OpenVPN GP4 (en): Unterschied zwischen den Versionen
Mfgeg (Diskussion | Beiträge) K |
|||
(8 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 9: | Zeile 9: | ||
* In '''Bridge''' mode a virtual network interface (tap0) is created, which is connected over a network bridge (br0) with the internal network adapter (eth0) of the Dreambox. One or more OpenVPN clients get an IP address of the internal network and can access all available services without additional routing. | * In '''Bridge''' mode a virtual network interface (tap0) is created, which is connected over a network bridge (br0) with the internal network adapter (eth0) of the Dreambox. One or more OpenVPN clients get an IP address of the internal network and can access all available services without additional routing. | ||
− | * In '''Tunnel''' Mode the client only has a connection to the OpenVPN server of the Dreambox. A virtual IP will be assigned for each client according to the subnet (10.128.0.0/24) which is defined in the server configuration. The OpenVPN server uses the IP address <code>10.128.0.1</code>. Access to the internal network is not possible by default, but can be enabled by IP forwarding and routing. | + | * In '''Tunnel''' Mode the client only has a connection to the OpenVPN server of the Dreambox. A virtual IP will be assigned for each client according to the subnet (<code>10.128.0.0/24</code>) which is defined in the server configuration. The OpenVPN server uses the IP address <code>10.128.0.1</code>. Access to the internal network is not possible by default, but can be enabled by IP forwarding and routing. |
==== Requirments for the usage ==== | ==== Requirments for the usage ==== | ||
Zeile 26: | Zeile 26: | ||
# Start the OpenVPN Server plugin. | # Start the OpenVPN Server plugin. | ||
# Select the required Mode and the amount of clients with {{Taste|MENU}} → {{Taste|Settings}}. When using the Bridge Mode, an IP Range for the clients can be set. If the OpenVPN Server should be available after a reboot of the Dreambox, enable the setting '''Start Automatically'''. | # Select the required Mode and the amount of clients with {{Taste|MENU}} → {{Taste|Settings}}. When using the Bridge Mode, an IP Range for the clients can be set. If the OpenVPN Server should be available after a reboot of the Dreambox, enable the setting '''Start Automatically'''. | ||
+ | #*In Bridge Mode, an additional IP range for the clients can be defined. | ||
+ | #*In Tunnel Mode, it's possible to define the local network (detected automatically). Serves as Push of the network towards the VPN clients, if the complete internal network needs to be accessible. | ||
=== Create Certificates === | === Create Certificates === | ||
Zeile 33: | Zeile 35: | ||
# '''Server certificate'''. Enter the previously defined password and the validity period. | # '''Server certificate'''. Enter the previously defined password and the validity period. | ||
# Finally the '''User certificate''' will be created. Enter the previously defined password and the validity period and a name for the client. | # Finally the '''User certificate''' will be created. Enter the previously defined password and the validity period and a name for the client. | ||
+ | |||
+ | {{Hinweis|'''Creation of the Diffie-Hellman key'''<br /> | ||
+ | After the creation of the Server certificate, a [https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange Diffie Hellman] key is generated in background. Please be patient, this process can take up to 15 minutes (depending of the Dreambox model).}} | ||
=== Create OVPN Package for the client === | === Create OVPN Package for the client === | ||
Zeile 48: | Zeile 53: | ||
* Connected clients will be visible after an interval of 60 seconds. | * Connected clients will be visible after an interval of 60 seconds. | ||
* Use the {{Taste|MENU}} button to display a log file. | * Use the {{Taste|MENU}} button to display a log file. | ||
+ | * The routing tabel can be opened with the {{Taste|MENU}} button. | ||
