Re: [Cerowrt-devel] [Cerowrt-users] Open VPN config

Re: [Cerowrt-devel] [Cerowrt-users] Open VPN config

[Dave Taht]

Eric:

Most of the cerowrt folk are on cerowrt-devel.

http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
up openvpn on openwrt which mostly applies to cerowrt.

Your internal hosts should be able to initiate a vpn connection
through a cerowrt box, no problem.

As for routing the vpn, you do have to allow the ips in with bcp38,
among other things. If you post your route table here (or to a bug in
the cerowrt database) perhaps that will show something.

As for generating keys and CA on the router itself - well, it's safer,
faster and there is more entropy if you do that on a separate box
entirely.


On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj@eggo.org> wrote:
> Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
>
> On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
>
> Any pointers would be appreciated.
>
> On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users



-- 
Dave Täht

https://www.bufferbloat.net/projects/make-wifi-fast

Re: [Cerowrt-devel] [Cerowrt-users] Open VPN config

[Joel Wirāmu Pauling]

I've found that OpenVPN on the ar71xx boards with tls-client security
and UDP based tunnel encap max hit a cpu bound upper transfer limit of
about 10mbit.

Just FYI.

-Joel

On 22 September 2014 17:21, Dave Taht <dave.taht@gmail.com> wrote:
> Eric:
>
> Most of the cerowrt folk are on cerowrt-devel.
>
> http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
> up openvpn on openwrt which mostly applies to cerowrt.
>
> Your internal hosts should be able to initiate a vpn connection
> through a cerowrt box, no problem.
>
> As for routing the vpn, you do have to allow the ips in with bcp38,
> among other things. If you post your route table here (or to a bug in
> the cerowrt database) perhaps that will show something.
>
> As for generating keys and CA on the router itself - well, it's safer,
> faster and there is more entropy if you do that on a separate box
> entirely.
>
>
> On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj@eggo.org> wrote:
>> Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
>>
>> On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
>>
>> Any pointers would be appreciated.
>>
>> On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>
> --
> Dave Täht
>
> https://www.bufferbloat.net/projects/make-wifi-fast
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel