-
Create route-up and tunneldown files in root folder with favorite editor (ex. vi)
FileName: /root/tunneldown.sh
-
#!/bin/sh
ip rule del from <ip address of slan>/24 table vpn
ip route flush table vpn
#example: ip rule del from 192.168.20.1/24 table vpn
_____OPENVPN 2.0 - Route Up File_____
FileName: /root/route-up.sh
-
#!/bin/sh
# Route Up for OpenVPN 2.0
ip route add $ifconfig_remote dev $dev proto kernel scope link src $ifconfig_local
ip route add $route_network_1 via $ifconfig_remote dev $dev metric 1 table vpn
ip route add 0.0.0.0/1 via $ifconfig_remote dev $dev table vpn
ip route add 128.0.0.0/1 via $ifconfig_remote dev $dev table vpn
# Add route back to local network
ip route add <ip subnet from slan>/24 via <slan Gateway> table vpn
#example : ip route add 192.168.20.0/24 via 192.168.20.1 table vpn
# Add rule from local network to VPN Gateway
ip rule add from <ip address from slan>/24 table vpn
#example: ip rule add from 192.168.20.1/24 table vpn
_____OPENVPN 2.0 - Config File_____
-
Edit OpenVPN Config file and save it on your computer as .ovpn (ex. vpn.dallas.ovpn). Place it in the same folder where your .key, .crt, and ca.crt files are located.
-
#####################################
# OpenVPN 2.0 configuration file
#####################################
client
route-up /root/route-up.sh
route-noexec
down /root/tunneldown.sh
script-security 3 system
dev tun
proto udp
remote <vpn.server.name> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher bf-cbc (Change to Current Cipher)
comp-lzo
verb 3
mute 20
ca /root/ca.crt
mssfix 1300
key /root/<openvpn>.key
cert /root/<openvpn>.crt
#tls-auth ta.key 1
_____OPENVPN 2.4 - Route Up File_____
FileName: /root/route-up.sh
-
#!/bin/sh
# Route Up for OpenVPN 2.4
ip route add $route_vpn_gateway dev $dev proto kernel scope link src $ifconfig_local
ip route add $route_network_1 via $route_vpn_gateway dev $dev metric 1 table vpn
ip route add 0.0.0.0/1 via $route_vpn_gateway dev $dev table vpn
ip route add 128.0.0.0/1 via $route_vpn_gateway dev $dev table vpn
# Add route back to local network
ip route add <ip subnet from slan>/24 via <slan Gateway> table vpn
#example : ip route add 192.168.20.0/24 via 192.168.20.1 table vpn
# Add rule from local network to VPN Gateway
ip rule add from <ip address from slan>/24 table vpn
#example: ip rule add from 192.168.20.1/24 table vpn
_____OPENVPN 2.4 - Config File_____
-
Edit OpenVPN Config file and save it on your computer as .ovpn (ex. vpn.dallas.ovpn). Place it in the same folder where your .key, .crt, and ca.crt files are located.
-
#####################################
# OpenVPN 2.4 configuration file
#####################################
client
route-up /root/route-up.sh
route-noexec
down /root/tunneldown.sh
script-security 3
dev tun
proto udp
remote <vpn.server.name> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher bf-cbc (Change to Current Cipher)
comp-lzo
verb 3
mute 20
ca /root/ca.crt
mssfix 1300
tun-mtu 1500
auth-nocache
key /root/<openvpn>.key
cert /root/<openvpn>.crt
-
Copy Files to router (using favorite File transfer program)
In linux, use Terminal and type the following from the folder where the four files are located.
scp ca.crt <openvpn>.ovpn <openvpn>.crt <openvpn>.key This email address is being protected from spambots. You need JavaScript enabled to view it..x.x:/root
-
SSH back into the router
-
Make these two files executable
-
route-up.sh
-
tunnel-down.sh
From the router, run:
chmod u=rwx /root/route-up.sh /root/tunneldown.sh
-
-
Make the key and crt non-accessible to others or OpenVPN will fuss at you
chmod u=rw,go= <openvpn>.key <openvpn>.crt