Hardware A client of mine recently had need of a VPN link between their main office and a remote office. Based on previous experience, I decided the OpenVPN version of DD-WRT running on two low-cost routers would provide a cost-effective solution to the problem. My goal was to create a VPN that would allow systems on either side of the connection to have connectivity with systems on the other side, but not pass broadcast traffic. I also wanted the routers to automatically connect on startup and continually try to reconnect if Internet connectivity was lost. I couldnt find any other documentation on the Interwebs that described this solution, so I decided to lay it out here on ShortBus. Installing the Firmware The first thing you will need is two routers capable of running DD-WRT. In my case, I chose two Buffalo WHR-G54Ss. Next, you will need to download the latest VPN version of DD-WRT. Make sure your get the right version for your brand of router. Finally, follow the firmware installation instructions making sure you check for any special procedure for your router. Buffalo routers require a unique procedure for the initial flash of DD-WRT. The LAN subnets of the routers must be different for this configuration. This needs to be setup in the web interface of DD-WRT. For the purposes of this tutorial, the OpenVPN server subnet is and the OpenVPN client subnet is Creating OpenSSL Keys The next step is to generate Public Key Infrastructure (PKI) certificates and keys for your routers. The easiest way to do this is to download a copy of OpenVPN onto your local system. If you use Ubuntu Linux, you can do this with # apt-get install openvpn The key generation scripts are located in /usr/share/doc/openvpn/examples/easy-rsa. cd there and follow the PKI generation instructions on the OpenVPN web site. You need to generate a client cert/key pair the server and one for each client. Be sure to give each client certificate a unique .mon Name. Creating the DD-WRT Startup Scripts The procedure here is to generate the OpenVPN config files and cert/key files from the startup script in /tmp on each boot. Replace the INSERT YOUR OWN CONTENT HERE with the certs/keys generated in the last section. About the Author: 相关的主题文章:


Comments are closed.