+ | * To delete all certificates, use the {{Taste|MENU}} button in the certificate menu. | ||
=== OpenVPN Server Screenshots === | === OpenVPN Server Screenshots === | ||
Zeile 58: | Zeile 65: | ||
Datei:Openvpn GP4 Zertifikate.png|certificate overview | Datei:Openvpn GP4 Zertifikate.png|certificate overview | ||
Datei:Openvpn GP4 Konfigs erstellen.png|Create configurations / Block certificates | Datei:Openvpn GP4 Konfigs erstellen.png|Create configurations / Block certificates | ||
+ | Datei:Openvpn GP4.png|Active clients | ||
</gallery> | </gallery> | ||
− | == OpenVPN Client == | + | == Modify OVPN.zip configuration == |
+ | Double click the <code>xxx-ovpn.zip</code> archive and open the config file *.ovpn. Edit the entry <code>'''remote'''...</code> with your OpenVPN Server address and Port. | ||
+ | <syntaxhighlight highlight="3"> | ||
+ | #example remote foobar.org 1194 | ||
+ | #example remote 97.123.100.236 1194 | ||
+ | remote my.server.address.com 12345 | ||
+ | </syntaxhighlight> | ||
+ | Copy the modified archive onto the client Dreambox e.g. in the <code>/tmp</code> map. | ||
+ | |||
+ | == OpenVPN client == | ||
+ | # Start the OpenVPN client plugin. | ||
+ | # Push the {{yellow|yellow}} button and select the <code>xxx-ovpn.zip</code> e.g. in the <code>/tmp</code> map. Startt the import with the {{green|green}} button. | ||
+ | # After reopening the OpenVPN clients once more, the imported client entry is appears. | ||
+ | |||
+ | === Start / Stop the OpenVPN clients === | ||
+ | Start the OpenVPN Client with the {{green|green}} button. {{red|red}} will stop the OpenVPN client. | ||
+ | |||
+ | === Automatic start === | ||
+ | If the connection should be started automatically, push the {{Taste|MENU}} button and activate '''Automatic start'''. | ||
+ | |||
+ | === Additional Information === | ||
+ | * Configuration files and certificates of the OpenVPN client are stored in <code>/etc/openvpn/clients</code>. | ||
+ | * Client status is shown after an interval of 10 seconds. | ||
+ | * The Log file can be openen with the {{Taste|MENU}} button. | ||
+ | * The routing tabel can be opened with the {{Taste|MENU}} button. | ||
=== OpenVPN Client Screenshots === | === OpenVPN Client Screenshots === | ||
+ | <gallery> | ||
+ | Datei:Openvpn Klient GP4.png|OpenVPN client | ||
+ | Datei:Openvpn Klient GP4 Import.png|Configuration Import | ||
+ | Datei:Openvpn Klient GP4 getrennt.png|Disconnectes Status | ||
+ | Datei:Openvpn Klient GP4 verbunden.png|Connected | ||
+ | Datei:Openvpn Klient GP4 Info.png|Info of the client | ||
+ | Datei:Openvpn Klient GP4 Log- Routing.png|{{Taste|MENU}} button | ||
+ | Datei:Openvpn Klient GP4 Routingtabelle.png|Routing tabel | ||
+ | </gallery> | ||
== Block certifikates == | == Block certifikates == | ||
− | Certificates can be blocked, to disable the connection from a client. Open the certificate settings with the {{yellow|yellow}} button and select the client you want to block. Disable the certificate with the {{red|red}} button. | + | Certificates can be blocked, to disable the connection from a client. Open the certificate settings with the {{yellow|yellow}} button and select the client you want to block. Disable the certificate with the {{red|red}} button, by using the '''root certificate''' password. |
[[Kategorie:GP4 (en)]] | [[Kategorie:GP4 (en)]] |
Aktuelle Version vom 17. Oktober 2018, 18:59 Uhr
- in Deutsch | - in English |
After the installation of the plugin, an easy configurable OpenVPN Server or Client is available. The OpenVPN uses certificates used for Servern-Multi-Client setups and an encrypted TLS connection.
The OpenVPN Server can be configured for Bridge (tap) or Tunnel (tun) Mode.
- In Bridge mode a virtual network interface (tap0) is created, which is connected over a network bridge (br0) with the internal network adapter (eth0) of the Dreambox. One or more OpenVPN clients get an IP address of the internal network and can access all available services without additional routing.
