From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id B610D21F3C3; Sun, 21 Sep 2014 22:21:04 -0700 (PDT) Received: by mail-ob0-f170.google.com with SMTP id uz6so663438obc.15 for ; Sun, 21 Sep 2014 22:21:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=LP5fICRF9Nh9k+KKBlvEK3vzmVnGNmPMiV7duAOlNME=; b=Smc3neqRCq9f9aq3IYYuZh3xceg/dDjw0jB6NtmRum2EHy5JtHGV2Hv88Am8/K3dcO jbw7E3Wh1E8rDoi3ZkGdlL1GPqkapNJuZ84bk/UoMKaf+1O/RHACuOlbVrggjsMWuOJi kfaSD84JDRuyf5o7toTh5d8lzQ8PFM5WziS+Jmqyi/y9lxzKhUCdYIenVtSRjtc+7tyG WjY+Tj2vWh4/LofA3/S92ffU67ZuGmmiE9vbIQY9bd5+yrccnaLQjTjCHdTbO5V+FLnB DXmwN6VyO8tfdPuxNB6GbMF5rHfl3FDKFswD4/2pJcKLQVoB5y1h6zYD0JIC8oOOeH7U 7ZkQ== MIME-Version: 1.0 X-Received: by 10.182.94.230 with SMTP id df6mr24744091obb.36.1411363263107; Sun, 21 Sep 2014 22:21:03 -0700 (PDT) Received: by 10.202.227.76 with HTTP; Sun, 21 Sep 2014 22:21:03 -0700 (PDT) In-Reply-To: <20140922041822.6AB7A3C2BF7@z.eggo.org> References: <20140922041822.6AB7A3C2BF7@z.eggo.org> Date: Mon, 22 Sep 2014 08:21:03 +0300 Message-ID: From: Dave Taht To: Eric Johansson Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-users , "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-users] Open VPN config X-BeenThere: cerowrt-users@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Support for user problems regarding cerowrt List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2014 05:21:33 -0000 Eric: Most of the cerowrt folk are on cerowrt-devel. http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting up openvpn on openwrt which mostly applies to cerowrt. Your internal hosts should be able to initiate a vpn connection through a cerowrt box, no problem. As for routing the vpn, you do have to allow the ips in with bcp38, among other things. If you post your route table here (or to a bug in the cerowrt database) perhaps that will show something. As for generating keys and CA on the router itself - well, it's safer, faster and there is more entropy if you do that on a separate box entirely. On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson wrote: > Install the latest cerowrt so far so good. I'm trying to set up Open VPN = configuration on it. I need to set of one client connection and 1 server si= de connection. > > On the client side, everything came up I can access from the cerowrt box = but not from any machine on my internal network. I suspect there are firewa= ll rules missing . Yes, I saw all the internal routes to all of the network= s at the far end. > > Any pointers would be appreciated. > > On the server side, I'm not sure what to do exactly. I'm not thrilled abo= ut making a CA run on the cerowrt box. I'm tempted to run Tiny CA internall= y and move certificates over as needed. Suggestions are welcome. > _______________________________________________ > Cerowrt-users mailing list > Cerowrt-users@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-users --=20 Dave T=C3=A4ht https://www.bufferbloat.net/projects/make-wifi-fast