d2e7633d2481e74b9e328618 3c9e6a7528a46b2474bc08838ae19a4c 7f19878bd381cf8cfb0c4dc14fa52622 7360921e50710d0af689476388df0a25 54e1e86b2c9fcc4139dba763b97861bc 36cd477c6f293e8ca07e1bffaba697bf 948b65c213c5747cf0645fb7886bac4b 893953f697640dff961b95cfd8d2c0f3 ef976540e9c004ed72494648462496be 969a70e7d53910f3415f8d829bdb192e b4aad90e91baec25cac0b260205823e9 e945938896fdd9d33a56c44b90cbd5ce 0d0373923e2cdd33192fdfb4d06399fd 9eb0321402aadb116004721c5249ce61 -----END OpenVPN Static key V1----- Step 4. Copy key into your computer. Step 5. Delete generated key file. # rm /tmp/myshared.key Step 6. Logout # exit Step 7. Choose 0 and press enter. Setup pfsense This document assumes that you have existing and working pfsense environment. Step 1. Select OpenVPN link. Step 2. Select add new server button.

Step 3. Create OpenVPN server. - Protocol : TCP (this is communication protocol) - Local port 1194 (server listens this port) - Address pool: 10.0.8.0/24 (client takes tun0 address from this pool) - Cryptography: BF-CBC (128-bit) (we use this cryptography cipher algorithm) - Authentication method: Share key (paste here your generated key) - LZO compression (put mark for this) - Description: OPTIONAL Insert tunnel description - Click Save.

Step 4. Select Rules. Step 5. Select Add new rule.

Step 6. Add rule to allow OpenVPN tunnel traffic. - Action: Pass (allow traffic) - Interface: WAN (select WAN interface if your client connects this interface/address) - Protocol: TCP - Log: Put mark here (Yes we want to log this traffic) - Destination port range: 1194 (allow OpenVPN tunnel connections) - Description: OPTIONAL Insert rule description - Click Save

Setup OpenWRT This document assumes that you have working OpenWRT environment. This document assumes that you have update your OpenWRT packages list access to backports. Step 1. Take ssh session to your OpenWRT box. Step 2. Paste your key file /etc/openvpn directory. (OpenWRT use vi editor. vi help /3/) # vi /etc/openvpn/myshared.key - Inside vi press Esc and then i - Paste your key - Press Esc - Write :wq! and press enter Step 3. Generate configuration file to /etc/config/ directory dev tun0 # Generate/use tunnel 0 proto tcp-client # Use tcp keepalive 10 60 # Some ping like messages persist-tun # Some persist options persist-key # Some persist options ifconfig 10.0.8.2 10.0.8.1 # Tun0 ip-address route 192.168.0.0 255.255.255.0 # Route for corporate network remote 212.212.212.1 1194 # OpenVPN server address resolv-retry infinite # Some Road warrior stuff nobind # We don t need to specific port number mute-replay-warnings # Some WLAN stuff secret /etc/openvpn/myshared.key # Where our secret file is located comp-lzo # Enable compression verb 3 # Log verbosity Example. myopenvpn.cfg file Step 4. Generate startup script for /etc/init.d directory. # Make sure that tun module is loaded insmod tun # Start OpenVPN daemon openvpn --daemon --config /etc/config/openvpn.oma --ifconfig-nowarn # Allow traffic to tunnel /4/ iptables -A INPUT -i tun+ -j ACCEPT # Allow forwarding traffic from tunnel iptables -A FORWARD -i tun+ -j ACCEPT # Allow forwarding traffic from br0 interface to tunnel iptables -A FORWARD -i br0 -o tun+ -j ACCEPT Example. S98openvpn file Step 5. Restart your OpenWRT box and watch your pfsense firewall and OpenVPN logs. There should be something like this Jan 11 12:52:47 openvpn[9494]: Initialization Sequence Completed Jan 11 12:52:46 openvpn[9494]: Peer Connection Initiated with xxx.xxx.xxx.xxx:4356 Jan 11 12:52:46 openvpn[9494]: TCPv4_SERVER link remote: xxx.xxx.xxx.xxx:4356 Jan 11 12:52:46 openvpn[9494]: TCPv4_SERVER link local (bound): [undef]:1194 Jan 11 12:52:46 openvpn[9494]: TCP connection established with xxx.xxx.xxx.xxx:4356 Links /1/ http://www.pfsense.com /2/ http://www.openwrt.org /3/ http://unixhelp.ed.ac.uk/vi/index.html /4/ http://www.netfilter.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback