e*********r 发帖数: 546 | 1 请问是不是根据这个操作,就可以把comcast cable modem+linksys wireless router
转变成vpn的提供方。这样不在家的时候也可以用家里router上的vpn上网?这样发出的
连接显示的ip和从家里发出一样(也可用于在大陆时翻墙)?
多谢!
http://www.howtogeek.com/64433/how-to-install-and-configure-ope | n**********l 发帖数: 271 | 2 Yes if it works.
Just be aware that OpenVPN server is not functional in some ddwrt builds(
AFAIK it's not working in 19519).
If you can get optware to work, use ipkg to install openvpn-sever. It's
older but it works.
Don't be expecting (very) high performance with this method. Watch your
rotuer's cpu load.
Another thing to consider is the connectivity from China to your router. In
particular if packet loss is 10%+ then have fun........ | e*********r 发帖数: 546 | 3 So I only need to keep the router on in the US. And use OpenVPN client in
China to access the router/thus US internet, right?
When I create a free hostname blahblah.no-ip.info, it seems to get the IP of
the router. Howerver, I still cannot access the router by
typingin blahblah.no-ip.info (even from within the wireless network).
Thanks.
In
【在 n**********l 的大作中提到】 : Yes if it works. : Just be aware that OpenVPN server is not functional in some ddwrt builds( : AFAIK it's not working in 19519). : If you can get optware to work, use ipkg to install openvpn-sever. It's : older but it works. : Don't be expecting (very) high performance with this method. Watch your : rotuer's cpu load. : Another thing to consider is the connectivity from China to your router. In : particular if packet loss is 10%+ then have fun........
| n**********l 发帖数: 271 | 4 assuming DDNS resolves to your public IP.. if not, check DDNS log
What do you mean by "access the router"?
for openvpn-server, you need to enable the port(udp 1194 by default),
routing between networks (if you use routed method) and routing between br0
and tun0(interface name depends on your router and settings)
add firewall rules in admin-commands-save firewall or use a script so the
setting is persistent | e*********r 发帖数: 546 | 5
I suppose instead of 192.168.1.1, I should be able to use blahblah.no-ip.
info to access the router, after DDNS setup (it does seem to resolve to the
actual router address, on the DDNS log shown in the dd-wrt setting page). Am
I missing anything?
br0
【在 n**********l 的大作中提到】 : assuming DDNS resolves to your public IP.. if not, check DDNS log : What do you mean by "access the router"? : for openvpn-server, you need to enable the port(udp 1194 by default), : routing between networks (if you use routed method) and routing between br0 : and tun0(interface name depends on your router and settings) : add firewall rules in admin-commands-save firewall or use a script so the : setting is persistent
| n**********l 发帖数: 271 | 6 http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B
On the part of creating certs, pay attention to your path and time zone...
What can't you connect to? Web interface? remote management enabled?
OpenVPN requires port UDP 1194
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
# optonal
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
use verb 4 in OpenVPN configuration to get enough information for
troubleshooting... Simply saying it's not working does not help... Thanks. | e*********r 发帖数: 546 | 7 Yes, remote access -> WEBGUI Management enabled
I followed the post till the end of "Client Config File - Desktop"
my OpenVPN client window log ends up with the following, where
174.xx.xx.xx is the same as the one shown in DDNS Status:
"Mon Sep 24 21:00:16 2012: INADYN: Started 'INADYN Advanced version 1.96-ADV
' - dynamic DNS updater.
Mon Sep 24 21:00:16 2012: INADYN: IP read from cache file is '174.xx.xx.xx'.
No update required."
OpenVPN client window:
Mon Sep 24 21:26:25 2012 us=234000 Data Channel MTU parms [ L:1560 D:1450 EF
:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 24 21:26:25 2012 us=234000 Local Options String: 'V4,dev-type tun,
link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,
auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep 24 21:26:25 2012 us=234000 Expected Remote Options String: 'V4,dev-
type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-
128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep 24 21:26:25 2012 us=234000 Local Options hash (VER=V4): 'bc07730e'
Mon Sep 24 21:26:25 2012 us=234000 Expected Remote Options hash (VER=V4): '
b695cb4a'
Mon Sep 24 21:26:25 2012 us=234000 Attempting to establish TCP connection
with 174.xx.xx.xx:1194
Mon Sep 24 21:26:26 2012 us=326000 TCP: connect to 174.xx.xx.xx:1194 failed,
will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Mon Sep 24 21:26:32 2012 us=395000 TCP: connect to 174.xx.xx.xx:1194 failed,
will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Mon Sep 24 21:26:38 2012 us=432000 TCP: connect to 174.xx.xx.xx:1194 failed,
will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Mon Sep 24 21:26:44 2012 us=454000 TCP: connect to 174.xx.xx.xx:1194 failed,
will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
【在 n**********l 的大作中提到】 : http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B : On the part of creating certs, pay attention to your path and time zone... : What can't you connect to? Web interface? remote management enabled? : OpenVPN requires port UDP 1194 : iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT : iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT : # optonal : iptables -I FORWARD -i br0 -o tun0 -j ACCEPT : iptables -I FORWARD -i tun0 -o br0 -j ACCEPT : use verb 4 in OpenVPN configuration to get enough information for
| n**********l 发帖数: 271 | 8 1. is your port 1194 UDP open?
# iptables -L -n | grep 1194
2. is your openvpn-server running?
top
3. server side log?
if you don't know where it is... go to your config file and check log-append
...
I suggest putting the log on /var instead of somewhere on /opt. Frequenty r/
w is bad for flash drives (it's slow anyway...) | e*********r 发帖数: 546 | 9 I probably missed sth...
DDNS Status
Tue Sep 25 22:25:55 2012: INADYN: Started 'INADYN Advanced version 1.96-ADV'
- dynamic DNS updater.
Tue Sep 25 22:25:55 2012: INADYN: IP read from cache file is '174.xx.xx.xx'.
No update required.
Remote telnet is enabled with port 23.
Am I supposed to use putty to log onto the above and type the commands you
mention? Putty cannot access the above address though.
append
r/
【在 n**********l 的大作中提到】 : 1. is your port 1194 UDP open? : # iptables -L -n | grep 1194 : 2. is your openvpn-server running? : top : 3. server side log? : if you don't know where it is... go to your config file and check log-append : ... : I suggest putting the log on /var instead of somewhere on /opt. Frequenty r/ : w is bad for flash drives (it's slow anyway...)
|
|