dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Easy OpenVPN with DD-WRT clients
Easy OpenVPN was created to quickly and easily setup an OpenVPN server and connect a remote
router(s) running dd-wrt firmware. This scripts have been tested only on Centos 6 (32 & 64). This type
of configuration would be helpful in the deployment of remote SIP phones.
Below are the basic server steps:
Install Centos 6 (or PBXiaf w/Centos 6) physically or virtual KVM.
Download Easy OpenVPN from here.
NOTE:
Easy OpenVPN with dd-wrt clients for Centos 5 can be found here.
Untar the scripts in the /root directory.
cd to the newly created /root/EasyOpenVPN directory.
Type:
Run Script 1:
This script will install all the needed OpenVPN software and then have you edit the vars file.
Run script 2:
This script will build the certificates, keys and server configuration need by OpenVPN. It will also
open UDP port 1194 on the server to allow OpenVPN connections.
Run script 3:
This script will create a client file(s) for the dd-wrt router. Create as many clients as you would like,
but always use a different name for each client.
Port forward UDP port 1194 on your router to your VPN server.
This completes the Server Setup/config.
Below are the basic dd-wrt steps:
Install the dd-wrt OpenVPN firmware version on your supported router.
My version is version is DD-WRT v24-sp2 (08/07/10) vpn - build 14896.
After install your firmware, proceed to the Servers >VPN tab.
Enable the “OpenVPN Client” and edit/verify the settings below.
Server Name: Your OpenVPN server IP or FQDN
Port: 1194
Tun MTU Setting: 1500
TUN MTU Extra: 32
TCP MSS: 1450
Use LZO Compression: Disabled
Tunnel Protocol: UDP
Tunnel Device: TUN
nsCertType: NOT checked
CA Cert: = Paste the ca.crt file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN CERTIFICATE-----
EwgzMmJpdFBCWDEUMBIGA1UEAxMLMzJiaXRQQlggQ0ExFjAUBgNVBCkTDURhcnJ5
bCBEb3Rzb24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0aGVkb3Rzb25jbGFuLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7gdpPIni4IaeKODa03xAM5i
EXCnzpecxbecSdF17D2QQNiE8JtQaTxIbtLkEpah4YIucVkzHRn+JkGijZavB4Ur
RvYtes9tWAscxp+wIWekwgKmi3Sf0KoYOkS6JkPd/0Oc3EFOBMLyL+kW/dM7eBNA
OBURiOZif96I6mHwfNUCAwEAAaOCAQIwgf8wHQYDVR0OBBYEFDpiAFib7S0HTlFq
kCUFCCMKFkCLMIHPBgNVHSMEgccwgcSAFDpiAFib7S0HTlFqkCUFCCMKFkCLoYGg
pIGdMIGaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCRkwxFDASBgNVBAcTC0ludGVy
bGFjaGVuMREwDwYDVQQKEwgzMmJpdA1UEAxMLMzJiaXRQQlggQ0Ex
FjAUBgNVBCkTDURhcnJ5bCBEb3Rzb24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0
aGVkb3Rzb25jbGFuLmNvbYIJANP3+ODT6PtxMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEFBQADgYEAB7oyQsrc9aaiyr/65tSDUt8l/Dh7GqvrJUC8pJAy8thk6uv5
NOpJR/3r247S9NnIaC4wtEL1kO4tcoV64XZlyDDuxtWtOZjPm5npAHOVvkj0fmnN
4B8loTYh27h+DppaOth/nXZbZ8NWq4ky+EhkL2e4pvO12nDFC4STcENUlUI=
-----END CERTIFICATE-----
Public Client Cert: = Paste the Client.crt file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN CERTIFICATE-----
8A/p5Ih22hv9jBsnxWpiq9jJf5RSCNqTsiYudaLIEfzORNiffDRrVXzB2Pi3QykY
FMlABiYbOErVKgR+6UC3PJpuLcTQIesWQiFsH53LAgMBAAGjggFRMIIBTTAJBgNV
HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFIGiVLPQjxqJCysqN8jbMWqQ7oZQMIHPBgNVHSMEgccw
gcSAFDpiAFib7S0HTlFqkCUFCCMKFkaMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCRkwxFDASBgNVBAcTC0ludGVybGFjaGVuMREwDwYDVQQKEwgzMmJp
dFBCWDEUMBIGA1UEAxMLMzJiaXRQQlggQ0ExFjAUBgNVBCkTDURhcnJ5bCBEb3Rz
b24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0aGVkb3Rzb25jbGFuLmNvbYIJANP3
+ODT6PtxMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG
9w0BAQUFAAOBgQBGka5oh1wk97MMf0AMK97uOdwLlw7fkOuxoIZukGmW91A9hBJX
ccSp9qLEySSwau8mW2efBbNWgabljyueymvt8E8hNXa1gkzSI9Q4g0alGZ1iEhBa
p6ywew8CTZVjacgWGSKzNdOttgaqHsARx5YB6M96NCn94q8MLh3w2m3Ptw==
-----END CERTIFICATE-----
Private Client Key: Paste the Client.key file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN PRIVATE KEY-----
Mbz1MNRtLiX8e4uZ4tv+SzpW4l01KOlJZFBccEVeoJJ9jiP+Mco4W6Kj8L09h+BfX
ubVmIEN3jpacAZHnPtioxbmPccb8o0iAZWHx2c8ZBqe7Nl1ER9zu7NWNUXRawbLt
Eoq+oGb+d4DVw1BjosECQQD84I0vmzxAJ4O5gTnwDKh0zfDp9LX9TOuWXUpCt0Wk
f0+9ahdN9MzRKKkoJt8w1UKRlUGwy0IsyLHrMrMZFiAjAkEA1qKVJBMFu9Byvwp7
eqPGuVwzMemOGO41mGqsJhPP6fXA3QSTWGGIoehvSh0RxDdNPUVezx0B6eM4cgkF
H1ASOQJBAITNoRgpXIEMv38CwNyyqR1+slEL9S+r3+W95KwY9/gl7Ei7mLWWJKKL
yhqOH5TTyvwN+MvSU1SVqeqtW6WHGyUCQDeYxakihEmyJQb3YCTUZ5V8HIbBSN2M
VrW0bAMw/ppL3jliBgjOuuW1n55DCWcaLBfC8FwV13kOMoDXdUw3IYECQEsbSq1D
NnT/bF8DcSiOQI8lE0XUWJ899U2hUSFuwVyYoWgidPhNLeRs+aUgFBnkJSRCuXVr
r8VRlkR3kZrSu8o=
-----END PRIVATE KEY-----
Save and apply settings.
At this point, your dd-wrt router should be able to connect your OpenVPN server. Devices ( SIP
phones) behind your dd-wrt router should be able to communicate your OpenVPN server/PBX.
Important Notes:
The time on the VPN server AND the time on the dd-wrt router must match. If they are incorrect, the
client will not connect! Keep in mind, the dd-wrt uses UTC time! adjust your settings accordingly.
Port 1194 is the default OpenVPN port. If you wish to change port numbers, you will need to make
three changes.
After a successful install, you might want to remove "verb 3" from the /etc/openvpn/server.conf file. This will reduce the amount of messaging in the /var/log/messages file.
Easy OpenVPN was created to quickly and easily setup an OpenVPN server and connect a remote
router(s) running dd-wrt firmware. This scripts have been tested only on Centos 6 (32 & 64). This type
of configuration would be helpful in the deployment of remote SIP phones.
Below are the basic server steps:
Install Centos 6 (or PBXiaf w/Centos 6) physically or virtual KVM.
Download Easy OpenVPN from here.
NOTE:
Easy OpenVPN with dd-wrt clients for Centos 5 can be found here.
Untar the scripts in the /root directory.
cd to the newly created /root/EasyOpenVPN directory.
Type:
Run Script 1:
This script will install all the needed OpenVPN software and then have you edit the vars file.
Run script 2:
This script will build the certificates, keys and server configuration need by OpenVPN. It will also
open UDP port 1194 on the server to allow OpenVPN connections.
Run script 3:
This script will create a client file(s) for the dd-wrt router. Create as many clients as you would like,
but always use a different name for each client.
Port forward UDP port 1194 on your router to your VPN server.
This completes the Server Setup/config.
Below are the basic dd-wrt steps:
Install the dd-wrt OpenVPN firmware version on your supported router.
My version is version is DD-WRT v24-sp2 (08/07/10) vpn - build 14896.
After install your firmware, proceed to the Servers >VPN tab.
Enable the “OpenVPN Client” and edit/verify the settings below.