- In Tunnel Mode the client only has a connection to the OpenVPN server of the Dreambox. A virtual IP will be assigned for each client according to the subnet (
10.128.0.0/24
) which is defined in the server configuration. The OpenVPN server uses the IP address10.128.0.1
. Access to the internal network is not possible by default, but can be enabled by IP forwarding and routing.
Inhaltsverzeichnis
Requirments for the usage
- OpenVPN Server must be configured and startet.
- The OpenVPN Server only supports wired network (no WLAN).
- Portforwarding on the router towards the Dreambox (port 1194/UDP)
- To connect to the Server, the WAN IP must be known, or a DDNS Service should be configured (e.g. No-IP).
- Certificates need to be created for each client (OVPN Package).
- OpenVPN needs to be installed on all clients. Protocols such as IPSec, IKE, PPTP, or L2TP are not supported.
- Server LAN and Client LAN must be different.
OpenVPN Server
Configure the OpenVPN Server as follows:
Configure OpenVPN Server
- Start the OpenVPN Server plugin.
- Select the required Mode and the amount of clients with MENU → Settings. When using the Bridge Mode, an IP Range for the clients can be set. If the OpenVPN Server should be available after a reboot of the Dreambox, enable the setting Start Automatically.
- In Bridge Mode, an additional IP range for the clients can be defined.
- In Tunnel Mode, it's possible to define the local network (detected automatically). Serves as Push of the network towards the VPN clients, if the complete internal network needs to be accessible.
Create Certificates
Open the certificate settings with the yellow button. Add with the green button the following certificates:
- Root certificate. Define a password, validity period ... as wanted.
- Server certificate. Enter the previously defined password and the validity period.
- Finally the User certificate will be created. Enter the previously defined password and the validity period and a name for the client.
Creation of the Diffie-Hellman key After the creation of the Server certificate, a Diffie Hellman key is generated in background. Please be patient, this process can take up to 15 minutes (depending of the Dreambox model). |
Create OVPN Package for the client
Open the certificate setting with the yellow button. Select the different clients and create the OpenVPN archives with the yellow button. The archive contain the configuration files and certificates, which will be needed to setup the clients. The zip archives are saved in:
/etc/ssl/openvpn
Start / Stop the OpenVPN Server
Start the OpenVPN Server with the green button. red stops the OpenVPN Server.
Additional informations
- Configuration files and certificates of the OpenVPN Server are saved in
/etc/openvpn
. - When the OpenVPN Server is running, the menu Settings is not available.
- Connected clients will be visible after an interval of 60 seconds.
- Use the MENU button to display a log file.
- The routing tabel can be opened with the MENU button.
- To delete all certificates, use the MENU button in the certificate menu.
OpenVPN Server Screenshots
Modify OVPN.zip configuration
Double click the xxx-ovpn.zip
archive and open the config file *.ovpn. Edit the entry remote...
with your OpenVPN Server address and Port.
#example remote foobar.org 1194 #example remote 97.123.100.236 1194 remote my.server.address.com 12345
Copy the modified archive onto the client Dreambox e.g. in the /tmp
map.
OpenVPN client
- Start the OpenVPN client plugin.
- Push the yellow button and select the
xxx-ovpn.zip
e.g. in the/tmp
map. Startt the import with the green button. - After reopening the OpenVPN clients once more, the imported client entry is appears.
Start / Stop the OpenVPN clients
Start the OpenVPN Client with the green button. red will stop the OpenVPN client.
Automatic start
If the connection should be started automatically, push the MENU button and activate Automatic start.
Additional Information
- Configuration files and certificates of the OpenVPN client are stored in
/etc/openvpn/clients
. - Client status is shown after an interval of 10 seconds.
- The Log file can be openen with the MENU button.
- The routing tabel can be opened with the MENU button.
OpenVPN Client Screenshots
Block certifikates
Certificates can be blocked, to disable the connection from a client. Open the certificate settings with the yellow button and select the client you want to block. Disable the certificate with the red button, by using the root certificate password.