* [Cerowrt-users] Open VPN config
@ 2014-09-22 4:18 Eric Johansson
2014-09-22 5:21 ` Dave Taht
0 siblings, 1 reply; 2+ messages in thread
From: Eric Johansson @ 2014-09-22 4:18 UTC (permalink / raw)
To: cerowrt-users
Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
Any pointers would be appreciated.
On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Cerowrt-users] Open VPN config
2014-09-22 4:18 [Cerowrt-users] Open VPN config Eric Johansson
@ 2014-09-22 5:21 ` Dave Taht
0 siblings, 0 replies; 2+ messages in thread
From: Dave Taht @ 2014-09-22 5:21 UTC (permalink / raw)
To: Eric Johansson; +Cc: cerowrt-users, cerowrt-devel
Eric:
Most of the cerowrt folk are on cerowrt-devel.
http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
up openvpn on openwrt which mostly applies to cerowrt.
Your internal hosts should be able to initiate a vpn connection
through a cerowrt box, no problem.
As for routing the vpn, you do have to allow the ips in with bcp38,
among other things. If you post your route table here (or to a bug in
the cerowrt database) perhaps that will show something.
As for generating keys and CA on the router itself - well, it's safer,
faster and there is more entropy if you do that on a separate box
entirely.
On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj@eggo.org> wrote:
> Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
>
> On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
>
> Any pointers would be appreciated.
>
> On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users
--
Dave Täht
https://www.bufferbloat.net/projects/make-wifi-fast
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-09-22 5:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-22 4:18 [Cerowrt-users] Open VPN config Eric Johansson
2014-09-22 5:21 ` Dave Taht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox