This note is for a setup that allows using Linksys WRT54 router for VPNing into remote network and providing multiple PCs on your home network access to that remote network in similar fashion as they access Internet (through NAT). It is assumed that the VPN server is already available on the remote network and the “openvpn” client can be used to connect to that server. The WRT54 router is assumed to be connected to the local network and not used for WAN/Internet access.
The standard Tomato distribution as of today does not include openvpn, so a modded version is required (download from here):
http://www.tomatomod.de/TomatoMod_1.19.1464-OnlyEssentials.7z
The script below has to be updated to include correct addresses, VPN parameters, certificates and the private key.
Then it can be put into the “Firewall” script textbox under the “Administration->Scripts” in tomato menu.
The iptables commands for DNS_ADDRESS settings are not necessary, but might be useful for making the
router mimic the remote network DNS. The local DNS then can be set up to forward DNS requests for the remote
network domain directly to the router on the local network.
insmod tun.o cd /tmp ln -s /usr/sbin/openvpn /tmp/vpn ./vpn --mktun --dev tap0 ifconfig tap0 up sleep 5 iptables -t nat -A POSTROUTING -s A.B.C.D/MASK -o tap0 -j MASQUERADE iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to DNS_ADDRESS iptables -t nat -A PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to DNS_ADDRESS echo " ================== use your config here ====================== client dev tap0 remote VPN.SERVER.IP resolv-retry infinite tls-client persist-key persist-tun ca ca.crt cert cl.crt key cl.key ns-cert-type server comp-lzo verb 3 ================ end use your config here ===================== " > /tmp/cl.conf echo " -----BEGIN CERTIFICATE----- Cut&paste the CA or server certificate here. -----END CERTIFICATE----- " > /tmp/ca.crt echo " -----BEGIN RSA PRIVATE KEY----- Cut&paste client private key here. In order to decrypt it first use (for RSA): > openssl rsa -in key.pem -----END RSA PRIVATE KEY----- " > /tmp/cl.key chmod 600 /tmp/cl.key echo " -----BEGIN CERTIFICATE----- Cut&paste client certificate here. -----END CERTIFICATE----- " > /tmp/cl.crt ./vpn --config cl.conf &
Well said. I never thought I would agree with this opinion, <strong><a href=\\"http://www.tronsale.com\\">True Religion Outlet</a></strong> but I’m starting to view things from a different view. I have to research more on this as it seems very interesting. <strong><a href=\\"http://www.ocheapoakleys.com\\">cheap oakleys</a></strong> One thing I don’t understand though is how everything is related together. This is a really quality post.I find <strong><a href=\\"http://www.ocheapoakleys.com\\">cheap oakley sunglasses</a></strong> this information through Google. Great job. I really like this website , and hope you will write more ,thanks a lot for your information. <strong><a href=\\"http://www.anorthfacejacketstore.com\\">north face jackets</a></strong> These information helps me consider some useful things, keep up the good work.
Comment by north face store — December 15, 2011 @ 5:36 am
Do you have more great arteicls like this one?
Comment by Charlee — January 26, 2012 @ 11:00 am
LfyLon jcikmrroyidr
Comment by uyaump — January 27, 2012 @ 1:19 pm
h0LGab , [url=http://gvjtpcnmxvyi.com/]gvjtpcnmxvyi[/url], [link=http://ifjkxiohqufk.com/]ifjkxiohqufk[/link], http://ascbbuntenxn.com/
Comment by asxntif — January 28, 2012 @ 12:15 pm
8fvRDx igwzxvxtdbqf
Comment by mypigkhfgw — January 29, 2012 @ 12:41 pm
U4UTQ8 , [url=http://fzhxjhzhfsht.com/]fzhxjhzhfsht[/url], [link=http://giendqqekdeg.com/]giendqqekdeg[/link], http://zxlmmqawptju.com/
Comment by berprkyb — January 31, 2012 @ 11:23 am
Its Pleasure to understand your blog.The above articles is pretty north face jackets on sale extraordinary, and I really enjoyed reading your blog and points that you expressed. I really like north face outlet to appear back over a typical basis,post a lot more within the topic.Thanks for sharing. Strange this post is totaly unrelated to what I was searching google for, but it was listed on the first page. I guess your doing something right if Google likes you enough to put you on the Cheap North Face jackets first page of a non related search. You certainly have some agreeable opinions and views. Your blog provides a fresh look at the subject. keep writing!!!
Comment by cheap north face — February 4, 2012 @ 1:10 am
YXYLQWJXLLZEMBN
This in addition collects the customer many of time and the obstacle of finding the right real estate by going from one customer to the other.
Comment by cheap christian louboutin — February 5, 2012 @ 9:12 pm