Temat: tłumaczenie z OpenVPN na UCI
Witam
Obecnie mam działający serwer OpenVPN na NASie, jednak chciałbym przejść z nim na router.
Na routerze chciałbym ustawić konfigurację za pomocą komend UCI, a nie poprzez plik openvpn.conf
Częściowo przetłumaczyłem plik konfiguracyjny - proszę o sprawdzenie i uzupełnienie
server.conf
dev tun
server 10.8.0.0 255.255.255.0
port 1194
proto udp
topology net30
management 127.0.0.1 1195
#### certyfikaty
dh /etc/openvpn/dh2048.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
crl-verify /etc/openvpn/crl.pem
tls-auth /etc/openvpn/ta.key 0
#### zestaw szyfrów
cipher AES-256-CBC
auth SHA256
tls-version min 1.1
tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA
#konfiguracja klientów
remote-cert-tls client
client-config-dir /etc/openvpn/ccd
opt-verify
single-session
client-to-client
#### dodanie tras
route 192.168.9.0 255.255.255.0
route 192.168.69.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.9.0 255.255.255.0"
push "route 192.168.69.0 255.255.255.0"
#### przekierowanie ruchu przez VPN
push "redirect-gateway def1 bypass-dhcp"
#### podanie adresu serwerów DNS
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#### pozostałe parametry połączenia
persist-tun
persist-key
max-clients 5
comp-lzo
keepalive 10 60
reneg-sec 3600
#### zapis do logu
log-append /tmp/log/openvpn.log
verb 3
mute 25
status /var/log/openvpnstatus.log 300
#### porzucenie przywilejów roota
user nobody
group nobody
zestaw komend uci
uci set openvpn.home=openvpn
uci set openvpn.home.enabled=1
uci set openvpn.home.dev=tun0
uci set openvpn.home.server='10.8.0.0 255.255.255.0'
uci set openvpn.home.port=1194
uci set openvpn.home.proto=udp
uci set openvpn.home.topology=net30 (???)
(???)certyfikaty
uci set openvpn.home.dh=/etc/openvpn/dh2048.pem
uci set openvpn.home.ca=/etc/openvpn/ca.crt
uci set openvpn.home.cert=/etc/openvpn/server.crt
uci set openvpn.home.key=/etc/openvpn/server.key
uci set openvpn.home.crl_verify=/etc/openvpn/crl.pem
uci set openvpn.home.tls_auth='/etc/openvpn/ta.key'
uci set openvpn.home.key_direction='1'szyfrowanie
uci set openvpn.home.cipher='AES-256-CBC'
uci set openvpn.home.auth='SHA256'
uci set openvpn.home.tls_version_min='1.1'
uci set openvpn.home.tls_cipher 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA'konfiguracja klientów
uci set openvpn.home.remote_cert_tls=server
uci set openvpn.home.client_config_dir='/etc/openvpn/ccd'
(???)uci set openvpn.home.opt_verify='1'
(???)uci set openvpn.home.single_session='1'
uci set openvpn.home.client_to_client='1'trasy
uci add_list openvpn.home.route='192.168.9.0 255.255.255.0'
uci add_list openvpn.home.route='192.168.69.0 255.255.255.0'
uci add_list openvpn.home.push='route 10.8.0.0 255.255.255.0'
uci add_list openvpn.home.push='route 192.168.0.0 255.255.255.0'
uci add_list openvpn.home.push='route 192.168.9.0 255.255.255.0'
uci add_list openvpn.home.push='route 192.168.69.0 255.255.255.0'przekierowanie bramy i dns
uci add_list openvpn.home.push='redirect-gateway def1'
(???) uci add_list openvpn.home.push='dhcp-option DNS 8.8.8.8'
(???) uci add_list openvpn.home.push='dhcp-option DNS 8.8.4.4'pozostałe opcje
uci set openvpn.home.persist_tun='1'
uci set openvpn.home.persist_key='1'
(???)uci set openvpn.home.max_clients='1'
uci set openvpn.home.comp_lzo='yes'
uci set openvpn.home.keepalive='10 60'
(???)uci set openvpn.home.reneg_sec='1'log
uci set openvpn.home.log=/tmp/log/openvpn.log
uci set openvpn.home.verb=3
(???)
uci set openvpn.home.status='/tmp/openvpn-status.log'porzucenie przywilejów roota
(???)
(???)