openvpn
-
Re: VPN anyone?
Hi, has anyone tried using the omega2 as openvpn client..? and if so, would you please care to share how you got it to work?
I've noticed on the changelog, strongswan has recently been implemented, though no info on how to set up/use it as client(b161
March 2, 2017
Added following packages to Onion repo: * avahi-utils * midnight commander (mc) * strongswan vpn)
Cheers!
-
Not sure if it's wise to get a low-end CPU without h/w crypto accelerator to do the
heavy lifting on VPN? May be it will work, but at what speed?< add a correction >
MT7688 has a module for AES128/256 in CBC mode.
Its current use is for encrypted channel in WiFi.ccs_hello
-
Performance shouldn't be too worrysome - assuming the Onion is the endpoint - it's CPU/IO limited in itself, so the VPN overhead will surely make it worse, but I'd imagine it's like dropping from 200KB/s to 100KB/s. A large overhead, but if we're honest, it's something you can adapt to.
-
Hello,
i'm successfully using OpenVPN client with Omega2+ using AES-128 encryption without any cpu overhead problem. I'm using the LEDE project distribution re-built after re-configuring it through the 'make menuconfig'. A short steps list follows:- Download from github (git clone) the latest LEDE project source repository
- 'make menuconfig' and add OpenVPN plus SSL and Crypto libraries (and some other useful stuff you need)
- 'make', then copy the created firmware file (.bin) found in the bin/<target> directory to a USB key root
- rename the firmware bin file to 'omega2.bin'
- insert the USB key into the USB interface of the Omega 2 Dock, keep pressed the reset button and then power-on the board. - from the menu choose the command '2', then wait for the firmware file being flashed. lede distribution then will boot.
- edit /etc/config/openvpn with your openvpn configuration (see openvpn manuals) and copy all certificates to /etc/openvpn directory
- /etc/init.d/openvpn restart and you shoud be able to use openvpn as a client.
Hope this will help!
Leo
-
Hi @Leonardo-Costa , could you please explain in detail how you did it? I´m quite a newbie in this and not sure how to do it, because I really want to achieve this.
Thanks in advance.
Diego.
-
How to install it remotely?
-
@Lazar-Demin Can you answer? How to inatall openvpn client?
Can you include it to next build?
I can't compile from sources so that everything works.
-
@Alexandr-Didenko why do you need to build openvpn client? Just install it. There is ample documentation on how to do this on OpenWRT.org.
On Omega you get a kernel version error but just add --force-depends parameter and it installs correctly and starts the interfaces.
-
@crispyoz It is installed incorrectly. This doesn't work
-
@Alexandr-Didenko you need to be specific about what is not working.
-
root@BSR6-6E13:~# opkg install openvpn Installing openvpn-mbedtls (2.4.9-1) to root... Downloading http://downloads.openwrt.org/snapshots/packages/mipsel_24kc/base/openvpn-mbedtls_2.4.9-1_mipsel_24kc.ipk Collected errors: * opkg_install_pkg: Package openvpn-mbedtls sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'. * opkg_install_cmd: Cannot install package openvpn.
root@BSR6-6E13:~# opkg install openvpn --force-depends Installing openvpn-mbedtls (2.4.9-1) to root... Downloading http://downloads.openwrt.org/snapshots/packages/mipsel_24kc/base/openvpn-mbedtls_2.4.9-1_mipsel_24kc.ipk Collected errors: * opkg_install_pkg: Package openvpn-mbedtls sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'. * opkg_install_cmd: Cannot install package openvpn.
-
# Omega2+ # OpenWrt 18.06 based official FW v0.3.2 b239 # default (out-of-the-box) /etc/opkg/distfeeds.conf file root@Omega-5BE1:/# opkg update ... root@Omega-5BE1:/# opkg list | grep -i openvpn kmod-wireguard - 4.14.81+0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP. This package provides the kernel module for WireGuard. openvpn-easy-rsa - 3.0.1-1 - CLI utility to build and manage a PKI CA. openvpn-mbedtls - 2.4.5-4 - Open source VPN solution using mbedTLS openvpn-nossl - 2.4.5-4 - Open source VPN solution using plaintext (no SSL) openvpn-openssl - 2.4.5-4 - Open source VPN solution using OpenSSL wireguard - 0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP. wireguard-tools - 0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP. This package provides the userspace control program for WireGuard, `wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
OpenWrt VPN Overview
OpenWrt OpenVPN basic
OpenWrt OpenVPN client
OpenWrt OpenVPN extrasOpenWrt WireGuard VPN
Good luck!