Server Name: Your OpenVPN server IP or FQDN
Port: 1194
Tun MTU Setting: 1500
TUN MTU Extra: 32
TCP MSS: 1450
Use LZO Compression: Disabled
Tunnel Protocol: UDP
Tunnel Device: TUN
nsCertType: NOT checked
CA Cert: = Paste the ca.crt file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN CERTIFICATE-----
EwgzMmJpdFBCWDEUMBIGA1UEAxMLMzJiaXRQQlggQ0ExFjAUBgNVBCkTDURhcnJ5
bCBEb3Rzb24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0aGVkb3Rzb25jbGFuLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7gdpPIni4IaeKODa03xAM5i
EXCnzpecxbecSdF17D2QQNiE8JtQaTxIbtLkEpah4YIucVkzHRn+JkGijZavB4Ur
RvYtes9tWAscxp+wIWekwgKmi3Sf0KoYOkS6JkPd/0Oc3EFOBMLyL+kW/dM7eBNA
OBURiOZif96I6mHwfNUCAwEAAaOCAQIwgf8wHQYDVR0OBBYEFDpiAFib7S0HTlFq
kCUFCCMKFkCLMIHPBgNVHSMEgccwgcSAFDpiAFib7S0HTlFqkCUFCCMKFkCLoYGg
pIGdMIGaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCRkwxFDASBgNVBAcTC0ludGVy
bGFjaGVuMREwDwYDVQQKEwgzMmJpdA1UEAxMLMzJiaXRQQlggQ0Ex
FjAUBgNVBCkTDURhcnJ5bCBEb3Rzb24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0
aGVkb3Rzb25jbGFuLmNvbYIJANP3+ODT6PtxMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEFBQADgYEAB7oyQsrc9aaiyr/65tSDUt8l/Dh7GqvrJUC8pJAy8thk6uv5
NOpJR/3r247S9NnIaC4wtEL1kO4tcoV64XZlyDDuxtWtOZjPm5npAHOVvkj0fmnN
4B8loTYh27h+DppaOth/nXZbZ8NWq4ky+EhkL2e4pvO12nDFC4STcENUlUI=
-----END CERTIFICATE-----
Public Client Cert: = Paste the Client.crt file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN CERTIFICATE-----
8A/p5Ih22hv9jBsnxWpiq9jJf5RSCNqTsiYudaLIEfzORNiffDRrVXzB2Pi3QykY
FMlABiYbOErVKgR+6UC3PJpuLcTQIesWQiFsH53LAgMBAAGjggFRMIIBTTAJBgNV
HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFIGiVLPQjxqJCysqN8jbMWqQ7oZQMIHPBgNVHSMEgccw
gcSAFDpiAFib7S0HTlFqkCUFCCMKFkaMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCRkwxFDASBgNVBAcTC0ludGVybGFjaGVuMREwDwYDVQQKEwgzMmJp
dFBCWDEUMBIGA1UEAxMLMzJiaXRQQlggQ0ExFjAUBgNVBCkTDURhcnJ5bCBEb3Rz
b24xJzAlBgkqhkiG9w0BCQEWGGRhcnJ5bEB0aGVkb3Rzb25jbGFuLmNvbYIJANP3
+ODT6PtxMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG
9w0BAQUFAAOBgQBGka5oh1wk97MMf0AMK97uOdwLlw7fkOuxoIZukGmW91A9hBJX
ccSp9qLEySSwau8mW2efBbNWgabljyueymvt8E8hNXa1gkzSI9Q4g0alGZ1iEhBa
p6ywew8CTZVjacgWGSKzNdOttgaqHsARx5YB6M96NCn94q8MLh3w2m3Ptw==
-----END CERTIFICATE-----
Private Client Key: Paste the Client.key file created with script create-EasyOpenVPN-client.sh in the server section.
Example:
-----BEGIN PRIVATE KEY-----
Mbz1MNRtLiX8e4uZ4tv+SzpW4l01KOlJZFBccEVeoJJ9jiP+Mco4W6Kj8L09h+BfX
ubVmIEN3jpacAZHnPtioxbmPccb8o0iAZWHx2c8ZBqe7Nl1ER9zu7NWNUXRawbLt
Eoq+oGb+d4DVw1BjosECQQD84I0vmzxAJ4O5gTnwDKh0zfDp9LX9TOuWXUpCt0Wk
f0+9ahdN9MzRKKkoJt8w1UKRlUGwy0IsyLHrMrMZFiAjAkEA1qKVJBMFu9Byvwp7
eqPGuVwzMemOGO41mGqsJhPP6fXA3QSTWGGIoehvSh0RxDdNPUVezx0B6eM4cgkF
H1ASOQJBAITNoRgpXIEMv38CwNyyqR1+slEL9S+r3+W95KwY9/gl7Ei7mLWWJKKL
yhqOH5TTyvwN+MvSU1SVqeqtW6WHGyUCQDeYxakihEmyJQb3YCTUZ5V8HIbBSN2M
VrW0bAMw/ppL3jliBgjOuuW1n55DCWcaLBfC8FwV13kOMoDXdUw3IYECQEsbSq1D
NnT/bF8DcSiOQI8lE0XUWJ899U2hUSFuwVyYoWgidPhNLeRs+aUgFBnkJSRCuXVr
r8VRlkR3kZrSu8o=
-----END PRIVATE KEY-----
Save and apply settings.
At this point, your dd-wrt router should be able to connect your OpenVPN server. Devices ( SIP
phones) behind your dd-wrt router should be able to communicate your OpenVPN server/PBX.
Important Notes:
The time on the VPN server AND the time on the dd-wrt router must match. If they are incorrect, the
client will not connect! Keep in mind, the dd-wrt uses UTC time! adjust your settings accordingly.
Port 1194 is the default OpenVPN port. If you wish to change port numbers, you will need to make
three changes.
- /etc/openvpn/server.conf.
- Iptables firewall.
- Port forwarding in your router.
After a successful install, you might want to remove "verb 3" from the /etc/openvpn/server.conf file. This will reduce the amount of messaging in the /var/log/messages file.
Phone System 