I would like to setup a VPN server for my home NAS. I would like to connect to it from my MacBook and my Android phone out-of-box. I have decided to use L2TP with IPsec. I had an old, unused Fonera 2.0.
Architecture
The Fonera connects to my local network via its WAN port. The DHCP server on my router is providing addresses between 192.168.55.100 and 192.168.55.149.
OpenWRT on Fonera
I had some issues, when I tried to reach RedBoot via telnet. Terminal on Mac OS X couldn't send Ctrl+C to RedBoot to login into the boot menu. I found a very good solution:
- Download this: break
- Set 192.168.1.2/24 manually on the Ethernet interface
- Open a terminal, and start to ping 192.168.1.1
- In an other terminal, when ping was successful, execute the following command:
nc -vv 192.168.1.1 9000 > break - Finally you could access RedBoot via telnet:
telnet 192.168.1.1 9000
If you could access the RedBoot prompt, you have to flashing OpenWRT to the Fonera: OpenWRT on a Fonera 2.0
First steps
First of all, I created a new root password, and enabled SSH. Next I disabled the WLAN device, and the LAN port of the device.
Required packages
You should install the following packages with opkg:
- openswan
- ipsec-tools
- xl2tpd
- iptables-mod-ipsec
- kmod-ipsec4
- kmod-ipsec6
- kmod-ipt-ipsec
- kmod-crypto-aes
Create the following file:
/etc/modules.d/99-local-ipsec
Configuring openswan
Adding the following connection section to the bottom of the /etc/ipsec.conf file:
And edit the virtual_private line in the config setup section above:
Finally, you should create a Shared Secret Passphrase for IPsec. Cretae the /etc/ipsec.secrets file:
OK, now IPsec configuration is done, you only have to enable ipsec service at boot time: /etc/init.d/ipsec enable
Configuring xl2tpd
You should configure the xl2tpd L2TP daemon. Please edit the /etc/xl2tpd/xl2tpd.conf file:
Next, you should set up the PPPD options for xl2tpd. Edit the /etc/ppp/options.xl2tpd file:
Finally, you should setup the user/password pairs for each users. You could do that in /etc/ppp/chap-secrets file:
OK, now L2TP configuration is done, yo only have to enable xl2tpd service at boot time: /etc/init.d/xl2tpd enable
Firewall configuration
The essential configuration you could to do in the /etc/config/firewall file:
Although, you should adding some additional rules manually in the /etc/firewall.user file:
Workarounds
Unfortunately, I had some stability issues with xl2tpd and openswan. I solved this, by restarting of the daemons. First of all, I restarted them after boot (after everything initiated). To do this I added the following to the /etc/rc.local file:
Next, I restarted them after each disconnection. To do this I created a new file at /etc/ppp/ip-down.d/99-l2tp-restart:
Router configuration
You should open the following port on your router:
- 500
- 4500
- 1701
Conclusion
It works great with Mac OS X (Lion) and Android (HTC Wildfire).
Resources
2 comments:
Thanks for sharing an informative blog keep rocking bring more details
mobile application development training online
mobile app development course
mobile application development training
mobile app development course online
mobile application development course
online mobile application development
learn mobile application development
Great Article android based projects
Java Training in Chennai Project Center in Chennai Java Training in Chennai projects for cse The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training Project Centers in Chennai
Post a Comment