Standard

OpenVpn solution under double NAT for home lan devices.

By On In Unix/Linux 1 min read

Home client  – NETGEAR WNDR3400 with local subnet 192.168.55.0/24 with DD-WRT mega firmware.

Server – Centos 6.5 x64 with 3 interfaces tun0 10.11.12.0/24; tun1 11.12.13.0/24 eth0 wan -ip

Remote devices – Iphone, Adnroid, Win7

I won’t provide tutorial how to configure OpenVpn on Centos, you can find alot of guides in the web…

This solution works with double NAT issues. Otherwise you can use free DDNS  service with port forwarding on your home router to get in to the HOME LAN devices.

Basic Configuration steps:

useradd client1 -s /sbin/nologin ; passwd client1

openvpn --genkey --secret netgear.key

Remote clients requared:

ca.crt

clients.ovpn :

client
dev tun
proto tcp # - or UDP
remote  wan -ip 22 # - Use server IP Port number
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3

Server openvpn config tun0:

port 22
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.11.12.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30</em>
comp-lzo
persist-key
persist-tun
status tun0.log
verb 3

Server p-t-p config tun1:

dev tun1
proto tcp-server
ifconfig 11.12.13.1 11.12.13.2
secret /etc/openvpn/netgear.key
port 443
<em>comp-lzo
# HOME NET
route 192.168.55.0 255.255.255.0

Netgear p-t-p config save startup:

#!/bin/sh
KEY='-----BEGIN OpenVPN Static key V1-----
0eecdca82cc21eeafb84f743a9d6c6f9
eac66b669fedfefc5a0e5cdc38eb4e6c
ceae2c6423daadd723b475ce4e7e29e7
14a411e003ae581978597e6d393c4c18
14a411e003ae581978597e6d393c4c1
63e1feda6e66a29b90f5c64b3511c97a
06a9074fedb6f0aeed002a7bc03a8b93
-----END OpenVPN Static key V1-----'

sleep 1
mkdir /tmp/xxx; cd /tmp/xxx
echo "$KEY" &gt; netgear.key
echo "remote wan-ip
dev tun1
ifconfig 11.12.13.2 11.12.13.1
secret /tmp/xxx/netgear.key
proto tcp-client
port 443
comp-lzo
nobind
route 10.11.12.0 255.255.255.0" &gt; netgear.conf
chmod 744 netgear.conf; chmod 600 netgear.key
sleep 1
openvpn --writepid /tmp/tun1.pid --cd /tmp/xxx --config netgear.conf --script-security 2
exit 0

Thanks.

[email protected]

more