Tag: openvpn

Categories
Network VPN 笔记 路由、设备

Asus Merlin Policy Based Routing

By @sskaje
Link: https://sskaje.me/2019/02/asus-merlin-policy-based-routing/


之前写过一个版本,基于380.x的,一开始好用,最近过来发现不好使了。索性把家里路由升级到384.9,重新配置。

拓扑结构基本不变,增加了需求让两边家里能互通,所以把NAT关了。

这回直接简化,搞了个github的repo,https://github.com/sskaje/merlin-pbr,把jffs的配置脚本放进去了,依旧是 dnsmasq + ipset,但是openvpn-event脚本 也可以手工维护路由列表,自动走openvpn的网卡。



Asus Merlin Policy Based Routing by @sskaje: https://sskaje.me/2019/02/asus-merlin-policy-based-routing/
Link to this post!
Categories
Network UBNT VPN 工具、命令 杂七杂八 笔记 路由、设备

OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter

By @sskaje
Link: https://sskaje.me/2017/10/openvpn-site-to-site-vpn-asus-merlin-ubnt-edgerouter/

前言

Network Topology
Network Topology

RT-AC68U 使用PPPoE拨号上网,但是分配的IP是100.64.204.111, 看着像公网IP实际却是Carrier-grade NAT.

现在需要将RT-AC68U与一台在公网的EdgeRouter使用OpenVPN Site-to-Site连接起来,并在RT-AC68U端实现policy-based routing。
需要让RT-AC68U下的所有设备能访问EdgeRouter LAN的网络,并根据需求透过VPS访问指定互联网。

本实验参考下列文章:
Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite
EdgeRouter OpenVPN Connectivity Monitor
EdgeRouter 策略路由实现分析
EdgeRouter Policy Based Routing Using DNSMASQ IPSET

Continue reading “OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter”
OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter by @sskaje: https://sskaje.me/2017/10/openvpn-site-to-site-vpn-asus-merlin-ubnt-edgerouter/

Incoming search terms:

Categories
Linux Network UBNT 工具、命令 路由、设备

EdgeRouter OpenVPN Connectivity Monitor

By @sskaje
Link: https://sskaje.me/2016/08/edgerouter-openvpn-connectivity-monitor/

VPN protocols are censored and blocked in China.

I’ve set up an PPTP client and a Site-to-site OpenVPN connection on my EdgeRouter Lite.

PPTP is insecure and is easier to censor, so I’ve removed PPTP client from my router.

OpenVPN is better than PPTP, not only secured, but also much more stable. But traffics are occasionally lost, reset works at most cases.

But I cannot get ssh access anywhere anytime, so I have to write an script monitor and run ‘reset’ if necessary.

You are not authorised to read all content in this post.

Please login…

EdgeRouter OpenVPN Connectivity Monitor by @sskaje: https://sskaje.me/2016/08/edgerouter-openvpn-connectivity-monitor/

Incoming search terms:

Link to this post!
Categories
Network UBNT VPN 笔记 路由、设备

Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite

By @sskaje
Link: https://sskaje.me/2016/02/set-openvpn-site-to-site-ubnt-edgerouter-lite/

参考:https://help.ubnt.com/hc/en-us/articles/204949694-EdgeMAX-OpenVPN-Site-to-Site
不同的是,我一端是Ubuntu Linux,另一端是EdgeRouter Lite。

实现的目的也是让EdgeRouter连上远程vpn实现XXXX。
PPTP的方案参考:EdgeOS PPTP VPN客户端配置

环境

Ubuntu Linux, 10.99.99.2
EdgeRouter Lite, 10.99.99.1

配置EdgeRouter Lite

SSH到Ubnt EdgeRouter Lite
生成共享密钥文件

执行命令创建VPN

执行命令启用NAT

如果需要重启tunnel

配置Linux

安装openvpn

把EdgeRouter的 /config/auth/secret 复制到 /etc/openvpn/er-site2site-static.key

编辑 /etc/openvpn/server.conf

启动openvpn

测试

在EdgeRouter ping Linux

在Linux ping EdgeRouter

如果还有问题,可以看日志

配置路由

参考下一篇文章 UBNT EdgeOS 配置设备路由(interface-route)的方法

Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite by @sskaje: https://sskaje.me/2016/02/set-openvpn-site-to-site-ubnt-edgerouter-lite/

Incoming search terms:

Link to this post!
Categories
PKI VPN 笔记

Easy-RSA 3 HowTo

By @sskaje
Link: https://sskaje.me/2015/09/easy-rsa-3-howto/

OpenVPN 自带了一套CA相关的脚本,乱七八糟的,用起来并没觉得有多easy,不过新版把文件整合了,github: https://github.com/OpenVPN/easy-rsa
Easy-RSA 3.0 今天刚Release。

配置

配置起来比较简单,把下列文件放在同一个目录里即可,或者下载官方的release,直接改名 vars.example 为 vars。

  • easyrsa
  • openssl-1.0.cnf
  • vars
  • x509-types

以前的版本,需要修改vars文件,然后 source 加载一下,新版本可以用 –vars=/path/to/vars 或者完全靠命令行参数传参。
vars文件需要配置,可以看文件注释,给一个参考的版本。

Continue reading “Easy-RSA 3 HowTo”
Easy-RSA 3 HowTo by @sskaje: https://sskaje.me/2015/09/easy-rsa-3-howto/

Incoming search terms: